cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

better secrets management

Browse source
This commit is contained in:
Cy Pokhrel 2024-11-23 21:41:28 -05:00
parent 3c6d6f8686
commit b15432bd15
No known key found for this signature in database
GPG key ID: 1200FBE36C2ADE2E
5 changed files with 64 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
nix/configuration.nix
View file

@ -6,6 +6,11 @@
./hardware-configuration.nix
];
sops.defaultSopsFile = ./secrets/secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
sops.secrets."borg/yt" = { };
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@ -98,6 +103,7 @@
wgnord
wireguard-tools
traceroute
sops
];
system.stateVersion = "24.05";
@ -151,7 +157,7 @@
repo = "de3911@de3911.rsync.net:borg/yt";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /root/keys/borg_yt";
passCommand = "cat /run/keys/borg_yt";
};
environment = {
BORG_RSH = "ssh -i /home/yt/.ssh/id_ed25519";