added secrets to both vms.

This commit is contained in:
Gabe Venberg 2024-06-03 16:38:29 -05:00
parent 6ae38b1d2f
commit 3cddd823c1
6 changed files with 40 additions and 13 deletions

17
configs/nixos/secrets.nix Normal file
View file

@ -0,0 +1,17 @@
{
inputs,
config,
lib,
pkgs,
...
}: let
secretsDirectory = builtins.toString inputs.nix-secrets;
in {
imports = [
inputs.sops-nix.nixosModules.sops
];
sops = {
defaultSopsFile = "${secretsDirectory}/common.yaml";
validateSopsFiles = false;
};
}

View file

@ -15,7 +15,7 @@ inputs.nixpkgs.lib.nixosSystem {
../../configs/nixos/common.nix ../../configs/nixos/common.nix
../../configs/nixos/printing.nix ../../configs/nixos/printing.nix
../../configs/nixos/sound.nix ../../configs/nixos/sound.nix
../../configs/nixos/networking.nix ../../configs/nixos/interactive-networking.nix
../../configs/nixos/i3 ../../configs/nixos/i3
({ ({
config, config,
@ -46,8 +46,10 @@ inputs.nixpkgs.lib.nixosSystem {
programs.zsh.enable = true; programs.zsh.enable = true;
environment.shells = with pkgs; [zsh]; environment.shells = with pkgs; [zsh];
users.mutableUsers=false;
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.${config.host.user} = { users.users.${config.host.user} = {
hashedPasswordFile=config.sops.secrets.gv-password.path;
isNormalUser = true; isNormalUser = true;
description = "Gabe Venberg"; description = "Gabe Venberg";
shell = pkgs.zsh; shell = pkgs.zsh;

View file

@ -0,0 +1,14 @@
{
inputs,
config,
lib,
pkgs,
...
}: {
imports=[
../../configs/nixos/secrets.nix
];
sops.secrets.gv-password = {
neededForUsers = true;
};
}

View file

@ -17,7 +17,7 @@ inputs.nixpkgs.lib.nixosSystem {
../../roles/nixos/graphical-vm.nix ../../roles/nixos/graphical-vm.nix
../../configs/nixos/printing.nix ../../configs/nixos/printing.nix
../../configs/nixos/sound.nix ../../configs/nixos/sound.nix
../../configs/nixos/networking.nix ../../configs/nixos/interactive-networking.nix
../../configs/nixos/nfsv2.nix ../../configs/nixos/nfsv2.nix
../../configs/nixos/i3 ../../configs/nixos/i3
../../configs/nixos/common.nix ../../configs/nixos/common.nix

View file

@ -4,17 +4,11 @@
lib, lib,
pkgs, pkgs,
... ...
}: let }: {
secretsDirectory = builtins.toString inputs.nix-secrets; imports=[
in { ../../configs/nixos/secrets.nix
imports = [
inputs.sops-nix.nixosModules.sops
]; ];
sops = { sops.secrets.gv-password = {
defaultSopsFile = "${secretsDirectory}/common.yaml"; neededForUsers = true;
validateSopsFiles = false;
secrets.gv-password={
neededForUsers=true;
};
}; };
} }