swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 17:17:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: re-enable secrets on standalone home-manager

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-07-05 14:23:12 +02:00
parent dfea676a01
commit 8f898bcb9b
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
24 changed files with 352 additions and 284 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/nixos/common/home-manager.nix
View file

@ -1,7 +1,4 @@
{ self, inputs, config, lib, outputs, globals, nodes, minimal, ... }:
let
inherit (config.swarselsystems) mainUser;
in
{ self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }:
{
options.swarselsystems.modules.home-manager = lib.mkEnableOption "home-manager";
config = lib.mkIf config.swarselsystems.modules.home-manager {
@ -9,14 +6,19 @@ in
useGlobalPkgs = true;
useUserPackages = true;
verbose = true;
users."${mainUser}".imports = [
"${self}/profiles/home"
"${self}/modules/home"
];
sharedModules = [
inputs.nix-index-database.hmModules.nix-index
inputs.sops-nix.homeManagerModules.sops
{
imports = [
"${self}/profiles/home"
"${self}/modules/home"
"${self}/modules/nixos/common/pii.nix"
"${self}/modules/nixos/common/meta.nix"
];
node = {
secretsDir = if config.swarselsystems.isNixos then ../../../hosts/nixos/${configName}/secrets else ../../../hosts/home/${configName}/secrets;
};
home.stateVersion = lib.mkDefault config.system.stateVersion;
}
];

4
modules/nixos/common/users.nix
View file

@ -5,7 +5,7 @@ in
{
options.swarselsystems.modules.users = lib.mkEnableOption "user config";
config = lib.mkIf config.swarselsystems.modules.users {
sops.secrets.swarseluser = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; };
sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; };
users = {
mutableUsers = lib.mkIf (!minimal) false;
@ -13,7 +13,7 @@ in
isNormalUser = true;
description = "Leon S";
password = lib.mkIf minimal "setup";
hashedPasswordFile = lib.mkIf (!minimal) config.sops.secrets.swarseluser.path;
hashedPasswordFile = lib.mkIf (!minimal) config.sops.secrets.main-user-hashed-pw.path;
extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
packages = with pkgs; [ ];
};