42 lines
877 B
Nix
42 lines
877 B
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
# SOPS configuration
|
|
sops = {
|
|
age.keyFile = "/run/keys/age.key";
|
|
defaultSopsFile = ./secrets.yaml;
|
|
|
|
# Define secrets that all systems need
|
|
secrets = {
|
|
# SSH keys
|
|
# "ssh/plasmagoat_private_key" = {
|
|
# owner = "plasmagoat";
|
|
# mode = "0600";
|
|
# path = "/home/plasmagoat/.ssh/id_rsa";
|
|
# };
|
|
|
|
# # Age key for the system
|
|
# "age/system_key" = {
|
|
# mode = "0600";
|
|
# path = "/run/keys/age.key";
|
|
# };
|
|
|
|
# # Backup credentials
|
|
# "backup/restic_password" = {
|
|
# path = "/etc/backup/restic-password";
|
|
# mode = "0600";
|
|
# };
|
|
};
|
|
};
|
|
|
|
# Deployment keys for colmena
|
|
deployment.keys = {
|
|
"age.key" = {
|
|
destDir = "/run/keys";
|
|
keyFile = "/home/plasmagoat/.config/age/age.key"; # Your local age key
|
|
};
|
|
};
|
|
}
|