46 lines
886 B
Nix
46 lines
886 B
Nix
{ config, lib, ... }:
|
|
let
|
|
cfg = config.sops-config;
|
|
|
|
in {
|
|
options.sops-config = {
|
|
key-file = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "";
|
|
};
|
|
};
|
|
|
|
config = {
|
|
|
|
sops = {
|
|
age.keyFile = cfg.key-file; # must have no password!
|
|
defaultSopsFile = ./secrets.yaml;
|
|
secrets = {
|
|
filez = {};
|
|
media-server = {};
|
|
};
|
|
|
|
templates."media-server-secrets".content =
|
|
''
|
|
username=media
|
|
password=${config.sops.placeholder.media-server}
|
|
'';
|
|
|
|
templates."filez-secrets".content =
|
|
''
|
|
username=admin
|
|
password=${config.sops.placeholder.filez}
|
|
'';
|
|
};
|
|
|
|
environment.etc = {
|
|
"nixos/filez-secrets" = {
|
|
source = config.sops.templates."filez-secrets".path;
|
|
};
|
|
"nixos/media-server-secrets" = {
|
|
source = config.sops.templates."media-server-secrets".path;
|
|
};
|
|
};
|
|
|
|
};
|
|
}
|