mirror of
https://github.com/ryan4yin/nix-config.git
synced 2026-01-19 07:56:59 +01:00
45a7973553
feat: remove nur & devenv feat: adjust the structure to make it suitable for servers feat: add iso/proxmox generators and add docs about it feat: update ryan's openssh keys & add hashedPassword feat: add proxmox's nodes into ssh_config, with alias
36 lines
967 B
Nix
36 lines
967 B
Nix
{ pkgs, agenix, ... }:
|
|
|
|
{
|
|
imports = [
|
|
agenix.nixosModules.default
|
|
];
|
|
|
|
environment.systemPackages = [
|
|
agenix.packages."${pkgs.system}".default
|
|
];
|
|
|
|
# if you changed this key, you need to regenerate all encrypt files from the decrypt contents!
|
|
age.identityPaths = [ "/home/ryan/.ssh/juliet-age" ];
|
|
|
|
# wireguard config used with `wg-quick up wg-business`
|
|
age.secrets."wg-business.conf" = {
|
|
# wether secrets are symlinked to age.secrets.<name>.path
|
|
symlink = true;
|
|
# target path for decrypted file
|
|
path = "/etc/wireguard/";
|
|
# encrypted file path
|
|
file = ./encrypt/wg-business.conf.age;
|
|
mode = "0400";
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
|
|
# smb-credentials is referenced in /etc/fstab, by ../hosts/ai/cifs-mount.nix
|
|
age.secrets."smb-credentials" = {
|
|
# wether secrets are symlinked to age.secrets.<name>.path
|
|
symlink = true;
|
|
# encrypted file path
|
|
file = ./encrypt/smb-credentials.age;
|
|
};
|
|
}
|