mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sops

Browse Source
This commit is contained in:
mjallen18
2025-03-18 11:28:40 -05:00
parent e8918d7deb
commit a537a36f7b
4 changed files with 22 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/nas/apps/nextcloud/default.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
smtppassword = builtins.readFile config.sops.secrets."jallen-nas/nextcloud/smtppassword".path; smtppassword = "egzo mltu kkoc hrfe";#builtins.readFile config.sops.secrets."jallen-nas/nextcloud/smtppassword".path;
nextcloudUserId = config.users.users.nix-apps.uid; nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid; nextcloudGroupId = config.users.groups.jallen-nas.gid;
nextcloudPackage = pkgs.unstable.nextcloud30; nextcloudPackage = pkgs.unstable.nextcloud30;

23
hosts/nas/home.nix
View File

@@ -29,14 +29,33 @@ in
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
secrets = { secrets = {
"ssh-keys-public/desktop-nixos" = { "ssh-keys-public/jallen-nas" = {
path = "/home/admin/.ssh/id_ed25519.pub"; path = "/home/admin/.ssh/id_ed25519.pub";
mode = "0644"; mode = "0644";
}; };
"ssh-keys-private/desktop-nixos" = { "ssh-keys-private/jallen-nas" = {
path = "/home/admin/.ssh/id_ed25519"; path = "/home/admin/.ssh/id_ed25519";
mode = "0600"; mode = "0600";
}; };
"ssh-keys-public/desktop-nixos" = {
path = "/home/admin/.ssh/authorized_keys";
mode = "0600";
};
"ssh-keys-public/desktop-nixos-root" = {
path = "/home/admin/.ssh/authorized_keys2";
mode = "0600";
};
"ssh-keys-public/desktop-windows" = {
path = "/home/admin/.ssh/authorized_keys3";
mode = "0600";
};
"ssh-keys-public/macbook-macos" = {
path = "/home/admin/.ssh/authorized_keys4";
mode = "0600";
};
}; };
}; };

16
hosts/nas/sops.nix
View File

@@ -92,22 +92,6 @@
${config.sops.secrets."jallen-nas/paperless/authentik-client-secret".path} ${config.sops.secrets."jallen-nas/paperless/authentik-client-secret".path}
''; '';
sops.secrets."ssh-keys-public/desktop-nixos" = {
mode = "0644";
};
sops.secrets."ssh-keys-public/desktop-nixos-root" = {
mode = "0644";
};
sops.secrets."ssh-keys-public/desktop-windows" = {
mode = "0644";
};
sops.secrets."ssh-keys-public/macbook-macos" = {
mode = "0644";
};
sops.secrets."ssh-keys-public/jallen-nas-root" = { sops.secrets."ssh-keys-public/jallen-nas-root" = {
path = "/root/.ssh/id_ed25519.pub"; path = "/root/.ssh/id_ed25519.pub";
mode = "0600"; mode = "0600";

7
hosts/nas/users.nix
View File

@@ -2,12 +2,6 @@
let let
user = "admin"; user = "admin";
passwordFile = config.sops.secrets."jallen-nas/admin_password".path; passwordFile = config.sops.secrets."jallen-nas/admin_password".path;
authorizedKeyFiles = [
config.sops.secrets."ssh-keys-public/desktop-nixos".path
config.sops.secrets."ssh-keys-public/desktop-nixos-root".path
config.sops.secrets."ssh-keys-public/desktop-windows".path
config.sops.secrets."ssh-keys-public/macbook-macos".path
];
in in
{ {
@@ -39,7 +33,6 @@ in
]; ];
hashedPasswordFile = passwordFile; hashedPasswordFile = passwordFile;
shell = pkgs.zsh; shell = pkgs.zsh;
openssh.authorizedKeys.keyFiles = authorizedKeyFiles;
packages = with pkgs; [ packages = with pkgs; [
cachix cachix
fastfetch fastfetch