33 lines
861 B
Nix
33 lines
861 B
Nix
{
|
|
config,
|
|
lib,
|
|
inputs,
|
|
...
|
|
}: let
|
|
default_keys = map (e: e.path) (
|
|
lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys
|
|
);
|
|
in {
|
|
options = {
|
|
crony.secrets.enable = lib.mkEnableOption "Enable desktop secrets.";
|
|
};
|
|
config = lib.mkIf config.crony.secrets.enable {
|
|
age = {
|
|
secrets = {
|
|
wg-desktop = {
|
|
file = "${inputs.secrets}/secrets/wg-desktop.age";
|
|
};
|
|
wg-ymir-home = {
|
|
file = "${inputs.secrets}/secrets/wg-ymir-home.age";
|
|
};
|
|
crony-passwd = {
|
|
file = "${inputs.secrets}/secrets/crony-passwd-desktop.age";
|
|
};
|
|
root-passwd = {
|
|
file = "${inputs.secrets}/secrets/root-passwd.age";
|
|
};
|
|
};
|
|
identityPaths = ["/home/crony/.ssh/main" "/root/.ssh/id_ed25519"] ++ default_keys;
|
|
};
|
|
};
|
|
}
|