hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: adopt modular secrets approach

Browse Source
This commit is contained in:
Hektor Misplon
2026-03-13 23:03:59 +01:00
committed by hektor
parent 3f9c9cd154
commit 916e732ce6
14 changed files with 212 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
hosts/andromache/default.nix
View File

@@ -17,7 +17,6 @@ in
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.sops-nix.nixosModules.sops
../../modules/common
../../modules/boot/bootloader.nix
(import ../../modules/disko/zfs-encrypted-root.nix {
@@ -44,6 +43,7 @@ in
../../modules/users
../../modules/wol
../../modules/yubikey
../../modules/hcloud
];
home-manager.users.${config.host.username} = import ../../home/hosts/andromache {
@@ -58,10 +58,15 @@ in
ssh.username = config.host.username;
ssh.authorizedHosts = [ "astyanax" ];
secrets.username = config.host.username;
secrets = {
inherit (config.host) username;
nixSigningKey.enable = true;
};
docker.user = config.host.username;
nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_andromache.path ];
hcloud = {
enable = true;
inherit (config.host) username;
};
disko.devices = {
disk.data = {

8
hosts/astyanax/default.nix
View File

@@ -16,7 +16,6 @@ in
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-ssd
# inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-intel-gen7 (not available yet?)
inputs.sops-nix.nixosModules.sops
../../modules/common
../../modules/boot/bootloader.nix
(import ../../modules/disko/zfs-encrypted-root.nix {
@@ -53,14 +52,15 @@ in
ssh.username = config.host.username;
ssh.authorizedHosts = [ "andromache" ];
secrets.username = config.host.username;
secrets = {
inherit (config.host) username;
nixSigningKey.enable = true;
};
docker.user = config.host.username;
nfc.user = config.host.username;
desktop.ly.enable = true;
audio.automation.enable = true;
nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_astyanax.path ];
hardware = {
cpu.intel.updateMicrocode = true;
# https://wiki.nixos.org/wiki/Intel_Graphics

1
hosts/vm/default.nix
View File

@@ -10,7 +10,6 @@
inputs.disko.nixosModules.disko
./hard.nix
./host.nix
inputs.sops-nix.nixosModules.sops
./disk.nix
../../modules/common
../../modules/boot/bootloader.nix