starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-04-22 16:58:31 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

fix: secrets for work

Browse Source
This commit is contained in:
Ryan Yin
2023-07-14 20:16:31 +08:00
parent 8684376b98
commit 5ed0ece058
6 changed files with 70 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
secrets/default.nix
View File

@@ -2,7 +2,7 @@
{
imports = [
agenix.nixosModules.default
(agenix.nixosModules.default)
];
environment.systemPackages = [
@@ -12,9 +12,17 @@
# if you changed this key, you need to regenerate all encrypt files from the decrypt contents!
age.identityPaths = [ "/home/ryan/.ssh/juliet-age" ];
age.secretsDir = "/run/agenix/";
############################################################################
#
# The following secrets are used by NixOS Modules
#
############################################################################
# wireguard config used with `wg-quick up wg-business`
age.secrets."wg-business.conf" = {
# wether secrets are symlinked to age.secrets.<name>.path
# wether secrets are symlinked to age.secrets.<name>.path(default to true)
symlink = true;
# target path for decrypted file
path = "/etc/wireguard/";
@@ -27,22 +35,29 @@
# smb-credentials is referenced in /etc/fstab, by ../hosts/ai/cifs-mount.nix
age.secrets."smb-credentials" = {
# wether secrets are symlinked to age.secrets.<name>.path
symlink = true;
# encrypted file path
file = "${mysecrets}/smb-credentials.age";
};
############################################################################
#
# The following secrets are used by home-manager modules
# So they should be readable by the user `ryan`
#
############################################################################
age.secrets."alias-for-work.nushell" = {
# wether secrets are symlinked to age.secrets.<name>.path
symlink = false;
# encrypted file path
# path = "/etc/agenix/";
file = "${mysecrets}/alias-for-work.nushell.age";
mode = "0600";
owner = "ryan";
group = "ryan";
};
age.secrets."alias-for-work.bash" = {
# wether secrets are symlinked to age.secrets.<name>.path
symlink = false;
# encrypted file path
# path = "/etc/agenix/";
file = "${mysecrets}/alias-for-work.bash.age";
mode = "0600";
owner = "ryan";
group = "ryan";
};
}