Initial keys, and basic token file for sops cluster testing

2025-12-30 19:14:19 +00:00 · 2025-12-13 01:55:25 -08:00
parent c360755253
commit 353135a2d9
6 changed files with 87 additions and 6 deletions
--- a/modules/application-groups/k3s-primary.nix
+++ b/modules/application-groups/k3s-primary.nix
@@ -1,9 +1,11 @@
 { config, pkgs, ... }:
 {
+  sops.secrets.k3s_token.sopsFile = secrets/cluster.yaml;
+
  services.k3s = {
    enable = true;
    role = "server";
-    token = "forinitialtestingonly";
+    tokenFile = config.sops.secrets.k3s_token.path;
    clusterInit = true;
  };
 }
--- a/modules/system/home-manager-settings.nix
+++ b/modules/system/home-manager-settings.nix
@@ -1,5 +1,8 @@
-{ config, pkgs, ... }:
+{ inputs, ... }:
 {
-    home-manager.useGlobalPkgs = true;
-    home-manager.backupFileExtension = "bkp";
-}
+  home-manager.useGlobalPkgs = true;
+  home-manager.backupFileExtension = "bkp";
+  home-manager.sharedModules = [
+    inputs.sops-nix.homeManagerModules.sops
+  ];
+}
--- a/modules/system/security.nix
+++ b/modules/system/security.nix
@@ -1,5 +1,12 @@
 { pkgs, config, ... }:
 {
+  environment.systemPackages = with pkgs; [
+    sops
+    age
+  ];
+
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
  security.sudo = {
    enable = true;
    extraRules = [