Use sops input

2025-05-22 12:49:23 +02:00 · 2025-05-22 12:49:23 +02:00 · 8a4e6a584b
commit 8a4e6a584b
parent 23737baff3
2 changed files with 19 additions and 18 deletions
--- a/dev_system.nix
+++ b/dev_system.nix
@ -23,23 +23,23 @@ in
    ./shared/ssh.nix
  ];

-  # sops = {
-  #   defaultSopsFile = "./secrets/example.yaml";
-  #   age = {
-  #     sshKeyPaths = [ "/etc/ssh/ssh_host_ed25510_key" ];
-  #     keyFile = "/root/.config/sops/age/keys.txt";
-  #     generateKey = true;
-  #   };
-  # };
+  sops = {
+    defaultSopsFile = "./secrets/example.yaml";
+    age = {
+      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25510_key" ];
+      keyFile = "/root/.config/sops/age/keys.txt";
+      generateKey = true;
+    };
+  };

-  # users.users = {
-  #   # connection only via ssh key
-  #   pipeline = {
-  #     isNormalUser = true;
-  #     home = "/home/pipeline";
-  #     description = "User used by forgejo runners to connect to this system";
-  #     extraGroups = [ "docker" ];
-  #     openssh.authorizedKeys.keyFiles = [ config.sops.secrets."foo".path ];
-  #   };
-  # };
+  users.users = {
+    # connection only via ssh key
+    pipeline = {
+      isNormalUser = true;
+      home = "/home/pipeline";
+      description = "User used by forgejo runners to connect to this system";
+      extraGroups = [ "docker" ];
+      openssh.authorizedKeys.keyFiles = [ config.sops.secrets."foo".path ];
+    };
+  };
 }
--- a/flake.nix
+++ b/flake.nix
@ -89,6 +89,7 @@
          };
          imports = [
            inputs.disko.nixosModules.disko
+            inputs.sops-nix.nixosModules.sops

            ./dev_system.nix