move shiniji wireguard secretes to only shinji host (refactor hosts)

author: Freya Murphy <freya@freyacat.org> 2025-06-21 22:33:33 -0400
committer: Freya Murphy <freya@freyacat.org> 2025-06-21 22:33:33 -0400
commit: b8c3752242ba2362a875dba555ff2527043bfe66 (patch)
tree: 8e6c0758546c262c22e04acc1913b0e1ac8ec5c9 /hosts/shinji/sops.nix
parent: run wl-clip-persist (diff)
download: dotfiles-nix-b8c3752242ba2362a875dba555ff2527043bfe66.tar.gz
dotfiles-nix-b8c3752242ba2362a875dba555ff2527043bfe66.tar.bz2
dotfiles-nix-b8c3752242ba2362a875dba555ff2527043bfe66.zip
1 files changed, 30 insertions, 0 deletions
diff --git a/hosts/shinji/sops.nix b/hosts/shinji/sops.nix
new file mode 100644
index 0000000..fa3272c
--- /dev/null
+++ b/hosts/shinji/sops.nix
@@ -0,0 +1,30 @@
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}: let
+  isEd25519 = k: k.type == "ed25519";
+  getKeyPath = k: k.path;
+  keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
+in {
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  environment.systemPackages = with pkgs; [
+    sops
+  ];
+
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+
+    gnupg.home = config.homePath + "/.gnupg";
+    gnupg.sshKeyPaths = [];
+
+    secrets = {
+      freyanetWg = {};
+      tinternetWg = {};
+    };
+  };
+}
author	Freya Murphy <freya@freyacat.org>	2025-06-21 22:33:33 -0400
committer	Freya Murphy <freya@freyacat.org>	2025-06-21 22:33:33 -0400
commit	b8c3752242ba2362a875dba555ff2527043bfe66 (patch)
tree	8e6c0758546c262c22e04acc1913b0e1ac8ec5c9 /hosts/shinji/sops.nix
parent	run wl-clip-persist (diff)
download	dotfiles-nix-b8c3752242ba2362a875dba555ff2527043bfe66.tar.gz dotfiles-nix-b8c3752242ba2362a875dba555ff2527043bfe66.tar.bz2 dotfiles-nix-b8c3752242ba2362a875dba555ff2527043bfe66.zip