chase/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve secrets management with sops-nix

Browse Source
This commit is contained in:
chase
2025-06-08 14:49:47 -04:00
parent 034b693380
commit 1988d45fbf
5 changed files with 54 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
hosts/anzu/configuration.nix
View File

@@ -18,5 +18,17 @@
];
};
# Mount SMB share
fileSystems."/mnt/share" = {
device = "//haruko/share";
fsType = "cifs";
options = let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
username = "chase";
password = "$(cat ${config.sops.secrets."smb-password".path})";
in ["${automount_opts},username=${username},password=${password},uid=1000,gid=100"];
};
system.stateVersion = "24.11";
}

9
hosts/anzu/hardware-configuration.nix
View File

@@ -40,15 +40,6 @@
{device = "/dev/disk/by-uuid/dd48a14e-2c90-465b-81a3-661d31ebf39f";}
];
# Mount SMB share
fileSystems."/mnt/share" = {
device = "//haruko/share";
fsType = "cifs";
options = let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction