qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

all: make deploy setup optional

Browse Source
This commit is contained in:
Aaron Bieber 2024-05-31 08:29:22 -06:00
parent c4bf11b1c4
commit 2d8c791d19
No known key found for this signature in database
2 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
configs/update.nix
View File

@ -12,6 +12,14 @@ with lib; {
type = lib.types.bool; type = lib.types.bool;
}; };
}; };
needsDeploy = {
enable = mkOption {
description = "Host needs deploy key to receive encrypted secrets";
default = true;
example = true;
type = lib.types.bool;
};
};
}; };
config = mkMerge [ config = mkMerge [
@ -24,15 +32,17 @@ with lib; {
dates = "*-*-* *:05:00"; dates = "*-*-* *:05:00";
}; };
}) })
{
# Always add our host alias or we run into a bootstrap issue # Always add our host alias or we run into a bootstrap issue
programs.ssh.extraConfig = '' (mkIf config.needsDeploy.enable {
Host xin-secrets-ro programs.ssh.extraConfig =
IdentityFile ${config.sops.secrets.xin_secrets_deploy_key.path} ''
User gitea Host xin-secrets-ro
Port 2222 IdentityFile ${config.sops.secrets.xin_secrets_deploy_key.path}
Hostname git.tapenet.org User gitea
''; Port 2222
} Hostname git.tapenet.org
'';
})
]; ];
} }

2
hosts/tv/default.nix
View File

@ -22,6 +22,8 @@ in
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
needsDeploy.enable = false;
boot = { boot = {
loader = { loader = {
systemd-boot.enable = true; systemd-boot.enable = true;