diff options
author | Azat Bahawi <azat@bahawi.net> | 2023-02-20 02:05:59 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2023-02-20 02:05:59 +0300 |
commit | e40f7d991353ad70984afdf67b25c049190c56bd (patch) | |
tree | 295a80114cca78952ed6ed562198d997b496faba /modules/nixos/common | |
parent | 2023-02-19 (diff) |
2023-02-20
Diffstat (limited to 'modules/nixos/common')
-rw-r--r-- | modules/nixos/common/nix.nix | 3 | ||||
-rw-r--r-- | modules/nixos/common/secrets.nix | 46 |
2 files changed, 2 insertions, 47 deletions
diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix index efebe97..410e01d 100644 --- a/modules/nixos/common/nix.nix +++ b/modules/nixos/common/nix.nix @@ -14,13 +14,10 @@ in { }; config = { - nix.settings.trusted-users = ["@wheel"]; - nixpkgs = { config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; overlays = with inputs; [ - agenix.overlays.default nix-minecraft.overlay pollymc.overlay xmonad-ng.overlays.default diff --git a/modules/nixos/common/secrets.nix b/modules/nixos/common/secrets.nix index 2ee5753..9a82c44 100644 --- a/modules/nixos/common/secrets.nix +++ b/modules/nixos/common/secrets.nix @@ -1,45 +1,3 @@ -{ - config, - inputs, - lib, - pkgs, - this, - ... -}: -with lib; { - imports = [ - inputs.agenix.nixosModules.default - (mkAliasOptionModule ["secrets"] ["age" "secrets"]) - ]; - - config = { - age = { - identityPaths = - if this.isHeadful - then ["${config.my.home}/.ssh/id_${my.ssh.type}"] - else - map (attr: attr.path) (filter (attr: attr.type == my.ssh.type) - config.services.openssh.hostKeys); - - # This can be used to auto-add all secrets, thus eliminating the need to - # specify path to each envrypted file. The drawback is that this will - # expose *all* secrets to all machines and try to decrypt them all even on - # machines where the secret will not be used. - # - # secrets = - # let - # secretsSourceDir = "${inputs.self}/age"; - # in - # mapAttrs' - # (name: _: - # nameValuePair name { - # file = "${secretsSourceDir}/${name}"; - # owner = mkDefault my.username; - # group = mkDefault config.my.group; - # }) - # (builtins.readDir secretsSourceDir); - }; - - environment.systemPackages = with pkgs; [agenix]; - }; +{inputs, ...}: { + imports = [inputs.agenix.nixosModules.default]; } |