Add sops defaults

2025-09-01 16:06:04 +02:00 · 2025-09-01 16:06:04 +02:00 · 8cec9745da
commit 8cec9745da
parent 6b9c9dba92
27 changed files with 75 additions and 144 deletions
--- a/flake.nix
+++ b/flake.nix
@ -187,41 +187,63 @@
          inherit system;
          specialArgs = { inherit self system; };

-          modules = [
-            (./hosts + "/${hostname}/configuration.nix")
+          modules =
+            let
+              hostDir = ./hosts + "/${hostname}";
+            in
+            [
+              (hostDir + "/configuration.nix")

-            ./modules
+              ./modules

-            {
-              _module.args = {
-                inherit inputs;
-                custom-utils = import ./custom-utils { inherit (nixpkgs) lib; };
-              };
-            }
-
-            # deployment settings
-            ({ lib, ... }: {
-              options.deployment = {
-                targetHost = lib.mkOption {
-                  type = lib.types.str;
-                  readOnly = true;
-                  internal = true;
+              {
+                _module.args = {
+                  inherit inputs;
+                  custom-utils = import ./custom-utils { inherit (nixpkgs) lib; };
                };
-              };
-              config.deployment = {
-                inherit targetHost;
-              };
-            })
-          ] ++ [
-            { nixpkgs.overlays = [ nur.overlays.default inputs.vesc-tool.overlays.default ]; }
-            home-manager.nixosModules.home-manager
-            inputs.asterisk-sounds-de.nixosModules.default
-            inputs.disko.nixosModules.disko
-            inputs.impermanence.nixosModules.impermanence
-            inputs.lanzaboote.nixosModules.lanzaboote
-            inputs.sops-nix.nixosModules.sops
-            inputs.gg-chatmix.nixosModule
-          ] ++ extraModules;
+              }
+
+              # deployment settings
+              ({ lib, ... }: {
+                options.deployment = {
+                  targetHost = lib.mkOption {
+                    type = lib.types.str;
+                    readOnly = true;
+                    internal = true;
+                  };
+                };
+                config.deployment = {
+                  inherit targetHost;
+                };
+              })
+
+              # sops settings
+              ({ lib, config, pkgs, ... }:
+                {
+                  sops.defaultSopsFile = hostDir + "/secrets.yaml";
+                  sops.secrets =
+                    let
+                      secretFile = config.sops.defaultSopsFile;
+                      getSecrets = file: builtins.fromJSON (builtins.readFile (pkgs.runCommandNoCC "secretKeys" { } ''${pkgs.yq-go}/bin/yq -o json '[del .sops | .. | select(tag != "!!seq" and tag != "!!map") | path | join("/")]' ${file} > $out''));
+                      secretNames = getSecrets secretFile;
+                      secrets =
+                        if builtins.pathExists secretFile then
+                          lib.listToAttrs (builtins.map (name: lib.nameValuePair name { }) secretNames)
+                        else
+                          { };
+                    in
+                    secrets;
+                })
+            ] ++ [
+              { nixpkgs.overlays = [ nur.overlays.default inputs.vesc-tool.overlays.default ]; }
+              home-manager.nixosModules.home-manager
+              inputs.asterisk-sounds-de.nixosModules.default
+              inputs.disko.nixosModules.disko
+              inputs.impermanence.nixosModules.impermanence
+              inputs.lanzaboote.nixosModules.lanzaboote
+              inputs.sops-nix.nixosModules.sops
+              inputs.gg-chatmix.nixosModule
+            ] ++ extraModules;
        })
        (import ./hosts inputs);
    };