+ deployment.secrets."secret_vars.yml" = {
+ source = builtins.toString ../../nixops/secrets/vars.yml;
+ destination = config.secrets.secretsVars;
+ owner.user = "root";
+ owner.group = "root";
+ permissions = "0400";
+ };
+
+ networking.extraHosts = builtins.concatStringsSep "\n"
+ (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes);
+
+ users.extraUsers.root.openssh.authorizedKeys.keys = [ config.myEnv.sshd.rootKeys.nix_repository ];
+ secrets.deleteSecretsVars = true;
+ secrets.gpgKeys = [
+ ../../nixops/public_keys/Immae.pub
+ ];
+ secrets.secretsVars = "/run/keys/vars.yml";
+
+ services.openssh.enable = true;
+