diff options
author | makefu <github@syntax-fehler.de> | 2023-06-30 10:00:32 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2023-06-30 10:00:32 +0200 |
commit | 78190a492875c40558c6a2c06a48d7f32b2ca681 (patch) | |
tree | 08abc65cadcbfe9b1a7ecbea9995e491abb40cc0 /2configs | |
parent | d9a5470a664ea3f9750a1c0c69149c420aa67b4e (diff) |
config: move secrets to sops
Diffstat (limited to '2configs')
-rw-r--r-- | 2configs/default.nix | 1 | ||||
-rw-r--r-- | 2configs/stats/arafetch.nix | 2 | ||||
-rw-r--r-- | 2configs/wireguard/thierry.nix | 5 |
3 files changed, 5 insertions, 3 deletions
diff --git a/2configs/default.nix b/2configs/default.nix index e2e10aad2..3e04c3c05 100644 --- a/2configs/default.nix +++ b/2configs/default.nix @@ -7,6 +7,7 @@ with lib; ./editor/vim.nix ./binary-cache/nixos.nix ./minimal.nix + ./secrets # ./security/hotfix.nix ]; diff --git a/2configs/stats/arafetch.nix b/2configs/stats/arafetch.nix index 0ea05e779..e94d8a9df 100644 --- a/2configs/stats/arafetch.nix +++ b/2configs/stats/arafetch.nix @@ -1,5 +1,5 @@ { pkgs, lib, ...}: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let pkg = with pkgs.python3Packages;buildPythonPackage rec { rev = "56d41de8219adc"; diff --git a/2configs/wireguard/thierry.nix b/2configs/wireguard/thierry.nix index f1dfef192..58062073c 100644 --- a/2configs/wireguard/thierry.nix +++ b/2configs/wireguard/thierry.nix @@ -1,8 +1,9 @@ -{ lib, ... }: +{ config, lib, ... }: { + sops.secrets."wg-thierry.key" = {}; networking.wireguard.interfaces.thierry-wg = { ips = [ "172.27.66.10/24" ]; # TODO: not dnyamic - privateKeyFile = (toString <secrets>) + "/wg-thierry.key"; + privateKeyFile = config.sops.secrets."wg-thierry.key".path; allowedIPsAsRoutes = true; # explicit route via eth0 to gum peers = [ |