diff --git a/modules/system/sops.nix b/modules/system/sops.nix index 0b0f4eb..2ec9a78 100644 --- a/modules/system/sops.nix +++ b/modules/system/sops.nix @@ -18,39 +18,39 @@ in age.keyFile = "/home/blake/.config/sops/age/keys.txt"; secrets = { - # blake user secrets - lib.mkIf config.users.blake.enable { - "blake_passwd" = { - owner = "root"; - group = "root"; - neededForUsers = true; - }; - } + # define secrets with the following syntax + # secret path is the nesting of headings in the yaml file + # the secret is auto place in /run/ path allows you to symlink to the /run to where ever is needed + # "" = { + # owner = ""; + # group = ""; + # path = "" + # }; - # backups secrets + "tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable { + owner = "root"; + }; "borg_passwd" = lib.mkIf config.modules.system.backups.enable { owner = "root"; group = "root"; }; - # tailscale secrets - "tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable { + "blake_passwd" = lib.mkIf config.users.blake.enable { owner = "root"; + group = "root"; + neededForUsers = true; }; - # nginx secrets -# lib.mkIf config.modules.homelab.nginx-proxy.enable { -# "ssl_blakedheld_crt" = { -# owner = "nginx"; -# group = "nginx"; -# }; -# -# "ssl_blakedheld_key" = { -# owner = "nginx"; -# group = "nginx"; -# }; -# } - +# "ssl_blakedheld_crt" = lib.mkIf config.modules.homelab.nginx-proxy.enable { +# owner = "nginx"; +# group = "nginx"; +# }; +# +# "ssl_blakedheld_key" = lib.mkIf config.modules.homelab.nginx-proxy.enable { +# owner = "nginx"; +# group = "nginx"; +# }; + }; }; };