2024-03-03 00:03:02 +01:00
|
|
|
{ config, pkgs, lib, materusCfg, ... }:
|
2024-03-02 22:36:43 +01:00
|
|
|
{
|
|
|
|
imports =
|
|
|
|
[
|
2024-03-02 23:34:32 +01:00
|
|
|
|
2024-03-11 16:19:31 +01:00
|
|
|
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
|
2024-03-02 22:36:43 +01:00
|
|
|
|
2024-03-11 16:19:31 +01:00
|
|
|
sops.age.generateKey = false;
|
|
|
|
sops.gnupg.home = null;
|
|
|
|
sops.gnupg.sshKeyPaths = [ ];
|
2024-04-19 19:54:06 +02:00
|
|
|
sops.age.sshKeyPaths = [ "/materus/root/ssh_host_ed25519_key" ];
|
2024-03-11 16:19:31 +01:00
|
|
|
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
|
2024-04-19 19:54:06 +02:00
|
|
|
sops.secrets."users/materus" = { neededForUsers = true; };
|
2024-04-19 18:28:40 +02:00
|
|
|
sops.secrets.wireguard = { };
|
2024-03-11 16:19:31 +01:00
|
|
|
|
|
|
|
services.openssh.hostKeys = [
|
|
|
|
{
|
|
|
|
bits = 4096;
|
|
|
|
path = "/materus/root/ssh_host_rsa_key";
|
|
|
|
type = "rsa";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
path = "/materus/root/ssh_host_ed25519_key";
|
|
|
|
type = "ed25519";
|
|
|
|
}
|
|
|
|
];
|
2024-03-02 22:36:43 +01:00
|
|
|
}
|