51 lines
1.2 KiB
Nix
51 lines
1.2 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
username,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.secrets;
|
|
in
|
|
{
|
|
options = {
|
|
secrets = {
|
|
enable = lib.mkEnableOption "Enable secrets in NixOS & home-manager";
|
|
};
|
|
};
|
|
config = lib.mkIf cfg.enable {
|
|
sops = {
|
|
age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
|
|
defaultSopsFile = ./secrets.yaml;
|
|
defaultSopsFormat = "yaml";
|
|
secrets = {
|
|
password_secure = { };
|
|
password_insecure = { };
|
|
"syncthing/cert" = { };
|
|
"syncthing/key" = { };
|
|
};
|
|
# templates = {
|
|
# "nix-github-token.conf" = {
|
|
# content = ''
|
|
# access-tokens = "${config.sops.secrets.github_token}"
|
|
# '';
|
|
# };
|
|
# };
|
|
};
|
|
home-manager.users.${username} =
|
|
{ config, ... }:
|
|
{
|
|
sops = {
|
|
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
|
|
defaultSopsFile = ./secrets.yaml;
|
|
defaultSopsFormat = "yaml";
|
|
defaultSymlinkPath = "/run/user/1000/secrets";
|
|
defaultSecretsMountPoint = "/run/user/1000/secrets.d";
|
|
secrets = {
|
|
"github_token" = { };
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|