swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: backup work done so far

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-12-02 17:36:59 +01:00
parent 9acfc5f934
commit 5d27d18f85
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
77 changed files with 4005 additions and 2937 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/home/common/anki.nix
View file

@ -1,4 +1,4 @@
{ lib, config, pkgs, globals, inputs, confLib, ... }:
{ lib, config, pkgs, globals, confLib, type, ... }:
let
moduleName = "anki";
inherit (config.swarselsystems) isPublic isNixos;
@ -54,7 +54,7 @@ in
})
];
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
anki-user = { };

4
modules/home/common/emacs.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, pkgs, globals, inputs, ... }:
{ self, lib, config, pkgs, globals, inputs, type, ... }:
let
inherit (config.swarselsystems) homeDir mainUser isPublic isNixos;
inherit (config.repo.secrets.common.emacs) radicaleUser;
@ -103,7 +103,7 @@ in
startWithUserSession = "graphical";
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {

2
modules/home/common/gpg-agent.nix
View file

@ -30,7 +30,7 @@ in
enable = true;
publicKeys = [
{
source = "${self}/secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc";
source = "${self}/secrets/public/gpg/gpg-public-key-0x76FD3810215AE097.asc";
trust = 5;
}
];

4
modules/home/common/mail.nix
View file

@ -1,4 +1,4 @@
{ lib, config, inputs, globals, confLib, ... }:
{ lib, config, globals, confLib, type, ... }:
let
inherit (confLib.getConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4;
inherit (confLib.getConfig.repo.secrets.common) fullName;
@ -200,7 +200,7 @@ in
};
};
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };

6
modules/home/common/settings.nix
View file

@ -43,11 +43,11 @@ in
trusted-users = [
"@wheel"
"${mainUser}"
(lib.mkIf config.swarselmodules.server.ssh-builder "builder")
(lib.mkIf ((config.swarselmodules ? server) ? ssh-builder) "builder")
];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
bash-prompt-prefix = lib.mkIf config.swarselsystems.isClient "$SHLVL:\\w ";
bash-prompt = lib.mkIf config.swarselsystems.isClient "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;

10
modules/home/common/sops.nix
View file

@ -1,13 +1,13 @@
{ config, lib, inputs, ... }:
{ config, lib, type, ... }:
let
inherit (config.swarselsystems) homeDir;
in
{
options.swarselmodules.sops = lib.mkEnableOption "sops settings";
config = lib.optionalAttrs (inputs ? sops) {
sops = {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.dotfiles/secrets/general/secrets.yaml";
config = lib.optionalAttrs (type != "nixos") {
sops = lib.mkIf (!config.swarselsystems.isNixos) {
age.sshKeyPaths = [ "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.ssh/sops" ];
defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.dotfiles/secrets/repo/common.yaml";
validateSopsFiles = false;
};

4
modules/home/common/ssh.nix
View file

@ -1,4 +1,4 @@
{ inputs, lib, config, confLib, ... }:
{ lib, config, confLib, type, ... }:
{
options.swarselmodules.ssh = lib.mkEnableOption "ssh settings";
config = lib.mkIf config.swarselmodules.ssh ({
@ -24,7 +24,7 @@
};
} // confLib.getConfig.repo.secrets.common.ssh.hosts;
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
builder-key = { path = "${config.home.homeDirectory}/.ssh/builder"; mode = "0600"; };
};

4
modules/home/common/waybar.nix
View file

@ -1,4 +1,4 @@
{ self, config, lib, inputs, pkgs, ... }:
{ self, config, lib, pkgs, type, ... }:
let
inherit (config.swarselsystems) xdgDir;
generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
@ -320,7 +320,7 @@ in
};
style = builtins.readFile (self + /files/waybar/style.css);
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};

4
modules/home/common/yubikey.nix
View file

@ -1,4 +1,4 @@
{ lib, config, inputs, confLib, ... }:
{ lib, config, confLib, type, ... }:
let
inherit (config.swarselsystems) homeDir;
in
@ -13,7 +13,7 @@ in
confLib.getConfig.secrets.common.yubikeys.dev2
];
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};

6
modules/home/common/zsh.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, minimal, inputs, globals, confLib, ... }:
{ config, pkgs, lib, minimal, globals, confLib, type, ... }:
let
inherit (config.swarselsystems) flakePath isNixos;
crocDomain = globals.services.croc.domain;
@ -133,9 +133,9 @@ in
# QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox";
};
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
croc-password = { };
github-nixpkgs-review-token = { };
};

6
modules/home/optional/work.nix
View file

@ -1,10 +1,10 @@
{ self, inputs, config, pkgs, lib, vars, confLib, ... }:
{ self, config, pkgs, lib, vars, confLib, type, ... }:
let
inherit (config.swarselsystems) homeDir mainUser;
inherit (confLib.getConfig.repo.secrets.local.mail) allMailAddresses;
inherit (confLib.getConfig.repo.secrets.local.work) mailAddress;
certsSopsFile = self + /secrets/certs/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml;
in
{
options.swarselmodules.optional-work = lib.swarselsystems.mkTrueOption;
@ -652,7 +652,7 @@ in
};
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
harica-root-ca = {
sopsFile = certsSopsFile;

4
modules/nixos/client/network.nix
View file

@ -1,7 +1,7 @@
{ self, lib, pkgs, config, globals, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml;
clientSopsFile = "${config.node.secretsDir}/secrets.yaml";
inherit (config.repo.secrets.common.network) wlan1 mobile1 vpn1-location vpn1-cipher vpn1-address eduroam-anon;

4
modules/nixos/client/sops.nix
View file

@ -5,8 +5,8 @@
sops = {
# age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
age.sshKeyPaths = [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "${if config.swarselsystems.isImpermanence then "/persist" else ""}/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
age.sshKeyPaths = [ "${if config.swarselsystems.isImpermanence then "/persist" else ""}/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/repo/common.yaml";
validateSopsFiles = false;

2
modules/nixos/common/home-manager-secrets.nix
View file

@ -4,7 +4,7 @@ let
inherit (config.repo.secrets.common.emacs) radicaleUser;
modules = config.home-manager.users.${mainUser}.swarselmodules;
certsSopsFile = self + /secrets/certs/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml;
in
{
config = lib.mkIf config.swarselsystems.withHomeManager {

6
modules/nixos/common/home-manager.nix
View file

@ -1,4 +1,4 @@
{ self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, ... }:
{ self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, arch, type, ... }:
{
options.swarselmodules.home-manager = lib.mkEnableOption "home-manager";
config = lib.mkIf config.swarselmodules.home-manager {
@ -10,7 +10,7 @@
overwriteBackup = true;
users.${config.swarselsystems.mainUser}.imports = [
inputs.nix-index-database.homeModules.nix-index
inputs.sops-nix.homeManagerModules.sops
# inputs.sops.homeManagerModules.sops # this is not needed!! we add these secrets in nixos scope
inputs.spicetify-nix.homeManagerModules.default
inputs.swarsel-nix.homeModules.default
{
@ -31,7 +31,7 @@
];
extraSpecialArgs = {
inherit (inputs) self nixgl;
inherit inputs outputs globals nodes minimal configName;
inherit inputs outputs globals nodes minimal configName arch type;
lib = homeLib;
};
};

6
modules/nixos/server/bastion.nix
View file

@ -14,9 +14,9 @@
group = lib.mkForce "jump";
createHome = lib.mkForce true;
openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
(self + /secrets/keys/ssh/builder.pub)
(self + /secrets/public/ssh/yubikey.pub)
(self + /secrets/public/ssh/magicant.pub)
(self + /secrets/public/ssh/builder.pub)
];
};
};

4
modules/nixos/server/disk-encrypt.nix
View file

@ -49,8 +49,8 @@ in
enable = true;
port = 2222; # avoid hostkey changed nag
authorizedKeys = [
''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/keys/ssh/yubikey.pub"}''
''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/keys/ssh/magicant.pub"}''
''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/public/ssh/yubikey.pub"}''
''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/public/ssh/magicant.pub"}''
];
hostKeys = [ hostKeyPathBase ];
};

14
modules/nixos/server/dns-hostrecord.nix Normal file
View file

@ -0,0 +1,14 @@
{ lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "dns-hostrecord"; proxy = config.node.name; }) serviceName proxyAddress4 proxyAddress6;
in
{
options. swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
config = lib.mkIf config.swarselmodules.server.${serviceName} {
nodes.stoicclub.swarselsystems.server.dns.${globals.domains.main}.subdomainRecords = {
"server.${config.node.name}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
};
};
}

2
modules/nixos/server/kanidm.nix
View file

@ -1,6 +1,6 @@
{ self, lib, pkgs, config, globals, dns, confLib, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml;
inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "kanidm"; port = 8300; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;

6
modules/nixos/server/monitoring.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, globals, dns, confLib, ... }:
{ lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "grafana"; port = 3000; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
@ -11,6 +11,8 @@ let
kanidmDomain = globals.services.kanidm.domain;
inherit (config.swarselsystems) sopsFile;
sopsFile2 = "${config.node.secretsDir}/secrets2.yaml";
in
{
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -25,7 +27,7 @@ in
grafana-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
prometheus-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
kanidm-grafana-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
prometheus-admin-hash = { sopsFile = self + /secrets/winters/secrets2.yaml; owner = prometheusUser; group = prometheusGroup; mode = "0440"; };
prometheus-admin-hash = { sopsFile = sopsFile2; owner = prometheusUser; group = prometheusGroup; mode = "0440"; };
};
templates = {

8
modules/nixos/server/network.nix
View file

@ -1,7 +1,8 @@
{ lib, config, ... }:
let
netConfig = config.repo.secrets.local.networking;
netName = "${if config.swarselsystems.isCloud then config.node.name else "home"}-${config.swarselsystems.server.localNetwork}";
netPrefix = "${if config.swarselsystems.isCloud then config.node.name else "home"}";
netName = "${netPrefix}-${config.swarselsystems.server.localNetwork}";
in
{
options = {
@ -16,6 +17,11 @@ in
default = netName;
readOnly = true;
};
netConfigPrefix = lib.mkOption {
type = lib.types.str;
default = netPrefix;
readOnly = true;
};
};
};
config = lib.mkIf config.swarselmodules.server.network {

2
modules/nixos/server/nsd/site1.nix
View file

@ -3,7 +3,7 @@ with dns.lib.combinators; {
SOA = {
nameServer = "soa";
adminEmail = "admin@${globals.domains.main}"; # this option is not parsed as domain (we cannot just write "admin")
serial = 2025120201; # update this on changes for secondary dns
serial = 2025120203; # update this on changes for secondary dns
};
useOrigin = false;

4
modules/nixos/server/radicale.nix
View file

@ -1,7 +1,7 @@
{ self, lib, config, globals, dns, confLib, ... }:
{ lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "radicale"; port = 8000; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
sopsFile = self + /secrets/winters/secrets2.yaml;
sopsFile = "${config.node.secretsDir}/secrets2.yaml";
cfg = config.services.${serviceName};
in

4
modules/nixos/server/snipe-it.nix
View file

@ -1,7 +1,7 @@
{ self, lib, config, globals, dns, confLib, ... }:
{ lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "snipeit"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
sopsFile = self + /secrets/winters/secrets2.yaml;
sopsFile = "${config.node.secretsDir}/secrets2.yaml";
serviceDB = "snipeit";

2
modules/nixos/server/ssh-builder.nix
View file

@ -26,7 +26,7 @@ in
isSystemUser = true;
group = "builder";
openssh.authorizedKeys.keys = [
''${ssh-restrict} ${builtins.readFile "${self}/secrets/keys/ssh/builder.pub"}''
''${ssh-restrict} ${builtins.readFile "${self}/secrets/public/ssh/builder.pub"}''
];
};
};

12
modules/nixos/server/ssh.nix
View file

@ -22,14 +22,14 @@
];
};
users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
# (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/keys/ssh/jump.pub))
(self + /secrets/public/ssh/yubikey.pub)
(self + /secrets/public/ssh/magicant.pub)
# (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/public/ssh/jump.pub))
];
users.users.root.openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
# (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/keys/ssh/jump.pub))
(self + /secrets/public/ssh/yubikey.pub)
(self + /secrets/public/ssh/magicant.pub)
# (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/public/ssh/jump.pub))
];
security.sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK

126
modules/nixos/server/wireguard.nix Normal file
View file

@ -0,0 +1,126 @@
{ self, lib, config, confLib, globals, ... }:
let
wgInterface = "wg0";
inherit (confLib.gen { name = "wireguard"; port = 52829; user = "systemd-network"; group = "systemd-network"; }) servicePort serviceName serviceUser serviceGroup;
inherit (config.swarselsystems) sopsFile;
inherit (config.swarselsystems.server.wireguard) peers isClient isServer;
in
{
options = {
swarselmodules.${serviceName} = lib.mkEnableOption "enable ${serviceName} settings";
swarselsystems.server.wireguard = {
isServer = lib.mkEnableOption "set this as a wireguard server";
peers = lib.mkOption {
type = lib.types.listOf (lib.types.submodule {
freeformType = lib.types.attrs;
options = { };
});
default = [ ];
description = "Wireguard peer submodules as expected by systemd.network.netdevs.<name>.wireguardPeers";
};
};
};
config = lib.mkIf config.swarselmodules.${serviceName} {
sops = {
secrets = {
wireguard-private-key = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0600"; };
wireguard-home-preshared-key = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0600"; };
};
};
networking = {
firewall.allowedUDPPorts = [ servicePort ];
nat = {
enable = true;
enableIPv6 = true;
externalInterface = "ens6";
internalInterfaces = [ wgInterface ];
};
};
systemd.network = {
enable = true;
networks."50-${wgInterface}" = {
matchConfig.Name = wgInterface;
networkConfig = {
IPv4Forwarding = true;
IPv6Forwarding = true;
};
address = [
"${globals.networks."${config.swarselsystems.server.netConfigPrefix}-wg".hosts.${config.node.name}.cidrv4}"
"${globals.networks."${config.swarselsystems.server.netConfigPrefix}-wg".hosts.${config.node.name}.cidrv6}"
];
};
netdevs."50-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = wgInterface;
};
wireguardConfig = {
ListenPort = lib.mkIf isServer servicePort;
# ensure file is readable by `systemd-network` user
PrivateKeyFile = config.age.secrets.wg-key-vps.path;
# To automatically create routes for everything in AllowedIPs,
# add RouteTable=main
# RouteTable = "main";
# FirewallMark marks all packets send and received by wg0
# with the number 42, which can be used to define policy rules on these packets.
# FirewallMark = 42;
};
wireguardPeers = peers ++ lib.optionals isClient [
{
PublicKey = builtins.readFile "${self}/secrets/public/wg/${config.node.name}.pub";
PresharedKeyFile = config.sops.secrets."${config.node.name}-presharedKey".path;
Endpoint = "${globals.hosts.${config.node.name}.wanAddress4}:${toString servicePort}";
# Access to the whole network is routed through our entry node.
# AllowedIPs =
# (optional (networkCfg.cidrv4 != null) networkCfg.cidrv4)
# ++ (optional (networkCfg.cidrv6 != null) networkCfg.cidrv6);
}
];
};
};
# networking = {
# wireguard = {
# enable = true;
# interfaces = {
# wg1 = {
# privateKeyFile = config.sops.secrets.wireguard-private-key.path;
# ips = [ "192.168.178.201/24" ];
# peers = [
# {
# publicKey = "PmeFInoEJcKx+7Kva4dNnjOEnJ8lbudSf1cbdo/tzgw=";
# presharedKeyFile = config.sops.secrets.wireguard-home-preshared-key.path;
# name = "moonside";
# persistentKeepalive = 25;
# # endpoint = "${config.repo.secrets.common.ipv4}:51820";
# endpoint = "${config.repo.secrets.common.wireguardEndpoint}";
# # allowedIPs = [
# # "192.168.3.0/24"
# # "192.168.1.0/24"
# # ];
# allowedIPs = [
# "192.168.178.0/24"
# ];
# }
# ];
# };
# };
# };
# };
};
}

2
modules/shared/config-lib.nix
View file

@ -22,7 +22,7 @@
serviceDir = dir;
serviceAddress = address;
serviceProxy = proxy;
proxyAddress4 = globals.hosts.${proxy}.wanAddress4;
proxyAddress4 = globals.hosts.${proxy}.wanAddress4 or null;
proxyAddress6 = globals.hosts.${proxy}.wanAddress6 or null;
};
};

7
modules/nixos/common/meta.nix → modules/shared/meta.nix
View file

@ -8,7 +8,12 @@
default = ./.;
};
name = lib.mkOption {
description = "Node Name.";
type = lib.types.str;
};
arch = lib.mkOption {
type = lib.types.str;
};
type = lib.mkOption {
type = lib.types.str;
};
lockFromBootstrapping = lib.mkOption {

2
modules/shared/options.nix
View file

@ -54,7 +54,7 @@
isBtrfs = lib.mkEnableOption "use btrfs filesystem";
sopsFile = lib.mkOption {
type = lib.types.str;
default = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml";
default = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.node.secretsDir}/secrets.yaml";
};
homeDir = lib.mkOption {
type = lib.types.str;