move sops to modules

2025-07-06 17:56:35 +05:30 · 2024-08-08 14:09:44 +05:30
parent fd92021844
commit 42a23950d6
6 changed files with 123 additions and 20 deletions
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@ -2,8 +2,18 @@
  pkgs,
  username,
  outputs,
+  config,
  ...
 }: {
+  imports = [
+    ../../modules/nixos/sops.nix
+  ];
+
+  sops.secrets.tux-password = {
+    sopsFile = ./secrets.yaml;
+    neededForUsers = true;
+  };
+
  nixpkgs = {
    overlays = [
      outputs.overlays.additions
@ -62,9 +72,10 @@
  };

  users = {
+    mutableUsers = false;
    defaultUserShell = pkgs.zsh;
    users.${username} = {
-      initialPassword = "${username}";
+      hashedPasswordFile = config.sops.secrets.tux-password.path;
      isNormalUser = true;
      extraGroups = ["networkmanager" "wheel" "storage"];
      openssh.authorizedKeys.keys = [