base: add sops keys for everyone and everything
This commit is contained in:
parent
06bd93e5d1
commit
fde69ca283
GPG Key ID:
9F2F7D8250F35146
|
|
@ -17,6 +17,10 @@ creation_rules:
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *host_jokum
|
- *host_jokum
|
||||||
|
- *host_ildkule
|
||||||
|
- *host_bekkalokk
|
||||||
|
- *host_bicep
|
||||||
|
|
||||||
- *user_danio
|
- *user_danio
|
||||||
- *user_felixalb
|
- *user_felixalb
|
||||||
- *user_eirikwit
|
- *user_eirikwit
|
||||||
|
|
|
||||||
6
base.nix
6
base.nix
|
|
@ -84,6 +84,12 @@
|
||||||
settings.PermitRootLogin = "yes";
|
settings.PermitRootLogin = "yes";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.age = {
|
||||||
|
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
keyFile = "/var/lib/sops-nix/key.txt";
|
||||||
|
generateKey = true;
|
||||||
|
};
|
||||||
|
|
||||||
# nginx return 444 for all nonexistent virtualhosts
|
# nginx return 444 for all nonexistent virtualhosts
|
||||||
|
|
||||||
systemd.services.nginx.after = [ "generate-snakeoil-certs.service" ];
|
systemd.services.nginx.after = [ "generate-snakeoil-certs.service" ];
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue