shelvacu/nix-stuff
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
053bf4d7b3a8453e1c040aa2fd2e54d2908b4db1
nix-stuff/liam/sops.nix

34 lines
887 B
Nix
Raw Blame History

{
inputs,
lib,
config,
...
}:
{
imports = [ inputs.sops-nix.nixosModules.sops ];
options.vacu.secretsFolder = lib.mkOption {
type = lib.types.path;
default = ../secrets;
defaultText = "<nix-stuff>/secrets";
};
config.sops = {
defaultSopsFile = config.vacu.secretsFolder + "/liam/main.yaml";
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets.dovecot-passwd = {
restartUnits = [ "dovecot2.service" ];
};
secrets.dkim_key = {
name = "dkimkeys/2024-03-liam.private";
restartUnits = [ "opendkim.service" ];
owner = config.services.opendkim.user;
};
secrets.relay_creds = {
restartUnits = [ "postfix.service" ];
owner = config.services.postfix.user;
};
gnupg.sshKeyPaths = [ ]; # explicitly empty to disable gnupg; I don't use it and it takes up space on minimal configs
};
}
Reference in New Issue View Git Blame Copy Permalink