diff --git a/hosts/dust/default.nix b/hosts/dust/default.nix index e4cea6a..5156ccf 100644 --- a/hosts/dust/default.nix +++ b/hosts/dust/default.nix @@ -24,6 +24,10 @@ preservation.nixosModules.preservation ]); + sops = { + age.keyFile = "/persist/home/guanranwang/.config/sops/age/keys.txt"; + }; + sops.secrets = lib.mapAttrs (_n: v: v // { sopsFile = ./secrets.yaml; }) ( lib.listToAttrs ( lib.map (x: lib.nameValuePair "wireless/${x}" { path = "/var/lib/iwd/${x}.psk"; }) [ diff --git a/hosts/dust/preservation.nix b/hosts/dust/preservation.nix index 93bb600..f6af077 100644 --- a/hosts/dust/preservation.nix +++ b/hosts/dust/preservation.nix @@ -1,6 +1,4 @@ -{ lib, ... }: { - sops.age.sshKeyPaths = lib.mkForce [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; fileSystems."/persist".neededForBoot = true; preservation.enable = true; preservation.preserveAt."/persist" = { @@ -9,23 +7,17 @@ "/var/lib" "/etc/secureboot" ]; - files = [ - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; users.guanranwang = { directories = [ - "Desktop" "Documents" "Downloads" "Music" "Pictures" "Videos" - #"Public" - #"Templates" + # "Desktop" + # "Public" + # "Templates" ".ssh" ".mozilla/firefox" diff --git a/nixos/profiles/core/default.nix b/nixos/profiles/core/default.nix index 76db1f8..0289010 100644 --- a/nixos/profiles/core/default.nix +++ b/nixos/profiles/core/default.nix @@ -65,10 +65,4 @@ # See `nixos-version(8)` system.configurationRevision = inputs.self.rev or "dirty"; - - ### sops-nix - sops = { - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - gnupg.sshKeyPaths = [ ]; - }; } diff --git a/nixos/profiles/server/default.nix b/nixos/profiles/server/default.nix index 6301ab7..8920953 100644 --- a/nixos/profiles/server/default.nix +++ b/nixos/profiles/server/default.nix @@ -17,4 +17,9 @@ time.timeZone = "UTC"; networking.domain = "ny4.dev"; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + gnupg.sshKeyPaths = [ ]; + }; }