manuth/NixOSConfig
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Refactor default sops override config

Browse source
This commit is contained in:
Manuel Thalmann 2024-05-02 13:16:42 +02:00
parent 9e3fad7501
commit b8c3cbc2b1
2 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
lib/modules/custom-build-vm.nix
View file

@ -78,17 +78,10 @@ in {
virtualisation = virtualisation =
let let
extendVMConfig = extendVMConfig =
vmVariant: overrideSops: { vmVariant: {
# Prevent GRUB2 errors in `nixos-rebuild build-vm-with-bootloader` # Prevent GRUB2 errors in `nixos-rebuild build-vm-with-bootloader`
boot.loader.efi.efiSysMountPoint = lib.mkVMOverride "/boot"; boot.loader.efi.efiSysMountPoint = lib.mkVMOverride "/boot";
# Override passwords backed by `sops-nix` as `nixos-rebuild build-vm-with-bootloader`
# does not seem to play along well with `sops-nix`
users.sopsPasswordOverride = lib.mkIf overrideSops {
enable = true;
password = "admin";
};
virtualisation = { virtualisation = {
# Enable root permissions to get access to the `/etc/ssh` directory # Enable root permissions to get access to the `/etc/ssh` directory
runAsRoot = lib.mkIf vmVariant.virtualisation.sharedHostKeys true; runAsRoot = lib.mkIf vmVariant.virtualisation.sharedHostKeys true;

13
lib/modules/custom-sops-nix.nix
View file

@ -32,7 +32,14 @@
virtualisation = virtualisation =
let let
extendVMConfig = extendVMConfig =
vmVariant: { vmVariant: overrideSops: {
# Override passwords backed by `sops-nix` as `nixos-rebuild build-vm-with-bootloader`
# does not seem to play along well with `sops-nix`
users.sopsPasswordOverride = lib.mkIf overrideSops {
enable = lib.mkDefault true;
password = lib.mkDefault "admin";
};
users.users = users.users =
with { inherit (vmVariant.users) sopsPasswordOverride; }; with { inherit (vmVariant.users) sopsPasswordOverride; };
(lib.mkIf (lib.mkIf
@ -67,8 +74,8 @@
vmVariantWithBootLoader vmVariantWithBootLoader
; ;
in { in {
vmVariant = extendVMConfig vmVariant; vmVariant = extendVMConfig vmVariant false;
vmVariantWithBootLoader = extendVMConfig vmVariantWithBootLoader; vmVariantWithBootLoader = extendVMConfig vmVariantWithBootLoader true;
}; };
}; };
} }