mirror of
https://github.com/TheWanderingCrow/CrOS.git
synced 2026-01-11 09:44:08 -05:00
71 lines
1.7 KiB
Nix
71 lines
1.7 KiB
Nix
{
|
|
lib,
|
|
inputs,
|
|
config,
|
|
...
|
|
}:
|
|
lib.mkIf config.user.crow.enable {
|
|
sops = {
|
|
defaultSopsFile = inputs.nix-secrets.secrets.parzival;
|
|
age.keyFile = "/var/lib/sops-nix/key.txt";
|
|
age.generateKey = true;
|
|
};
|
|
|
|
#######
|
|
# AWS #
|
|
#######
|
|
|
|
sops.secrets."aws/wce/access_key" = {};
|
|
sops.secrets."aws/wce/secret_key" = {};
|
|
sops.secrets."aws/work/access_key" = {};
|
|
sops.secrets."aws/work/secret_key" = {};
|
|
|
|
sops.templates."aws_shared_config" = {
|
|
owner = config.users.users.crow.name;
|
|
content = ''
|
|
[default]
|
|
aws_access_key_id=${config.sops.placeholder."aws/work/access_key"}
|
|
aws_secret_access_key=${config.sops.placeholder."aws/work/secret_key"}
|
|
|
|
[wce]
|
|
aws_access_key_id=${config.sops.placeholder."aws/wce/access_key"}
|
|
aws_secret_access_key=${config.sops.placeholder."aws/wce/secret_key"}
|
|
'';
|
|
};
|
|
system.userActivationScripts.link_aws_secrets.text = ''
|
|
rm -rf /home/crow/.aws
|
|
mkdir -p /home/crow/.aws
|
|
ln -s ${config.sops.templates."aws_shared_config".path} /home/crow/.aws/credentials
|
|
'';
|
|
|
|
################
|
|
# DigitalOcean #
|
|
################
|
|
|
|
sops.secrets."digitalocean/token" = {
|
|
owner = config.users.users.crow.name;
|
|
};
|
|
|
|
##############
|
|
# Cloudflare #
|
|
##############
|
|
|
|
sops.secrets."cloudflare/token" = {
|
|
owner = config.users.users.crow.name;
|
|
};
|
|
|
|
sops.secrets."backblaze/id" = {
|
|
owner = config.users.users.crow.name;
|
|
};
|
|
|
|
sops.secrets."backblaze/key" = {
|
|
owner = config.users.users.crow.name;
|
|
};
|
|
|
|
sops.secrets."restic/wce-media-backup/endpoint" = {
|
|
owner = config.users.users.crow.name;
|
|
};
|
|
sops.secrets."restic/wce-media-backup/password" = {
|
|
owner = config.users.users.crow.name;
|
|
};
|
|
}
|