diff options
| -rw-r--r-- | ivi/ivi.nix | 3 | ||||
| -rw-r--r-- | profiles/core/secrets.nix | 32 |
2 files changed, 20 insertions, 15 deletions
diff --git a/ivi/ivi.nix b/ivi/ivi.nix index f7cc0d0..8e1013d 100644 --- a/ivi/ivi.nix +++ b/ivi/ivi.nix @@ -63,6 +63,7 @@ self: lib: with lib; let machines = { lemptop = { + secrets = true; profiles = [ "core" "station" @@ -70,11 +71,13 @@ self: lib: with lib; let ]; }; wsl = { + secrets = true; profiles = [ "core" ]; }; serber = { + secrets = true; isDeployed = true; profiles = [ "core" diff --git a/profiles/core/secrets.nix b/profiles/core/secrets.nix index 12b8a95..cacfcb7 100644 --- a/profiles/core/secrets.nix +++ b/profiles/core/secrets.nix @@ -19,22 +19,24 @@ in inputs.sops-nix.nixosModules.sops (mkAliasOptionModule [ "secrets" ] [ "sops" "secrets" ]) # TODO: get my username(s) from machine config ]; - sops = { - secrets = attrsets.mergeAttrsList - [ - (getSecrets "${inputs.self}/secrets") - (getSecrets "${inputs.self}/secrets/${machine.hostname}") - ]; - }; + config = mkIf machine.secrets { + sops = { + secrets = attrsets.mergeAttrsList + [ + (getSecrets "${inputs.self}/secrets") + (getSecrets "${inputs.self}/secrets/${machine.hostname}") + ]; + }; - environment = { - systemPackages = [ - pkgs.sops - pkgs.age - ]; - }; + environment = { + systemPackages = [ + pkgs.sops + pkgs.age + ]; + }; - hm = { - programs.password-store.enable = true; + hm = { + programs.password-store.enable = true; + }; }; } |