changes to sops and cleanup script works globally

2024-08-18 16:24:40 +02:00
parent 9490d52c53
commit 35f731b673
11 changed files with 155 additions and 115 deletions
--- a/system/modules/sysd/sops/default.nix
+++ b/system/modules/sysd/sops/default.nix
@@ -5,54 +5,30 @@
  self,
  ...
 }: let
-  defaultConfig = {
-    defaultSopsFile = "${self}/secrets/cnix-secrets.yaml";
-    secrets = {
-      openai_api_key = {
-        format = "yaml";
-        sopsFile = "${self}/secrets/cnix-secrets.yaml";
+  inherit (lib) mkIf mkEnableOption mkOption;
+  cfg = config.modules.sysd.sops;
+in {
+  options = {
+    modules.sysd.sops = {
+      enable = mkEnableOption "Enables sops system environment";
+      cnix = mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Apply cnix sops settings";
      };
-      ssh_host = {
-        format = "yaml";
-        sopsFile = "${self}/secrets/cnix-secrets.yaml";
+      toothpc = mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Apply toothpc sops settings";
+      };
+      adampad = mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Apply adampad sops settings";
      };
    };
  };

-  hostSpecificConfig = lib.mkMerge [
-    (lib.mkIf (config.networking.hostName == "toothpc") {
-      defaultSopsFile = "${self}/secrets/toothpc-secrets.yaml";
-      secrets = {
-        openai_api_key = {
-          format = "yaml";
-          sopsFile = "${self}/secrets/toothpc-secrets.yaml";
-        };
-        ssh_host = {
-          format = "yaml";
-          sopsFile = "${self}/secrets/toothpc-secrets.yaml";
-        };
-      };
-    })
-    (lib.mkIf (config.networking.hostName == "adampad") {
-      defaultSopsFile = "${self}/secrets/adampad-secrets.yaml";
-      secrets = {
-        openai_api_key = {
-          format = "yaml";
-          sopsFile = "${self}/secrets/adampad-secrets.yaml";
-        };
-        ssh_host = {
-          format = "yaml";
-          sopsFile = "${self}/secrets/adampad-secrets.yaml";
-        };
-      };
-    })
-  ];
-  inherit (lib) mkIf mkEnableOption;
-  cfg = config.modules.sysd.sops;
-in {
-  options = {
-    modules.sysd.sops.enable = mkEnableOption "Enables sops";
-  };
  config = mkIf cfg.enable {
    sops = lib.mkMerge [
      {
@@ -62,9 +38,44 @@ in {
          sshKeyPaths = [];
        };
      }
-      defaultConfig
-      hostSpecificConfig
+      (mkIf cfg.cnix {
+        secrets = {
+          openai_api_key = {
+            format = "yaml";
+            sopsFile = "${self}/secrets/cnix-secrets.yaml";
+          };
+          ssh_host = {
+            format = "yaml";
+            sopsFile = "${self}/secrets/cnix-secrets.yaml";
+          };
+        };
+      })
+      (mkIf cfg.toothpc {
+        secrets = {
+          openai_api_key = {
+            format = "yaml";
+            sopsFile = "${self}/secrets/toothpc-secrets.yaml";
+          };
+          ssh_host = {
+            format = "yaml";
+            sopsFile = "${self}/secrets/toothpc-secrets.yaml";
+          };
+        };
+      })
+      (mkIf cfg.adampad {
+        secrets = {
+          openai_api_key = {
+            format = "yaml";
+            sopsFile = "${self}/secrets/adampad-secrets.yaml";
+          };
+          ssh_host = {
+            format = "yaml";
+            sopsFile = "${self}/secrets/adampad-secrets.yaml";
+          };
+        };
+      })
    ];
+
    environment.systemPackages = [
      pkgs.sops
      pkgs.age