diff --git a/flake.nix b/flake.nix index 0244f23..4879f2a 100755 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,6 @@ nixpkgs.url = github:NixOS/nixpkgs/nixos-22.05; sops-nix.url = github:Mic92/sops-nix; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; - fsr-infoscreen.url = github:fsr/infoscreen; }; outputs = { self, nixpkgs, sops-nix, fsr-infoscreen, ... }@inputs: @@ -55,8 +54,14 @@ durian = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ + inputs.sops-nix.nixosModules.sops ./hosts/durian/configuration.nix ./modules/base.nix + ./modules/sops.nix + ./modules/keycloak.nix + { + sops.defaultSopsFile = ./secrets/durian.yaml; + } ]; }; }; diff --git a/modules/keycloak.nix b/modules/keycloak.nix index 03e4e1a..11c42e6 100644 --- a/modules/keycloak.nix +++ b/modules/keycloak.nix @@ -1,4 +1,4 @@ -{pkgs, conifg, lib}: { +{pkgs, config, lib, ...}: { sops.secrets.postgres_keycloak.owner = config.systemd.services.keycloak.serviceConfig.User; @@ -13,7 +13,7 @@ database = { username = "keycloak"; type = "postgresql"; - passwordFile = ; + passwordFile = config.sops.secrets.postgres_keycloak.path; name = "keycloak"; host = "localhost"; }; diff --git a/modules/sops.nix b/modules/sops.nix new file mode 100644 index 0000000..837fa32 --- /dev/null +++ b/modules/sops.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: +{ + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sops.age.generateKey = false; +}