X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fprivate%2Fsystem.nix;h=949f07d0567d4ded81b4163ad688e64ade0609fb;hb=2be8c2e685bc4a41d626b228a466ec473b339aa1;hp=c7e277c4bb7313efdd72e57bc2b57a2c234ed8b2;hpb=282c67a117b7d349b30a96972b050d630f906dec;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/system.nix b/modules/private/system.nix
index c7e277c..949f07d 100644
--- a/modules/private/system.nix
+++ b/modules/private/system.nix
@@ -1,28 +1,26 @@
 { pkgs, lib, config, name, nodes, ... }:
 {
   config = {
+    deployment.secrets."secret_vars.yml" = {
+      source = builtins.toString ../../nixops/secrets/vars.yml;
+      destination = config.secrets.secretsVars;
+      owner.user = "root";
+      owner.group = "root";
+      permissions = "0400";
+    };
+
     networking.extraHosts = builtins.concatStringsSep "\n"
-      (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes);
+      (lib.mapAttrsToList (n: v: "${lib.head v.config.hostEnv.ips.main.ip4} ${n}") nodes);
 
     users.extraUsers.root.openssh.authorizedKeys.keys = [ config.myEnv.sshd.rootKeys.nix_repository ];
     secrets.deleteSecretsVars = true;
     secrets.gpgKeys = [
       ../../nixops/public_keys/Immae.pub
     ];
+    secrets.secretsVars = "/run/keys/vars.yml";
 
     services.openssh.enable = true;
 
-    services.duplyBackup.profiles.system = {
-      rootDir = "/var/lib";
-      excludeFile = lib.mkAfter ''
-        + /var/lib/nixos
-        + /var/lib/udev
-        + /var/lib/udisks2
-        + /var/lib/systemd
-        + /var/lib/private/systemd
-        - /var/lib
-        '';
-    };
     nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
       (self: super: {
         postgresql = self.postgresql_pam;