nix/modules/home/secrets.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

{ config, super, ... }:
{
  sops = {
    defaultSopsFile =
      if config.monorepo.profiles.graphics.enable
      then ../../secrets/secrets.yaml
      else ../../secrets/vps_secrets.yaml;

    age = {
      keyFile = "/home/${super.monorepo.vars.userName}/.config/sops/age/keys.txt";
    };

    secrets =
      if super.monorepo.profiles.desktop.enable then {
        mail = {
          format = "yaml";
          path = "${config.sops.defaultSymlinkPath}/mail";
        };
        cloudflare-dns = {
          format = "yaml";
          path = "${config.sops.defaultSymlinkPath}/cloudflare-dns";
        };
        digikey = {
          format = "yaml";
          path = "${config.sops.defaultSymlinkPath}/digikey";
        };
        dn42 = {
          format = "yaml";
          path = "${config.sops.defaultSymlinkPath}/dn42";
        };
      } else { };
    defaultSymlinkPath = "/run/user/1000/secrets";
    defaultSecretsMountPoint = "/run/user/1000/secrets.d";
  };
}