config: move secrets to sops

author: makefu <github@syntax-fehler.de> 2023-06-30 10:00:32 +0200
committer: makefu <github@syntax-fehler.de> 2023-06-30 10:00:32 +0200
commit: 78190a492875c40558c6a2c06a48d7f32b2ca681 (patch)
tree: 08abc65cadcbfe9b1a7ecbea9995e491abb40cc0 /2configs
parent: d9a5470a664ea3f9750a1c0c69149c420aa67b4e (diff)
3 files changed, 5 insertions, 3 deletions
diff --git a/2configs/default.nix b/2configs/default.nix
index e2e10aad2..3e04c3c05 100644
--- a/2configs/default.nix
+++ b/2configs/default.nix
@@ -7,6 +7,7 @@ with lib;
     ./editor/vim.nix
     ./binary-cache/nixos.nix
     ./minimal.nix
+    ./secrets
     # ./security/hotfix.nix
   ];
 
diff --git a/2configs/stats/arafetch.nix b/2configs/stats/arafetch.nix
index 0ea05e779..e94d8a9df 100644
--- a/2configs/stats/arafetch.nix
+++ b/2configs/stats/arafetch.nix
@@ -1,5 +1,5 @@
 { pkgs, lib, ...}:
-with import <stockholm/lib>;
+with pkgs.stockholm.lib;
 let
   pkg = with pkgs.python3Packages;buildPythonPackage rec {
     rev = "56d41de8219adc";
diff --git a/2configs/wireguard/thierry.nix b/2configs/wireguard/thierry.nix
index f1dfef192..58062073c 100644
--- a/2configs/wireguard/thierry.nix
+++ b/2configs/wireguard/thierry.nix
@@ -1,8 +1,9 @@
-{ lib, ... }:
+{ config, lib, ... }:
 {
+  sops.secrets."wg-thierry.key" = {};
   networking.wireguard.interfaces.thierry-wg = {
     ips = [ "172.27.66.10/24" ]; # TODO: not dnyamic
-    privateKeyFile = (toString <secrets>) + "/wg-thierry.key";
+    privateKeyFile = config.sops.secrets."wg-thierry.key".path;
     allowedIPsAsRoutes = true;
     # explicit route via eth0 to gum
     peers = [
author	makefu <github@syntax-fehler.de>	2023-06-30 10:00:32 +0200
committer	makefu <github@syntax-fehler.de>	2023-06-30 10:00:32 +0200
commit	78190a492875c40558c6a2c06a48d7f32b2ca681 (patch)
tree	08abc65cadcbfe9b1a7ecbea9995e491abb40cc0 /2configs
parent	d9a5470a664ea3f9750a1c0c69149c420aa67b4e (diff)