diff options
Diffstat (limited to 'modules/private/system.nix')
-rw-r--r-- | modules/private/system.nix | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/modules/private/system.nix b/modules/private/system.nix index c7e277c..8be7368 100644 --- a/modules/private/system.nix +++ b/modules/private/system.nix | |||
@@ -1,6 +1,14 @@ | |||
1 | { pkgs, lib, config, name, nodes, ... }: | 1 | { pkgs, lib, config, name, nodes, ... }: |
2 | { | 2 | { |
3 | config = { | 3 | config = { |
4 | deployment.secrets."secret_vars.yml" = { | ||
5 | source = builtins.toString ../../nixops/secrets/vars.yml; | ||
6 | destination = config.secrets.secretsVars; | ||
7 | owner.user = "root"; | ||
8 | owner.group = "root"; | ||
9 | permissions = "0400"; | ||
10 | }; | ||
11 | |||
4 | networking.extraHosts = builtins.concatStringsSep "\n" | 12 | networking.extraHosts = builtins.concatStringsSep "\n" |
5 | (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes); | 13 | (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes); |
6 | 14 | ||
@@ -9,6 +17,7 @@ | |||
9 | secrets.gpgKeys = [ | 17 | secrets.gpgKeys = [ |
10 | ../../nixops/public_keys/Immae.pub | 18 | ../../nixops/public_keys/Immae.pub |
11 | ]; | 19 | ]; |
20 | secrets.secretsVars = "/run/keys/vars.yml"; | ||
12 | 21 | ||
13 | services.openssh.enable = true; | 22 | services.openssh.enable = true; |
14 | 23 | ||