29 current 2025-10-07 15:47:05 25.05.20251001.5b5be50 6.12.49 *

modules/system/sops.nix

@@ -18,38 +18,38 @@ in
       age.keyFile = "/home/blake/.config/sops/age/keys.txt";
 
       secrets = {
-        # blake user secrets
+        # define secrets with the following syntax
-        lib.mkIf config.users.blake.enable {
+        # secret path is the nesting of headings in the yaml file
-          "blake_passwd" = { 
+        # the secret is auto place in /run/<path to secret> path allows you to symlink to the /run to where ever is needed
-            owner = "root";
+        # "<secret_name/path>" = {
-            group = "root";
+        #   owner = "<user>";
-            neededForUsers = true;
+        #   group = "<group>";
-          };
+        #   path = "<path on system to place flile>"
-        }
+        # };
 
-        # backups secrets
+        "tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable { 
+          owner = "root";
+        };
         "borg_passwd" = lib.mkIf config.modules.system.backups.enable { 
           owner = "root";
           group = "root";
         };
 
-        # tailscale secrets
+        "blake_passwd" = lib.mkIf config.users.blake.enable { 
-        "tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable { 
           owner = "root";
+          group = "root";
+          neededForUsers = true;
         };
 
-        # nginx secrets
+#         "ssl_blakedheld_crt" = lib.mkIf config.modules.homelab.nginx-proxy.enable { 
-#        lib.mkIf config.modules.homelab.nginx-proxy.enable {
-#          "ssl_blakedheld_crt" = {
 #          owner = "nginx";
 #          group = "nginx";
 #        };
 #
-#          "ssl_blakedheld_key" = {
+#          "ssl_blakedheld_key" = lib.mkIf config.modules.homelab.nginx-proxy.enable { 
 #          owner = "nginx";
 #          group = "nginx";
 #        };
-#        }
        
       };
     };