muon/flake
1
0
Fork 0
mirror of https://codeberg.org/muon/home.git synced 2025-12-05 23:57:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix sops user passwd

Browse source
This commit is contained in:
muon 2025-07-31 21:36:11 +00:00
parent 19b9edc01b
commit ac0f87a429
6 changed files with 14 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -11,13 +11,14 @@ cp /mnt/etc/nixos/hardware-configuration.nix hosts/$(hostname)/hardware-configur
rbw config set email admin@muon.host rbw config set email admin@muon.host
rbw config set base_url https://vault.muon.host rbw config set base_url https://vault.muon.host
rbw login rbw login
sudo mkdir -p /mnt/home/muon/.config/sops/age sudo mkdir -p /mnt/var/lib/sops-nix
sudo chown muon:users /mnt/home/muon/.config -R sudo chown muon:users /mnt/var/lib/sops-nix -R
rbw get sops > /mnt/home/muon/.config/sops/age/keys.txt rbw get sops > /mnt/var/lib/sops-nix/key.txt
sudo nixos-install --root /mnt --no-root-passwd --flake .#$(hostname) sudo nixos-install --root /mnt --no-root-passwd --flake .#$(hostname)
sudo mkdir -p /mnt/persist/{etc,var/lib/systemd} sudo mkdir -p /mnt/persist/{etc,var/lib/systemd}
sudo cp -r {/mnt,/mnt/persist}/etc/nixos sudo cp -r {/mnt,/mnt/persist}/etc/nixos
sudo cp -r {/mnt,/mnt/persist}/var/lib/nixos sudo cp -r {/mnt,/mnt/persist}/var/lib/nixos
sudo cp -r {/mnt,/mnt/persist}/var/lib/sops-nix
sudo cp -r {/mnt,/mnt/persist}/var/lib/systemd/coredump sudo cp -r {/mnt,/mnt/persist}/var/lib/systemd/coredump
sudo cp {/mnt,/mnt/persist}/etc/machine-id sudo cp {/mnt,/mnt/persist}/etc/machine-id
``` ```

1
hosts/murk/configuration.nix
View file

@ -5,7 +5,6 @@ in {
# Hardware # Hardware
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
inputs.impermanence.nixosModules.impermanence
"${ "${
builtins.fetchTarball { builtins.fetchTarball {
url = url =

2
modules/home/sops/default.nix
View file

@ -3,7 +3,7 @@ let cfg = config.mods;
in with lib; { in with lib; {
imports = [ inputs.sops-nix.homeManagerModules.sops ]; imports = [ inputs.sops-nix.homeManagerModules.sops ];
sops = { sops = {
age.keyFile = "/home/muon/.config/sops/age/keys.txt"; age.keyFile = "/var/lib/sops-nix/key.txt";
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets.zipline-auth = { }; secrets.zipline-auth = { };
}; };

8
modules/nixos/impermanence.nix
View file

@ -4,8 +4,12 @@ with lib; {
config = mkIf config.mods.impermanence.enable { config = mkIf config.mods.impermanence.enable {
environment.persistence."/persist" = { environment.persistence."/persist" = {
directories = directories = [
[ "/var/lib/nixos" "/var/lib/systemd/coredump" "/etc/nixos" ]; "/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/lib/sops-nix"
"/etc/nixos"
];
files = [ "/etc/machine-id" ]; files = [ "/etc/machine-id" ];
}; };

4
modules/nixos/sops/default.nix
View file

@ -3,9 +3,9 @@ let cfg = config.mods;
in with lib; { in with lib; {
imports = [ inputs.sops-nix.nixosModules.sops ]; imports = [ inputs.sops-nix.nixosModules.sops ];
sops = { sops = {
age.keyFile = "/home/muon/.config/sops/age/keys.txt"; age.keyFile = "/var/lib/sops-nix/key.txt";
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets.muon-password = { }; secrets.muon-password.neededForUsers = true;
secrets.zipline-secret = mkIf cfg.server.share.enable { secrets.zipline-secret = mkIf cfg.server.share.enable {
owner = "zipline"; owner = "zipline";
group = "zipline"; group = "zipline";

1
utils.nix
View file

@ -8,6 +8,7 @@
./modules/nixos ./modules/nixos
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
inputs.stylix.nixosModules.stylix inputs.stylix.nixosModules.stylix
inputs.impermanence.nixosModules.impermanence
]; ];
}; };
} }