modules/nixos/server/secrets.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

{
  config,
  lib,
  secretsDir,
  ...
}: let
  cfg = config.server.secrets;
in {
  options.server.secrets.enable = lib.mkEnableOption "secrets management";

  config = lib.mkIf cfg.enable {
    age = {
      identityPaths = ["/etc/age/key"];

      secrets = {
        rootPassword.file = secretsDir + "/rootPassword.age";
        userPassword.file = secretsDir + "/userPassword.age";
      };
    };
  };
}