diff --git a/home/modules/userd/sops/default.nix b/home/modules/userd/sops/default.nix index fb22edbd..96ce4b4f 100644 --- a/home/modules/userd/sops/default.nix +++ b/home/modules/userd/sops/default.nix @@ -5,60 +5,34 @@ config, ... }: let - defaultConfig = { - age = {sshKeyPaths = ["/home/cnst/.ssh/id_ed25519"];}; - defaultSopsFile = "${self}/secrets/cnst-secrets.yaml"; - secrets = { - openai_api_key = { - format = "yaml"; - sopsFile = "${self}/secrets/cnst-secrets.yaml"; - }; - ssh_user = { - format = "yaml"; - sopsFile = "${self}/secrets/cnst-secrets.yaml"; - }; - }; - }; - - userSpecificConfig = lib.mkMerge [ - (lib.mkIf (config.home.username == "toothpick") { - age = {sshKeyPaths = ["/home/toothpick/.ssh/id_ed25519"];}; - defaultSopsFile = "${self}/secrets/toothpick-secrets.yaml"; - secrets = { - openai_api_key = { - format = "yaml"; - sopsFile = "${self}/secrets/toothpick-secrets.yaml"; - }; - ssh_user = { - format = "yaml"; - sopsFile = "${self}/secrets/toothpick-secrets.yaml"; - }; - }; - }) - (lib.mkIf (config.home.username == "adam") { - age = {sshKeyPaths = ["/home/adam/.ssh/id_ed25519"];}; - defaultSopsFile = "${self}/secrets/adam-secrets.yaml"; - secrets = { - openai_api_key = { - format = "yaml"; - sopsFile = "${self}/secrets/adam-secrets.yaml"; - }; - ssh_user = { - format = "yaml"; - sopsFile = "${self}/secrets/adam-secrets.yaml"; - }; - }; - }) - ]; - inherit (lib) mkIf mkEnableOption; + inherit (lib) mkIf mkEnableOption mkOption; cfg = config.modules.userd.sops; in { imports = [ inputs.sops-nix.homeManagerModules.sops ]; + options = { - modules.userd.sops.enable = mkEnableOption "Enables sops home environment"; + modules.userd.sops = { + enable = mkEnableOption "Enables sops home environment"; + cnst = mkOption { + type = lib.types.bool; + default = false; + description = "Apply cnst sops settings"; + }; + toothpick = mkOption { + type = lib.types.bool; + default = false; + description = "Apply toothpick sops settings"; + }; + adam = mkOption { + type = lib.types.bool; + default = false; + description = "Apply adam sops settings"; + }; + }; }; + config = mkIf cfg.enable { sops = lib.mkMerge [ { @@ -67,8 +41,45 @@ in { sshKeyPaths = []; }; } - defaultConfig - userSpecificConfig + (mkIf cfg.cnst { + age = {sshKeyPaths = ["/home/cnst/.ssh/id_ed25519"];}; + secrets = { + openai_api_key = { + format = "yaml"; + sopsFile = "${self}/secrets/cnst-secrets.yaml"; + }; + ssh_user = { + format = "yaml"; + sopsFile = "${self}/secrets/cnst-secrets.yaml"; + }; + }; + }) + (mkIf cfg.toothpick { + age = {sshKeyPaths = ["/home/toothpick/.ssh/id_ed25519"];}; + secrets = { + openai_api_key = { + format = "yaml"; + sopsFile = "${self}/secrets/toothpick-secrets.yaml"; + }; + ssh_user = { + format = "yaml"; + sopsFile = "${self}/secrets/toothpick-secrets.yaml"; + }; + }; + }) + (mkIf cfg.adam { + age = {sshKeyPaths = ["/home/adam/.ssh/id_ed25519"];}; + secrets = { + openai_api_key = { + format = "yaml"; + sopsFile = "${self}/secrets/adam-secrets.yaml"; + }; + ssh_user = { + format = "yaml"; + sopsFile = "${self}/secrets/adam-secrets.yaml"; + }; + }; + }) ]; }; } diff --git a/home/users/adam/modules.nix b/home/users/adam/modules.nix index 918dba00..d5e961f1 100644 --- a/home/users/adam/modules.nix +++ b/home/users/adam/modules.nix @@ -22,7 +22,10 @@ zellij.enable = false; }; userd = { - sops.enable = false; + sops = { + enable = false; + adam = false; + }; copyq.enable = true; mako.enable = true; udiskie.enable = true; diff --git a/home/users/adam/shell.nix b/home/users/adam/shell.nix index 48c170ed..7ba93fea 100644 --- a/home/users/adam/shell.nix +++ b/home/users/adam/shell.nix @@ -11,14 +11,14 @@ umod = "nvim /home/adam/.nix-config/home/users/adam/modules.nix"; systemmodules = "nvim /home/adam/.nix-config/hosts/adampad/modules.nix"; smod = "nvim /home/adam/.nix-config/hosts/adampad/modules.nix"; - nixclean = "sudo nix run .#cleanup-boot"; + nixclean = "sudo nix run /home/adam/.nix-config#cleanup-boot"; nixdev = "nix develop ~/.nix-config -c $SHELL"; nixconfig = "cd /home/adam/.nix-config/"; ll = "ls -l"; - nixupdate = "nh os switch -v -H adampad && sudo nix run .#cleanup-boot"; - nixup = "nh os switch -H adampad && sudo nix run .#cleanup-boot"; - flakeupdate = "nh os switch -u -v -H adampad && sudo nix run .#cleanup-boot"; - flakeup = "nh os switch -u -H adampad && sudo nix run .#cleanup-boot"; + nixupdate = "nh os switch -v -H adampad && sudo nix run /home/adam/.nix-config#cleanup-boot"; + nixup = "nh os switch -H adampad && sudo nix run /home/adam/.nix-config#cleanup-boot"; + flakeupdate = "nh os switch -u -v -H adampad && sudo nix run /home/adam/.nix-config#cleanup-boot"; + flakeup = "nh os switch -u -H adampad && sudo nix run /home/adam/.nix-config#cleanup-boot"; }; history = { size = 1000; diff --git a/home/users/cnst/modules.nix b/home/users/cnst/modules.nix index 7f30eca6..b244741f 100644 --- a/home/users/cnst/modules.nix +++ b/home/users/cnst/modules.nix @@ -22,7 +22,10 @@ zellij.enable = false; }; userd = { - sops.enable = true; + sops = { + enable = true; + cnst = true; + }; copyq.enable = true; mako.enable = true; udiskie.enable = true; diff --git a/home/users/cnst/shell.nix b/home/users/cnst/shell.nix index 42f176ee..e511b268 100644 --- a/home/users/cnst/shell.nix +++ b/home/users/cnst/shell.nix @@ -11,14 +11,14 @@ umod = "nvim /home/cnst/.nix-config/home/users/cnst/modules.nix"; systemmodules = "nvim /home/cnst/.nix-config/hosts/cnix/modules.nix"; smod = "nvim /home/cnst/.nix-config/hosts/cnix/modules.nix"; - nixclean = "sudo nix run .#cleanup-boot"; + nixclean = "sudo nix run /home/cnst/.nix-config#cleanup-boot"; nixdev = "nix develop ~/.nix-config -c $SHELL"; nixconfig = "cd /home/cnst/.nix-config/"; ll = "ls -l"; - nixupdate = "nh os switch -v -H cnix && sudo nix run .#cleanup-boot"; - nixup = "nh os switch -H cnix && sudo nix run .#cleanup-boot"; - flakeupdate = "nh os switch -u -v -H cnix && sudo nix run .#cleanup-boot"; - flakeup = "nh os switch -u -H cnix && sudo nix run .#cleanup-boot"; + nixupdate = "nh os switch -v -H cnix && sudo nix run /home/cnst/.nix-config#cleanup-boot"; + nixup = "nh os switch -H cnix && sudo nix run /home/cnst/.nix-config#cleanup-boot"; + flakeupdate = "nh os switch -u -v -H cnix && sudo nix run /home/cnst/.nix-config#cleanup-boot"; + flakeup = "nh os switch -u -H cnix && sudo nix run /home/cnst/.nix-config#cleanup-boot"; }; history = { size = 1000; diff --git a/home/users/toothpick/modules.nix b/home/users/toothpick/modules.nix index 4b3b62fa..bb001e3f 100644 --- a/home/users/toothpick/modules.nix +++ b/home/users/toothpick/modules.nix @@ -22,7 +22,10 @@ zellij.enable = false; }; userd = { - sops.enable = false; + sops = { + enable = false; + toothpick = false; + }; copyq.enable = true; mako.enable = true; udiskie.enable = true; diff --git a/home/users/toothpick/shell.nix b/home/users/toothpick/shell.nix index a628bc6e..e14e473c 100644 --- a/home/users/toothpick/shell.nix +++ b/home/users/toothpick/shell.nix @@ -11,14 +11,14 @@ umod = "nvim /home/toothpick/.nix-config/home/users/toothpick/modules.nix"; systemmodules = "nvim /home/toothpick/.nix-config/hosts/toothpc/modules.nix"; smod = "nvim /home/toothpick/.nix-config/hosts/toothpc/modules.nix"; - nixclean = "sudo nix run .#cleanup-boot"; + nixclean = "sudo nix run /home/toothpick/.nix-config#cleanup-boot"; nixdev = "nix develop ~/.nix-config -c $SHELL"; nixconfig = "cd /home/toothpick/.nix-config/"; ll = "ls -l"; - nixupdate = "nh os switch -v -H toothpc && sudo nix run .#cleanup-boot"; - nixup = "nh os switch -H toothpc && sudo nix run .#cleanup-boot"; - flakeupdate = "nh os switch -u -v -H toothpc && sudo nix run .#cleanup-boot"; - flakeup = "nh os switch -u -H toothpc && sudo nix run .#cleanup-boot"; + nixupdate = "nh os switch -v -H toothpc && sudo nix run /home/toothpick/.nix-config#cleanup-boot"; + nixup = "nh os switch -H toothpc && sudo nix run /home/toothpick/.nix-config#cleanup-boot"; + flakeupdate = "nh os switch -u -v -H toothpc && sudo nix run /home/toothpick/.nix-config#cleanup-boot"; + flakeup = "nh os switch -u -H toothpc && sudo nix run /home/toothpick/.nix-config#cleanup-boot"; }; history = { size = 1000; diff --git a/hosts/adampad/modules.nix b/hosts/adampad/modules.nix index 081d3d38..02712e4f 100644 --- a/hosts/adampad/modules.nix +++ b/hosts/adampad/modules.nix @@ -50,7 +50,10 @@ pipewire.enable = true; powerd.enable = true; samba.enable = false; - sops.enable = false; + sops = { + enable = false; + adampad = false; + }; ssh.enable = true; udisks.enable = true; xserver.amd.enable = true; diff --git a/hosts/cnix/modules.nix b/hosts/cnix/modules.nix index ce0d0aa4..de580a7d 100644 --- a/hosts/cnix/modules.nix +++ b/hosts/cnix/modules.nix @@ -50,7 +50,10 @@ pipewire.enable = true; powerd.enable = true; samba.enable = false; - sops.enable = true; + sops = { + enable = true; + cnix = true; + }; ssh.enable = true; udisks.enable = true; xserver.amd.hhkbse.enable = true; diff --git a/hosts/toothpc/modules.nix b/hosts/toothpc/modules.nix index eb1e147e..ec166a7a 100644 --- a/hosts/toothpc/modules.nix +++ b/hosts/toothpc/modules.nix @@ -50,7 +50,10 @@ pipewire.enable = true; powerd.enable = true; samba.enable = false; - sops.enable = false; + sops = { + enable = false; + toothpc = false; + }; ssh.enable = true; udisks.enable = true; xserver.nvidia.enable = true; diff --git a/system/modules/sysd/sops/default.nix b/system/modules/sysd/sops/default.nix index f032d897..a565ae1f 100644 --- a/system/modules/sysd/sops/default.nix +++ b/system/modules/sysd/sops/default.nix @@ -5,54 +5,30 @@ self, ... }: let - defaultConfig = { - defaultSopsFile = "${self}/secrets/cnix-secrets.yaml"; - secrets = { - openai_api_key = { - format = "yaml"; - sopsFile = "${self}/secrets/cnix-secrets.yaml"; + inherit (lib) mkIf mkEnableOption mkOption; + cfg = config.modules.sysd.sops; +in { + options = { + modules.sysd.sops = { + enable = mkEnableOption "Enables sops system environment"; + cnix = mkOption { + type = lib.types.bool; + default = false; + description = "Apply cnix sops settings"; }; - ssh_host = { - format = "yaml"; - sopsFile = "${self}/secrets/cnix-secrets.yaml"; + toothpc = mkOption { + type = lib.types.bool; + default = false; + description = "Apply toothpc sops settings"; + }; + adampad = mkOption { + type = lib.types.bool; + default = false; + description = "Apply adampad sops settings"; }; }; }; - hostSpecificConfig = lib.mkMerge [ - (lib.mkIf (config.networking.hostName == "toothpc") { - defaultSopsFile = "${self}/secrets/toothpc-secrets.yaml"; - secrets = { - openai_api_key = { - format = "yaml"; - sopsFile = "${self}/secrets/toothpc-secrets.yaml"; - }; - ssh_host = { - format = "yaml"; - sopsFile = "${self}/secrets/toothpc-secrets.yaml"; - }; - }; - }) - (lib.mkIf (config.networking.hostName == "adampad") { - defaultSopsFile = "${self}/secrets/adampad-secrets.yaml"; - secrets = { - openai_api_key = { - format = "yaml"; - sopsFile = "${self}/secrets/adampad-secrets.yaml"; - }; - ssh_host = { - format = "yaml"; - sopsFile = "${self}/secrets/adampad-secrets.yaml"; - }; - }; - }) - ]; - inherit (lib) mkIf mkEnableOption; - cfg = config.modules.sysd.sops; -in { - options = { - modules.sysd.sops.enable = mkEnableOption "Enables sops"; - }; config = mkIf cfg.enable { sops = lib.mkMerge [ { @@ -62,9 +38,44 @@ in { sshKeyPaths = []; }; } - defaultConfig - hostSpecificConfig + (mkIf cfg.cnix { + secrets = { + openai_api_key = { + format = "yaml"; + sopsFile = "${self}/secrets/cnix-secrets.yaml"; + }; + ssh_host = { + format = "yaml"; + sopsFile = "${self}/secrets/cnix-secrets.yaml"; + }; + }; + }) + (mkIf cfg.toothpc { + secrets = { + openai_api_key = { + format = "yaml"; + sopsFile = "${self}/secrets/toothpc-secrets.yaml"; + }; + ssh_host = { + format = "yaml"; + sopsFile = "${self}/secrets/toothpc-secrets.yaml"; + }; + }; + }) + (mkIf cfg.adampad { + secrets = { + openai_api_key = { + format = "yaml"; + sopsFile = "${self}/secrets/adampad-secrets.yaml"; + }; + ssh_host = { + format = "yaml"; + sopsFile = "${self}/secrets/adampad-secrets.yaml"; + }; + }; + }) ]; + environment.systemPackages = [ pkgs.sops pkgs.age