derped/nixos
1
0
Fork 0
Code Releases Activity

WIP sops for Lilim -> enable pure eval.

Browse source
This commit is contained in:
Kevin Baensch 2023-04-15 16:27:27 +02:00
parent b37af57fd5
commit 908b709439
Signed by: derped
GPG key ID: C0F1D326C7626543
6 changed files with 67 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

3
config/nix.nix
View file

@ -14,7 +14,8 @@ in {
trusted-substituters = [
"https://cache.nixos.org"
] ++ cfg.binaryCaches;
trusted-public-keys = [ (lib.fileContents "${cfg.secretPath}/hydra_cache.pub") ];
# TODO: integrate into sops
# trusted-public-keys = [ (lib.fileContents "${cfg.secretPath}/hydra_cache.pub") ];
substituters = [
"https://cache.nixos.org"
] ++ cfg.binaryCaches;

10
config/users.nix
View file

@ -7,7 +7,7 @@ let
name = user.name;
value = let
cfg = config.services;
passPath = "${config.machine.secretPath}/${user.name}";
passPath = config.sops.secrets."users/${user.name}/password".path;
in {
isNormalUser = true;
name = user.name;
@ -22,9 +22,10 @@ let
++ (optional config.virtualisation.docker.enable "docker");
shell = "${pkgs.zsh}/bin/zsh";
passwordFile = passPath;
openssh.authorizedKeys.keyFiles = optional
(cfg.openssh.enable && (builtins.pathExists "${passPath}.pub"))
"${passPath}.pub";
# TODO: Fix for sops
# openssh.authorizedKeys.keyFiles = optional
# (cfg.openssh.enable && (builtins.pathExists "${passPath}.pub"))
# "${passPath}.pub";
};
};
@ -36,7 +37,6 @@ let
members = [ user.name ];
};
};
in {
users = {
mutableUsers = false;