feat(sj-vps-htz0): separate secrets

2023-08-11 18:49:31 +02:00 · 2023-08-11 18:49:31 +02:00 · 415d18e75d
commit 415d18e75d
parent 6a2993b665
2 changed files with 25 additions and 3 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -57,3 +57,9 @@ creation_rules:
      - *steveej
      age:
      - *router0-dmz0
+  - path_regex: ^secrets/sj-vps-htz0/.+$
+    key_groups:
+    - pgp:
+      - *steveej
+      age:
+      - *sj-vps-htz0
--- a/nix/os/devices/sj-vps-htz0/configuration.nix
+++ b/nix/os/devices/sj-vps-htz0/configuration.nix
@ -1,12 +1,28 @@
-{...}: {
+{
+  nodeName,
+  config,
+  ...
+}: {
  disabledModules = [];
  imports = [
    ../../profiles/common/configuration.nix
+    {
+      users.commonUsers = {
+        enable = true;
+        enableNonRoot = false;
+        rootPasswordFile = config.sops.secrets.passwords-root.path;
+      };
+
+      sops.secrets.passwords-root = {
+        sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
+        neededForUsers = true;
+        format = "yaml";
+      };
+    }
    ../../modules/opinionatedDisk.nix

    ./system.nix
    ./hw.nix
-    ./pkg.nix
    ./boot.nix
  ];
 }