Skip to content

Commit

Permalink
feat(remote-deploy): persist keys
Browse files Browse the repository at this point in the history
  • Loading branch information
@piyoki
piyoki committed Mar 4, 2024
1 parent 1745697 commit 0432f31
Show file tree
Hide file tree
Showing 6 changed files with 21 additions and 4 deletions.
6 changes: 3 additions & 3 deletions flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
deployment = {
targetHost = "nixos-${profile}";
inherit (import ./shared/vars) targetPort targetUser tags;
inherit (import ./shared/server/secrets) keys;
};
imports = hostModules ++ homeModules;
};
Expand Down
2 changes: 1 addition & 1 deletion secrets
Submodule secrets updated from 0fe6a0 to 03c032
5 changes: 5 additions & 0 deletions shared/server/secrets/default.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
keys = {
"age-yubikey-master-key".keyFile = /run/secrets/age/yubikey-master-key;
};
}
10 changes: 10 additions & 0 deletions system/secrets/age-keys.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{ inputs, ... }:

{
sops.secrets = {
"age/yubikey-master-key" = {
sopsFile = "${inputs.secrets}/age-keys.enc.yaml";
mode = "0644";
};
};
}
1 change: 1 addition & 0 deletions system/secrets/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ _:

{
imports = [
./age-keys.nix
./samba.nix
# ./sdwan.nix
];
Expand Down

0 comments on commit 0432f31

Please sign in to comment.