hektor/nix
1
0
Fork 0
Code Pull Requests Activity

fix(secrets): add enable option

Browse Source
This commit is contained in:
Hektor Misplon
2026-05-22 10:57:14 +02:00
parent 1f115f8738
commit 1255083ad6
5 changed files with 18 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
home/hosts/andromache/default.nix
View File

@@ -64,6 +64,7 @@
}; };
anki.enable = true; anki.enable = true;
k8s.k9s.enable = true; k8s.k9s.enable = true;
secrets.enable = true;
taskwarrior.enable = true; taskwarrior.enable = true;
audio.enable = true; audio.enable = true;
ssh.enable = true; ssh.enable = true;

1
home/hosts/astyanax/default.nix
View File

@@ -60,6 +60,7 @@
}; };
anki.enable = true; anki.enable = true;
k8s.k9s.enable = true; k8s.k9s.enable = true;
secrets.enable = true;
taskwarrior.enable = true; taskwarrior.enable = true;
secrets.enable = true; secrets.enable = true;
my.yubikey.enable = true; my.yubikey.enable = true;

1
home/hosts/work/default.nix
View File

@@ -96,6 +96,7 @@
my.stylix.enable = true; my.stylix.enable = true;
git.github.enable = true; git.github.enable = true;
git.gitlab.enable = true; git.gitlab.enable = true;
secrets.enable = true;
secrets.vault.enable = true; secrets.vault.enable = true;
bruno.enable = true; bruno.enable = true;
docker.enable = true; docker.enable = true;

8
home/modules/secrets/default.nix
View File

@@ -1,13 +1,19 @@
{ {
config,
lib,
pkgs, pkgs,
... ...
}: }:
{ {
imports = [ ./vault.nix ]; imports = [ ./vault.nix ];
options.secrets.enable = lib.mkEnableOption "secrets";
config = lib.mkIf config.secrets.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
age age
age-plugin-yubikey # TODO: only needed when using Yubikey age-plugin-yubikey
sops sops
]; ];
};
} }

10
modules/secrets/default.nix
View File

@@ -18,6 +18,8 @@ in
options = { options = {
secrets = { secrets = {
enable = lib.mkEnableOption "secrets management";
sopsDir = lib.mkOption { sopsDir = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "${toString inputs.nix-secrets}/secrets"; default = "${toString inputs.nix-secrets}/secrets";
@@ -42,7 +44,7 @@ in
}; };
}; };
config = { config = lib.mkIf cfg.enable {
secrets = { secrets = {
inherit owner; inherit owner;
groups = { groups = {
@@ -55,10 +57,6 @@ in
}; };
sops = { sops = {
# for yubikey, generate as follows:
# ```
# age-plugin-yubikey --identity > <keyfile-path>
# ```
age.keyFile = "/home/${username}/.config/sops/age/keys.txt"; age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
secrets = myUtils.mkSopsSecrets sopsDir owner cfg.groups; secrets = myUtils.mkSopsSecrets sopsDir owner cfg.groups;
}; };
@@ -68,7 +66,7 @@ in
]; ];
services = { services = {
pcscd.enable = true; # needed for age-plugin-yubikey? pcscd.enable = true;
udev.packages = lib.mkIf cfg.yubikey.enable [ udev.packages = lib.mkIf cfg.yubikey.enable [
pkgs.yubikey-personalization pkgs.yubikey-personalization
pkgs.libfido2 pkgs.libfido2