blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

29 current 2025-10-07 15:47:05 25.05.20251001.5b5be50 6.12.49 *

Browse Source
This commit is contained in:
blake
2025-10-07 16:23:10 -05:00
parent 7bee479981
commit 62011f0d74
1 changed files with 24 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
modules/system/sops.nix
View File

@@ -18,38 +18,38 @@ in
age.keyFile = "/home/blake/.config/sops/age/keys.txt";
secrets = {
# blake user secrets
lib.mkIf config.users.blake.enable {
"blake_passwd" = {
owner = "root";
group = "root";
neededForUsers = true;
};
}
# define secrets with the following syntax
# secret path is the nesting of headings in the yaml file
# the secret is auto place in /run/<path to secret> path allows you to symlink to the /run to where ever is needed
# "<secret_name/path>" = {
# owner = "<user>";
# group = "<group>";
# path = "<path on system to place flile>"
# };
# backups secrets
"tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable {
owner = "root";
};
"borg_passwd" = lib.mkIf config.modules.system.backups.enable {
owner = "root";
group = "root";
};
# tailscale secrets
"tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable {
"blake_passwd" = lib.mkIf config.users.blake.enable {
owner = "root";
group = "root";
neededForUsers = true;
};
# nginx secrets
# lib.mkIf config.modules.homelab.nginx-proxy.enable {
# "ssl_blakedheld_crt" = {
# "ssl_blakedheld_crt" = lib.mkIf config.modules.homelab.nginx-proxy.enable {
# owner = "nginx";
# group = "nginx";
# };
#
# "ssl_blakedheld_key" = {
# "ssl_blakedheld_key" = lib.mkIf config.modules.homelab.nginx-proxy.enable {
# owner = "nginx";
# group = "nginx";
# };
# }
};
};