49 lines
1.4 KiB
Nix
49 lines
1.4 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
...
|
|
}: let
|
|
cfg = config.sopsSetup;
|
|
in {
|
|
options = {
|
|
sopsSetup.enable = lib.mkEnableOption "Enable Module";
|
|
global.desktop = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = "Whether or not to install shared desktop secrets.";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
sops = {
|
|
age.keyFile = "/var/secrets/keys.txt";
|
|
secrets."lillian-password".neededForUsers = true;
|
|
|
|
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
|
|
|
|
secrets."wg-private-key".mode = "0440";
|
|
secrets."wg-private-key".owner = config.users.users.root.name;
|
|
|
|
secrets."ssh-private-key" = {
|
|
mode = "0600";
|
|
owner = config.users.users.lillian.name;
|
|
path = "/home/lillian/.ssh/id_ed25519";
|
|
};
|
|
};
|
|
secrets."nextcloud-password" = lib.mkIf (cfg.desktop == true) {
|
|
mode = "0600";
|
|
owner = config.users.users.lillian.name;
|
|
path = "/home/lillian/.netrc";
|
|
};
|
|
secrets."prod.keys" = lib.mkIf (cfg.desktop == true) {
|
|
mode = "0600";
|
|
owner = config.users.users.lillian.name;
|
|
path = "/home/lillian/.config/Ryujinx/system/prod.keys";
|
|
};
|
|
secrets."title.keys" = lib.mkIf (cfg.desktop == true) {
|
|
mode = "0600";
|
|
owner = config.users.users.lillian.name;
|
|
path = "/home/lillian/.config/Ryujinx/system/title.keys";
|
|
};
|
|
};
|
|
}
|