29 current 2025-10-07 15:47:05 25.05.20251001.5b5be50 6.12.49 *

2025-10-07 16:20:46 -05:00
parent 9c27c4049d
commit ccf136c79f
4 changed files with 40 additions and 24 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 # flake for blakes nixos config
 # define new devices in outputs
-# generation: 28 current  2025-10-07 15:30:08  25.05.20251001.5b5be50  6.12.49                          *
+# generation: 29 current  2025-10-07 15:47:05  25.05.20251001.5b5be50  6.12.49                          *
 {
  description = "blakes nix config";
  inputs = {
--- a/modules/homelab/nginx-proxy.nix
+++ b/modules/homelab/nginx-proxy.nix
@@ -20,5 +20,17 @@ in
      acceptTerms = true;
      defaults.email = "me@blakedheld.xyz";
    };
    # nginx secrets
    sops.secrets = {
      "ssl_blakedheld_crt" = {
        owner = "nginx";
        group = "nginx";
      };
      "ssl_blakedheld_key" = {
        owner = "nginx";
        group = "nginx";
      };
    };
  };
 }
--- a/modules/homelab/services/default.nix.template
+++ b/modules/homelab/services/default.nix.template
@@ -20,6 +20,7 @@ in
    backup = lib.mkOption {
      type = lib.types.bool;
      default = true;
      description = "enable backups for <service_name>";
    };
  };
--- a/modules/system/sops.nix
+++ b/modules/system/sops.nix
@@ -18,36 +18,39 @@ in
      age.keyFile = "/home/blake/.config/sops/age/keys.txt";
      secrets = {
-        # define secrets with the following syntax
+        # blake user secrets
-        # secret path is the nesting of headings in the yaml file
+        lib.mkIf config.users.blake.enable {
-        # the secret is auto place in /run/<path to secret> path allows you to symlink to the /run to where ever is needed
+          "blake_passwd" =  { 
        # "<secret_name/path>" = {
        #   owner = "<user>";
        #   group = "<group>";
        #   path = "<path on system to place flile>"
        # };
        "tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable { 
          owner = "root";
        };
        "borg_passwd" = lib.mkIf config.modules.system.backups.enable { 
          owner = "root";
          group = "root";
        };
        "blake_passwd" = lib.mkIf config.users.blake.enable { 
            owner = "root";
            group = "root";
            neededForUsers = true;
          };
-         "ssl_blakedheld_crt" = lib.mkIf config.modules.homelab.nginx-proxy.enable { 
+        }
-          owner = "nginx";
+
-          group = "nginx";
+        # backups secrets
        "borg_passwd" = lib.mkIf config.modules.system.backups.enable { 
          owner = "root";
          group = "root";
        };
-          "ssl_blakedheld_key" = lib.mkIf config.modules.homelab.nginx-proxy.enable { 
+
-          owner = "nginx";
+        # tailscale secrets
-          group = "nginx";
+        "tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable { 
          owner = "root";
        };
        # nginx secrets
 #        lib.mkIf config.modules.homelab.nginx-proxy.enable {
 #          "ssl_blakedheld_crt" = {
 #            owner = "nginx";
 #            group = "nginx";
 #          };
 #        
 #          "ssl_blakedheld_key" = {
 #            owner = "nginx";
 #            group = "nginx";
 #          };
 #        }
      };
    };
  };