66 lines
1.5 KiB
Nix
66 lines
1.5 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
inherit (lib) mkEnableOption mkIf;
|
|
cfg = config.horseman.base.secrets;
|
|
secretFile = path: ../../secrets/${path}.age;
|
|
username = config.horseman.username;
|
|
in {
|
|
options = {
|
|
horseman.base.secrets = {
|
|
enable = mkEnableOption "";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
environment.systemPackages = [pkgs.ragenix];
|
|
|
|
age.secrets = {
|
|
wifi.file = secretFile "wifi";
|
|
|
|
password.file = secretFile "password";
|
|
|
|
personalSSHpub = {
|
|
file = secretFile "ssh/id_personal.pub";
|
|
owner = username;
|
|
group = "users";
|
|
path = "/home/${username}/.ssh/id_ed25519.pub";
|
|
};
|
|
personalSSH = {
|
|
file = secretFile "ssh/id_personal";
|
|
owner = username;
|
|
group = "users";
|
|
path = "/home/${username}/.ssh/id_ed25519";
|
|
};
|
|
githubSSHpub = {
|
|
file = secretFile "ssh/id_github.pub";
|
|
owner = username;
|
|
group = "users";
|
|
path = "/home/${username}/.ssh/id_github.pub";
|
|
};
|
|
githubSSH = {
|
|
file = secretFile "ssh/id_github";
|
|
owner = username;
|
|
group = "users";
|
|
path = "/home/${username}/.ssh/id_github";
|
|
};
|
|
|
|
sshConfig = {
|
|
file = secretFile "ssh/config";
|
|
owner = username;
|
|
group = "users";
|
|
path = "/home/${username}/.ssh/config";
|
|
};
|
|
|
|
forgejo-secret = {
|
|
file = secretFile "containers/forgejo-secret";
|
|
path = "/run/forgejo-secrets/secret";
|
|
symlink = false;
|
|
mode = "444";
|
|
};
|
|
};
|
|
};
|
|
}
|