diff --git a/config/hosts/imxyy-nix-server/build.nix b/config/hosts/imxyy-nix-server/build.nix index 904405e..b3c24dc 100644 --- a/config/hosts/imxyy-nix-server/build.nix +++ b/config/hosts/imxyy-nix-server/build.nix @@ -1,12 +1,12 @@ { config, pkgs, - sopsRoot, + secrets, ... }: { sops.secrets.et-imxyy-nix-server-nixremote = { - sopsFile = sopsRoot + /et-imxyy-nix-server-nixremote.toml; + sopsFile = secrets.et-imxyy-nix-server-nixremote; format = "binary"; }; environment.systemPackages = [ pkgs.easytier ]; diff --git a/config/hosts/imxyy-nix-server/minio.nix b/config/hosts/imxyy-nix-server/minio.nix index 7968e8f..e6ea606 100644 --- a/config/hosts/imxyy-nix-server/minio.nix +++ b/config/hosts/imxyy-nix-server/minio.nix @@ -1,7 +1,7 @@ -{ config, sopsRoot, ... }: +{ config, secrets, ... }: { sops.secrets.minio-env = { - sopsFile = sopsRoot + /minio.env; + sopsFile = secrets.minio; format = "dotenv"; }; services.minio = { diff --git a/config/hosts/imxyy-nix-server/net.nix b/config/hosts/imxyy-nix-server/net.nix index 0c290a6..cf5300c 100644 --- a/config/hosts/imxyy-nix-server/net.nix +++ b/config/hosts/imxyy-nix-server/net.nix @@ -3,7 +3,7 @@ lib, pkgs, username, - sopsRoot, + secrets, ... }: { @@ -143,7 +143,7 @@ ]; sops.secrets.dae-imxyy-nix-server = { - sopsFile = sopsRoot + /dae-imxyy-nix-server.dae; + sopsFile = secrets.dae-imxyy-nix-server; format = "binary"; }; services.dae = { @@ -152,7 +152,7 @@ }; systemd.services.dae.after = [ "sops-nix.service" ]; sops.secrets.mihomo = { - sopsFile = sopsRoot + /mihomo.yaml; + sopsFile = secrets.mihomo; format = "yaml"; key = ""; }; @@ -164,7 +164,7 @@ }; sops.secrets.frp-env = { - sopsFile = sopsRoot + /frp.env; + sopsFile = secrets.frp; format = "dotenv"; }; systemd.services.frp.serviceConfig.EnvironmentFile = [ @@ -475,7 +475,7 @@ }; sops.secrets.et-imxyy-nix-server = { - sopsFile = sopsRoot + /et-imxyy-nix-server.toml; + sopsFile = secrets.et-imxyy-nix-server; format = "binary"; }; environment.systemPackages = [ pkgs.easytier ]; diff --git a/config/hosts/imxyy-nix-server/nixos.nix b/config/hosts/imxyy-nix-server/nixos.nix index f28519a..ba14ba8 100644 --- a/config/hosts/imxyy-nix-server/nixos.nix +++ b/config/hosts/imxyy-nix-server/nixos.nix @@ -2,7 +2,7 @@ lib, config, username, - sopsRoot, + secrets, ... }: { @@ -23,7 +23,7 @@ environment.variables.NIX_REMOTE = "daemon"; sops.secrets.imxyy-nix-server-hashed-password = { - sopsFile = sopsRoot + /imxyy-nix-server-hashed-password.txt; + sopsFile = secrets.imxyy-nix-server-hashed-password; format = "binary"; neededForUsers = true; }; diff --git a/config/hosts/imxyy-nix-server/note.nix b/config/hosts/imxyy-nix-server/note.nix index 6c73d85..0aa3bfa 100644 --- a/config/hosts/imxyy-nix-server/note.nix +++ b/config/hosts/imxyy-nix-server/note.nix @@ -1,16 +1,16 @@ { config, - sopsRoot, + secrets, ... }: { sops.secrets = { flatnote-env = { - sopsFile = sopsRoot + /flatnote.env; + sopsFile = secrets.flatnote; format = "dotenv"; }; siyuan-env = { - sopsFile = sopsRoot + /siyuan.env; + sopsFile = secrets.siyuan; format = "dotenv"; }; }; diff --git a/config/hosts/imxyy-nix-server/vault.nix b/config/hosts/imxyy-nix-server/vault.nix index 5d34027..4be7a58 100644 --- a/config/hosts/imxyy-nix-server/vault.nix +++ b/config/hosts/imxyy-nix-server/vault.nix @@ -1,7 +1,7 @@ -{ config, sopsRoot, ... }: +{ config, secrets, ... }: { sops.secrets.vaultwarden-env = { - sopsFile = sopsRoot + /vaultwarden.env; + sopsFile = secrets.vaultwarden; format = "dotenv"; }; services.postgresql.ensureUsers = [ diff --git a/config/hosts/imxyy-nix-x16/net.nix b/config/hosts/imxyy-nix-x16/net.nix index fc5eb42..5bc6d17 100644 --- a/config/hosts/imxyy-nix-x16/net.nix +++ b/config/hosts/imxyy-nix-x16/net.nix @@ -1,7 +1,7 @@ { config, pkgs, - sopsRoot, + secrets, ... }: { @@ -53,7 +53,7 @@ }; sops.secrets.dae-imxyy-nix-x16 = { - sopsFile = sopsRoot + /dae-imxyy-nix-x16.dae; + sopsFile = secrets.dae-imxyy-nix-x16; format = "binary"; }; services.dae = { @@ -62,7 +62,7 @@ }; systemd.services.dae.after = [ "sops-nix.service" ]; sops.secrets.mihomo = { - sopsFile = sopsRoot + /mihomo.yaml; + sopsFile = secrets.mihomo; format = "yaml"; key = ""; }; @@ -74,7 +74,7 @@ }; sops.secrets.et-imxyy-nix-x16 = { - sopsFile = sopsRoot + /et-imxyy-nix-x16.toml; + sopsFile = secrets.et-imxyy-nix-x16; format = "binary"; }; environment.systemPackages = with pkgs; [ diff --git a/config/hosts/imxyy-nix-x16/nixos.nix b/config/hosts/imxyy-nix-x16/nixos.nix index b479f1a..8ebcea6 100644 --- a/config/hosts/imxyy-nix-x16/nixos.nix +++ b/config/hosts/imxyy-nix-x16/nixos.nix @@ -1,9 +1,8 @@ { - lib, pkgs, config, username, - sopsRoot, + secrets, ... }: { @@ -134,7 +133,7 @@ ]; sops.secrets.imxyy-nix-rclone = { - sopsFile = sopsRoot + /imxyy-nix-rclone.conf; + sopsFile = secrets.imxyy-nix-rclone; format = "binary"; }; fileSystems = { diff --git a/config/hosts/imxyy-nix/net.nix b/config/hosts/imxyy-nix/net.nix index 5a21338..2a0af97 100644 --- a/config/hosts/imxyy-nix/net.nix +++ b/config/hosts/imxyy-nix/net.nix @@ -2,8 +2,7 @@ config, lib, pkgs, - sopsRoot, - username, + secrets, ... }: { @@ -86,7 +85,7 @@ }; sops.secrets.dae-imxyy-nix = { - sopsFile = sopsRoot + /dae-imxyy-nix.dae; + sopsFile = secrets.dae-imxyy-nix; format = "binary"; }; services.dae = { @@ -95,7 +94,7 @@ }; systemd.services.dae.after = [ "sops-nix.service" ]; sops.secrets.mihomo = { - sopsFile = sopsRoot + /mihomo.yaml; + sopsFile = secrets.mihomo; format = "yaml"; key = ""; }; @@ -107,7 +106,7 @@ }; sops.secrets.et-imxyy-nix = { - sopsFile = sopsRoot + /et-imxyy-nix.toml; + sopsFile = secrets.et-imxyy-nix; format = "binary"; }; environment.systemPackages = [ pkgs.easytier ]; diff --git a/config/hosts/imxyy-nix/nixos.nix b/config/hosts/imxyy-nix/nixos.nix index c2970a1..7a2baad 100644 --- a/config/hosts/imxyy-nix/nixos.nix +++ b/config/hosts/imxyy-nix/nixos.nix @@ -3,7 +3,7 @@ pkgs, config, username, - sopsRoot, + secrets, ... }: let @@ -225,7 +225,7 @@ in ]; sops.secrets.imxyy-nix-rclone = { - sopsFile = sopsRoot + /imxyy-nix-rclone.conf; + sopsFile = secrets.imxyy-nix-rclone; format = "binary"; }; fileSystems = { diff --git a/flake.nix b/flake.nix index 612dc18..c1bc9d4 100644 --- a/flake.nix +++ b/flake.nix @@ -185,7 +185,14 @@ outputs hostname ; - sopsRoot = ./secrets; + secrets = + with lib.haumea; + load { + src = ./secrets; + loader = [ + (matchers.always loaders.path) + ]; + }; } // vars; modules = diff --git a/modules/user.nix b/modules/user.nix index 2034062..40417b4 100644 --- a/modules/user.nix +++ b/modules/user.nix @@ -4,7 +4,7 @@ pkgs, username, userdesc, - sopsRoot, + secrets, ... }: lib.my.makeSwitch { @@ -16,7 +16,7 @@ lib.my.makeSwitch { programs.zsh.enable = true; sops.secrets.imxyy-nix-hashed-password = { - sopsFile = sopsRoot + /imxyy-nix-hashed-password.txt; + sopsFile = secrets.imxyy-nix-hashed-password; format = "binary"; neededForUsers = true; };