feat(sj-vps-htz0): separate secrets
This commit is contained in:
parent
6a2993b665
commit
415d18e75d
2 changed files with 25 additions and 3 deletions
|
|
@ -57,3 +57,9 @@ creation_rules:
|
||||||
- *steveej
|
- *steveej
|
||||||
age:
|
age:
|
||||||
- *router0-dmz0
|
- *router0-dmz0
|
||||||
|
- path_regex: ^secrets/sj-vps-htz0/.+$
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *steveej
|
||||||
|
age:
|
||||||
|
- *sj-vps-htz0
|
||||||
|
|
@ -1,12 +1,28 @@
|
||||||
{...}: {
|
{
|
||||||
|
nodeName,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
disabledModules = [];
|
disabledModules = [];
|
||||||
imports = [
|
imports = [
|
||||||
../../profiles/common/configuration.nix
|
../../profiles/common/configuration.nix
|
||||||
|
{
|
||||||
|
users.commonUsers = {
|
||||||
|
enable = true;
|
||||||
|
enableNonRoot = false;
|
||||||
|
rootPasswordFile = config.sops.secrets.passwords-root.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.secrets.passwords-root = {
|
||||||
|
sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
|
||||||
|
neededForUsers = true;
|
||||||
|
format = "yaml";
|
||||||
|
};
|
||||||
|
}
|
||||||
../../modules/opinionatedDisk.nix
|
../../modules/opinionatedDisk.nix
|
||||||
|
|
||||||
./system.nix
|
./system.nix
|
||||||
./hw.nix
|
./hw.nix
|
||||||
./pkg.nix
|
|
||||||
./boot.nix
|
./boot.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue