Created
February 12, 2024 16:50
-
-
Save shift/224a5534e2a7d5026e466a4435765ceb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Flake sops-nix | |
https://github.com/Mic92/sops-nix#usage-example explains how to setup the keys in the `.sops.yaml` file. | |
If using JSON add the following step below, if YAML, you can already nest things and goto adding the module. | |
Add | |
``` | |
sops-nix.url = "github:juspay/sops-nix/json-nested"; # https://github.com/Mic92/sops-nix/pull/328 | |
``` | |
To your inputs. | |
Add | |
``` | |
inputs.sops-nix.nixosModules.sops | |
``` | |
To your modules (imports if using flake-parts). | |
Within your flake defitions you can define secrets to be used eg. | |
``` | |
sops.defaultSopsFile = ./secrets.json; | |
sops.defaultSopsFormat = "json"; | |
sops.secrets."users/shift" = { neededForUsers = true; }; | |
``` | |
The above is a special case as the password is required to provision the user, | |
hence it needs different permissions and so the neededForUsers is defined as true. | |
Password is consumed via the following: | |
``` | |
users.users.shift = { | |
isNormalUser = true; | |
extraGroups = [ "wheel" "input" "render" "video" "dialout" "podman" ]; | |
hashedPasswordFile = config.sops.secrets."users/shift".path; | |
shell = "${pkgs.zsh}/bin/zsh"; | |
}; | |
``` | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment