{sops-nix, ...}: { universal.modules = [ sops-nix.nixosModules.sops { sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFormat = "yaml"; # sync ~/.ssh/sops out-of-band # ssh-to-age -private-key -i ~/.ssh/sops > ~/.config/sops/age/keys.txt sops.age.keyFile = "/home/emv/.config/sops/age/keys.txt"; } ( {config, ...}: { sops.secrets.wireguard-private-key = { key = "wireguard-private-keys/${config.networking.hostName}"; }; } ) { sops.secrets.remote-build-ssh-privkey = {}; } ]; /* aspartame.modules = [ ]; */ sucrose.modules = [ ( {config, ...}: { sops.secrets."forgejo_runner_${config.networking.hostName}_token" = {}; sops.templates."forgejo_runner.env.secrets.yaml".content = '' TOKEN=${config.sops.placeholder."forgejo_runner_${config.networking.hostName}_token"} ''; } ) ]; glucose.modules = [ { sops.secrets.binary_cache_secret = {}; } ( {config, ...}: { sops.secrets.couchdb_admin_pass = {}; sops.secrets.couchdb_admin_account = {}; sops.templates."couchdb.env.secrets.yaml".content = '' COUCHDB_PASSWORD="${config.sops.placeholder."couchdb_admin_pass"}" COUCHDB_USER="${config.sops.placeholder."couchdb_admin_account"}" ''; } ) ({config, ...}: { sops.secrets.grafana_admin_pass = {}; sops.secrets.grafana_admin_account = {}; sops.secrets.grafana_db_pass = {}; sops.secrets.grafana_secret_key = {}; sops.secrets.grafana_admin_account.owner = "grafana"; sops.secrets.grafana_admin_pass.owner = "grafana"; sops.secrets.grafana_db_pass.owner = "grafana"; sops.secrets.grafana_secret_key.owner = "grafana"; }) ( {config, ...}: { sops.secrets.murmur_login_password = {}; sops.secrets.murmur_welcome_message = {}; sops.templates."murmur.env.secrets.yaml".content = '' MURMUR_LOGIN_PASSWORD="${config.sops.placeholder."murmur_login_password"}" MURMUR_WELCOME_MESSAGE="${config.sops.placeholder."murmur_welcome_message"}" ''; } ) ]; fructose.modules = [ ( {config, ...}: { sops.secrets.pihole_webpassword = {}; sops.templates."pihole.env.secrets.yaml".content = '' WEBPASSWORD="${config.sops.placeholder."pihole_webpassword"}" ''; } ) ( {config, ...}: { sops.secrets.postgresdb_admin_password = {}; sops.secrets.forgejo_db_pass = {}; sops.templates."postgresdb.env.secrets.yaml".content = '' POSTGRES_PASSWORD=${config.sops.placeholder."postgresdb_admin_password"} ''; } ) ( {config, ...}: { sops.secrets.gts_db_pass = {}; sops.secrets.gts_db_pass.owner = "gotosocial"; sops.templates."gts.env.secrets.yaml".content = '' GTS_DB_PASSWORD=${config.sops.placeholder."gts_db_pass"} ''; } ) ]; personal.modules = [ ( {config, ...}: { sops.secrets.home1_ssid = {}; sops.secrets.home1_psk = {}; sops.secrets.home2_ssid = {}; sops.secrets.home2_psk = {}; sops.secrets.phone_ssid = {}; sops.secrets.phone_psk = {}; sops.templates."networkmanager.env.secrets.yaml".content = '' HOME1_SSID="${config.sops.placeholder."home1_ssid"}" HOME2_SSID="${config.sops.placeholder."home2_ssid"}" PHONE_HOTSPOT_SSID="${config.sops.placeholder."phone_ssid"}" HOME1_PSK="${config.sops.placeholder."home1_psk"}" HOME2_PSK="${config.sops.placeholder."home2_psk"}" PHONE_HOTSPOT_PSK="${config.sops.placeholder."phone_psk"}" ''; } ) ]; universal.home_modules = [ ( {pkgs, ...}: { home.packages = with pkgs; [ sops age ]; } ) ]; }