From 62011f0d74e56ea0d3fdc445074d972d32b44560 Mon Sep 17 00:00:00 2001 From: blake Date: Tue, 7 Oct 2025 16:23:10 -0500 Subject: [PATCH] 29 current 2025-10-07 15:47:05 25.05.20251001.5b5be50 6.12.49 * --- modules/system/sops.nix | 48 ++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/modules/system/sops.nix b/modules/system/sops.nix index 0b0f4eb..2ec9a78 100644 --- a/modules/system/sops.nix +++ b/modules/system/sops.nix @@ -18,39 +18,39 @@ in age.keyFile = "/home/blake/.config/sops/age/keys.txt"; secrets = { - # blake user secrets - lib.mkIf config.users.blake.enable { - "blake_passwd" = { - owner = "root"; - group = "root"; - neededForUsers = true; - }; - } + # define secrets with the following syntax + # secret path is the nesting of headings in the yaml file + # the secret is auto place in /run/ path allows you to symlink to the /run to where ever is needed + # "" = { + # owner = ""; + # group = ""; + # path = "" + # }; - # backups secrets + "tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable { + owner = "root"; + }; "borg_passwd" = lib.mkIf config.modules.system.backups.enable { owner = "root"; group = "root"; }; - # tailscale secrets - "tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable { + "blake_passwd" = lib.mkIf config.users.blake.enable { owner = "root"; + group = "root"; + neededForUsers = true; }; - # nginx secrets -# lib.mkIf config.modules.homelab.nginx-proxy.enable { -# "ssl_blakedheld_crt" = { -# owner = "nginx"; -# group = "nginx"; -# }; -# -# "ssl_blakedheld_key" = { -# owner = "nginx"; -# group = "nginx"; -# }; -# } - +# "ssl_blakedheld_crt" = lib.mkIf config.modules.homelab.nginx-proxy.enable { +# owner = "nginx"; +# group = "nginx"; +# }; +# +# "ssl_blakedheld_key" = lib.mkIf config.modules.homelab.nginx-proxy.enable { +# owner = "nginx"; +# group = "nginx"; +# }; + }; }; };