chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 06:49:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

system.sops: move default secret file

Browse Source
This commit is contained in:
陈浩南
2024-03-27 18:41:52 +08:00
parent 56d93beb06
commit bf3eee7931
7 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
.sops.yaml
View File

@@ -9,42 +9,42 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &xmupc2 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
- &pi3b age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
creation_rules:
- path_regex: devices/pc/secrets/.*$
- path_regex: devices/pc/.*$
key_groups:
- age:
- *chn
- *pc
- path_regex: devices/vps6/secrets/.*$
- path_regex: devices/vps6/.*$
key_groups:
- age:
- *chn
- *vps6
- path_regex: devices/vps7/secrets/.*$
- path_regex: devices/vps7/.*$
key_groups:
- age:
- *chn
- *vps7
- path_regex: devices/nas/secrets/.*$
- path_regex: devices/nas/.*$
key_groups:
- age:
- *chn
- *nas
- path_regex: devices/surface/secrets/.*$
- path_regex: devices/surface/.*$
key_groups:
- age:
- *chn
- *surface
- path_regex: devices/xmupc1/secrets/.*$
- path_regex: devices/xmupc1/.*$
key_groups:
- age:
- *chn
- *xmupc1
- path_regex: devices/xmupc2/secrets/.*$
- path_regex: devices/xmupc2/.*$
key_groups:
- age:
- *chn
- *xmupc2
- path_regex: devices/pi3b/secrets/.*$
- path_regex: devices/pi3b/.*$
key_groups:
- age:
- *chn

0
devices/nas/secrets/default.yaml → devices/nas/secrets.yaml
View File

0
devices/pi3b/secrets/default.yaml → devices/pi3b/secrets.yaml
View File

0
devices/surface/secrets/default.yaml → devices/surface/secrets.yaml
View File

0
devices/vps6/secrets/default.yaml → devices/vps6/secrets.yaml
View File

0
devices/vps7/secrets/default.yaml → devices/vps7/secrets.yaml
View File

5
modules/system/sops.nix
View File

@@ -14,7 +14,10 @@ inputs:
sops =
{
defaultSopsFile =
"${inputs.topInputs.self}/devices/${inputs.config.nixos.system.networking.hostname}/secrets/default.yaml";
let deviceDir = "${inputs.topInputs.self}/devices/${inputs.config.nixos.system.networking.hostname}";
in
if builtins.pathExists "${deviceDir}/secrets.yaml" then "${deviceDir}/secrets.yaml"
else "${deviceDir}/secrets/default.yaml";
# sops start before impermanence, so we need to use the absolute path
age.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_ed25519_key" ];
gnupg.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_rsa_key" ];