nixos-config/configurations/host/materusPC/secrets/default.nix

{ config, pkgs, lib, materusCfg, ... }:
{
  imports =
    [
      (if (materusCfg.materusFlake.encrypted == "decrypted") then ./private else "")
    ];

    sops.age.generateKey = false;
    sops.gnupg.home = null;
    sops.gnupg.sshKeyPaths = [];
    sops.secrets."users/materus" = {
      format = "yaml";
      sopsFile = ./users.yaml;
    };

    services.openssh.hostKeys = [
      {
        bits = 4096;
        path = "/materus/root/ssh_host_rsa_key";
        type = "rsa";
      }
      {
        path = "/materus/root/ssh_host_ed25519_key";
        type = "ed25519";
      }
    ];

}
materusPC: secrets test 2024-03-03 00:03:02 +01:00			`{ config, pkgs, lib, materusCfg, ... }:`
materusPC: prepare sops 2024-03-02 22:36:43 +01:00			`{`
			`imports =`
			`[`
materusPC: secrets test 2024-03-03 00:03:02 +01:00			`(if (materusCfg.materusFlake.encrypted == "decrypted") then ./private else "")`
materusPC: prepare sops 2024-03-02 22:36:43 +01:00			`];`
materusPC: secrets 2024-03-02 23:34:32 +01:00
materusPC: prepare sops 2024-03-02 22:36:43 +01:00			`sops.age.generateKey = false;`
			`sops.gnupg.home = null;`
			`sops.gnupg.sshKeyPaths = [];`
materusPC: secrets 2024-03-02 23:34:32 +01:00			`sops.secrets."users/materus" = {`
			`format = "yaml";`
			`sopsFile = ./users.yaml;`
materusPC: prepare sops 2024-03-02 22:36:43 +01:00			`};`

			`services.openssh.hostKeys = [`
			`{`
			`bits = 4096;`
			`path = "/materus/root/ssh_host_rsa_key";`
			`type = "rsa";`
			`}`
			`{`
			`path = "/materus/root/ssh_host_ed25519_key";`
			`type = "ed25519";`
			`}`
			`];`

			`}`