refactor(modules): clean up folder structure

2025-07-07 19:24:36 +08:00 · 2025-07-07 19:24:36 +08:00 · 03fca8b28b
commit 03fca8b28b
parent d8aa7f62b4
12 changed files with 32 additions and 38 deletions
--- a/nix/modules/system/secrets.nix
+++ b/nix/modules/system/secrets.nix
@ -0,0 +1,50 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
+let
+  cfg = config.flake;
+  inherit (builtins) readFile;
+  inherit (lib.meta) getExe;
+  inherit (lib.strings) trim;
+  inherit (cfg.admin) username pubkey;
+in
+{
+  flake.modules.nixos.default =
+    { config, ... }:
+    {
+      imports = [ inputs.sops-nix.nixosModules.sops ];
+      config.sops.age.sshKeyPaths = [
+        "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519"
+      ];
+    };
+  flake.modules.homeManager.default.persistDirs = [ ".config/sops/age" ];
+  perSystem =
+    { pkgs, ... }:
+    {
+      files.files = [
+        {
+          path_ = ".sops.yaml";
+          drv =
+            pkgs.writeText ".sops.yaml" # yaml
+              ''
+                keys:
+                  - &${username} ${trim (
+                    readFile "${
+                      pkgs.runCommand "" { } ''
+                        mkdir $out; echo ${pubkey} | ${getExe pkgs.ssh-to-age} > $out/agepubkey
+                      ''
+                    }/agepubkey"
+                  )}
+                creation_rules:
+                  - path_regex: \.(yaml)$
+                    key_groups:
+                    - age:
+                      - *${username}
+              '';
+        }
+      ];
+    };
+}