configured sops

2022-08-16 15:40:59 +02:00 · 2022-08-16 15:40:59 +02:00 · 806a5078ca
parent 6525c45ca2
commit 806a5078ca
3 changed files with 13 additions and 3 deletions
--- a/flake.nix
+++ b/flake.nix
@ -3,7 +3,6 @@
    nixpkgs.url = github:NixOS/nixpkgs/nixos-22.05;
    sops-nix.url = github:Mic92/sops-nix;
    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
-    
    fsr-infoscreen.url = github:fsr/infoscreen;
  };
  outputs = { self, nixpkgs, sops-nix, fsr-infoscreen, ... }@inputs:  
@ -55,8 +54,14 @@
      durian = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
+          inputs.sops-nix.nixosModules.sops
          ./hosts/durian/configuration.nix
          ./modules/base.nix
+          ./modules/sops.nix
+          ./modules/keycloak.nix
+          {
+            sops.defaultSopsFile = ./secrets/durian.yaml;
+          }
        ];
      };
    };
--- a/modules/keycloak.nix
+++ b/modules/keycloak.nix
@ -1,4 +1,4 @@
-{pkgs, conifg, lib}: {
+{pkgs, config, lib, ...}: {
  
  sops.secrets.postgres_keycloak.owner = config.systemd.services.keycloak.serviceConfig.User;

@ -13,7 +13,7 @@
      database = {
        username = "keycloak";
        type = "postgresql";
-        passwordFile = ;
+        passwordFile = config.sops.secrets.postgres_keycloak.path;
        name = "keycloak";
        host = "localhost";
      };
--- a/modules/sops.nix
+++ b/modules/sops.nix
@ -0,0 +1,5 @@
+{ config, lib, pkgs, ... }:
+{
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.generateKey = false;
+}