cleanup

2026-03-18 22:43:29 -05:00
parent d9f17670e1
commit af840f242b
49 changed files with 1079 additions and 1307 deletions
--- a/modules/nixos/sops/default.nix
+++ b/modules/nixos/sops/default.nix
@@ -9,9 +9,10 @@ let
  cfg = config.${namespace}.sops;
  defaultSops = lib.snowfall.fs.get-file "secrets/secrets.yaml";
  isx86 = system == "x86_64-linux";
-  user = config.${namespace}.user.name;
 in
 {
+  imports = [ ./options.nix ];
+
  config = lib.mkIf cfg.enable {
    sops = {
      defaultSopsFile = if cfg.defaultSopsFile != null then cfg.defaultSopsFile else defaultSops;
@@ -19,16 +20,13 @@ in

      secrets = {
        "wifi" = { };
+        "disk-key".mode = "0600";

        "matt_password" = {
          neededForUsers = true;
          mode = "0600";
-          owner = config.users.users."${user}".name;
-          group = config.users.users."${user}".group;
        };

-        "disk-key".mode = "0600";
-
        "secureboot/GUID" = lib.mkIf isx86 { mode = "0600"; };
        "secureboot/keys/db-key" = lib.mkIf isx86 { mode = "0600"; };
        "secureboot/keys/db-pem" = lib.mkIf isx86 { mode = "0600"; };
@@ -37,8 +35,6 @@ in
        "secureboot/keys/PK-key" = lib.mkIf isx86 { mode = "0600"; };
        "secureboot/keys/PK-pem" = lib.mkIf isx86 { mode = "0600"; };
      };
-
-      templates = { };
    };
  };
 }
--- a/modules/nixos/sops/options.nix
+++ b/modules/nixos/sops/options.nix
@@ -5,7 +5,7 @@ with lib;
    enable = mkEnableOption "enable sops";

    defaultSopsFile = mkOption {
-      type = types.nullOr types.str;
+      type = types.nullOr types.path;
      default = null;
      description = "Default sops file to use for secrets. If null, will use the system-wide default.";
      example = "/etc/nixos/secrets/secrets.yaml";