modules/root/secrets.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

{ lib, pkgs, inputs, config, userDetails, ... }: {
	imports = [ inputs.sops-nix.nixosModules.sops ];

	sops = {
		defaultSopsFormat = "yaml";
		age.sshKeyPaths = [ "${userDetails.home}/.ssh/id_ed25519" "/root/.ssh/id_ed25519" ];

		secrets = {
			wpa_supplicant-conf = lib.mkIf config.wifi.enable {
				sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml;
			};
			hashed-root-password = lib.mkIf config.users.setPassword.enable {
				sopsFile = ./resources/secrets/hashed-root-password.yaml;
				neededForUsers = true;
			};
		};
	};
}