forked from Drift/pvv-nixos-config
Add sops for secret management
This commit is contained in:
parent
f418516013
commit
3ed65c6cfa
17
.sops.yaml
Normal file
17
.sops.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
keys:
|
||||
- &user_danio age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
|
||||
- &host_jokum age1n4vc3dhv8puqz6ntwrkkpdfj0q002hexqee48wzahll8cmce2ezssrq608
|
||||
creation_rules:
|
||||
# Global secrets
|
||||
- path_regex: secrets/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *user_danio
|
||||
- *host_jokum
|
||||
# Host specific secrets
|
||||
## Jokum
|
||||
- path_regex: secrets/jokum/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *user_danio
|
||||
- *host_jokum
|
@ -4,6 +4,8 @@ let
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
<sops-nix/modules/sops>
|
||||
|
||||
# Include the results of the hardware scan.
|
||||
../../hardware-configuration.nix
|
||||
|
||||
@ -23,6 +25,13 @@ in
|
||||
inherit unstable;
|
||||
};
|
||||
|
||||
|
||||
sops.defaultSopsFile = ../../secrets/jokum/jokum.yaml;
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||
sops.age.generateKey = true;
|
||||
|
||||
|
||||
# Use the GRUB 2 boot loader.
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
|
Loading…
Reference in New Issue
Block a user