77 lines
1.5 KiB
Nix
77 lines
1.5 KiB
Nix
{
|
|
config,
|
|
inputs,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
with lib; {
|
|
imports = [
|
|
inputs.sops-nix.nixosModules.sops
|
|
];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
sops
|
|
];
|
|
|
|
sops.defaultSopsFile = ./secrets.yaml;
|
|
sops.defaultSopsFormat = "yaml";
|
|
|
|
sops.secrets =
|
|
concatMapAttrs (owner: secrets:
|
|
listToAttrs (map (s: {
|
|
name = s;
|
|
value = optionalAttrs (owner != "") {inherit owner;};
|
|
})
|
|
secrets))
|
|
{
|
|
"" = [
|
|
# Cloudflared
|
|
"cloudflared/tunnel_env"
|
|
];
|
|
|
|
# Anubis
|
|
${config.services.anubis.defaultOptions.user} = [
|
|
"anubis/forgejo/hex_file"
|
|
"anubis/medama/hex_file"
|
|
];
|
|
|
|
# Forgejo
|
|
${config.services.forgejo.user} = [
|
|
"forgejo/actions/token"
|
|
"forgejo/git_password"
|
|
"forgejo/s3/key"
|
|
"forgejo/s3/secret"
|
|
];
|
|
|
|
# Garage
|
|
"garage" = [
|
|
"garage/admin_key"
|
|
"garage/admin_secret"
|
|
"garage/admin_token"
|
|
"garage/metrics_token"
|
|
"garage/rpc_secret"
|
|
];
|
|
|
|
|
|
# keikos.work
|
|
${config.services.keikos.web.user} = [
|
|
"keiko/env_file"
|
|
];
|
|
|
|
# Nextcloud
|
|
${config.services.phpfpm.pools.nextcloud.user} = [
|
|
"nextcloud/adminpass"
|
|
"nextcloud/s3/secret"
|
|
"nextcloud/s3/sseC"
|
|
];
|
|
|
|
# Users
|
|
${config.users.users."guz".name} = [
|
|
"guz/password"
|
|
];
|
|
};
|
|
|
|
sops.age.keyFile = "/home/guz/.config/sops/age/keys.txt";
|
|
}
|