add syncthing and keepass

2024-05-16 15:09:24 +02:00 · 2024-05-16 15:09:24 +02:00 · 4a800d9290
commit 4a800d9290
parent bb9494227f
14 changed files with 183 additions and 80 deletions
--- a/modules/nixOS/bundles/core/default.nix
+++ b/modules/nixOS/bundles/core/default.nix
@ -0,0 +1,9 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    # ./sops.nix
+  ];
+}
--- a/modules/nixOS/bundles/core/sops.nix
+++ b/modules/nixOS/bundles/core/sops.nix
@ -0,0 +1,37 @@
+{
+  pkgs,
+  config,
+  inputs,
+  ...
+}: let
+  secretsFile = "../../../../secrets/secrets.json";
+  secretsSet = builtins.fromJSON (builtins.readFile ./${secretsFile});
+  devices = builtins.attrNames secretsSet.syncthing.devices;
+in {
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+    defaultSopsFile = ./${secretsFile};
+    validateSopsFiles = false;
+
+    age = {
+      # automatically import host SSH keys as age keys
+      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      # this will use an age key that is expected to already be in the filesystem
+      keyFile = "/var/lib/sops-nix/key.txt";
+      # generate a new key if the key specified above does not exist
+      generateKey = true;
+    };
+
+    # secrets will be output to /run/secrets
+    secrets = {
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    sops
+  ];
+}
+
--- a/modules/nixOS/bundles/general-desktop.nix
+++ b/modules/nixOS/bundles/general-desktop.nix
@ -68,4 +68,8 @@
      serif = ["JetBrainsMono Nerd Font"];
    };
  };
+
+  environment.systemPackages = with pkgs; [
+    keepassxc
+  ];
 }