diff --git a/machines/android b/machines/android index f7f727a..a642257 160000 --- a/machines/android +++ b/machines/android @@ -1 +1 @@ -Subproject commit f7f727a3613b2105c08da0239f95e0cc5fa9069e +Subproject commit a642257fb33d9b0fdaef04c48cfde5debd076cc9 diff --git a/machines/homebox b/machines/homebox index 07b9b65..b9d7807 160000 --- a/machines/homebox +++ b/machines/homebox @@ -1 +1 @@ -Subproject commit 07b9b65382f6645a3edd4cd4f5cb2fdf15707658 +Subproject commit b9d78079d253a68c494a3c3d3ca5f2faf9c8d863 diff --git a/machines/laptop b/machines/laptop index 2c71c6b..daa1c40 160000 --- a/machines/laptop +++ b/machines/laptop @@ -1 +1 @@ -Subproject commit 2c71c6b3b8c3dc1ecef47b6156e46434c128014d +Subproject commit daa1c40a98d861dec2dc6816b22527429d04493d diff --git a/system/default.nix b/system/default.nix index b7911d6..901f5da 100644 --- a/system/default.nix +++ b/system/default.nix @@ -1,4 +1,4 @@ -{ config, lib, nixpkgs, ... }: { +{ config, lib, pkgs, nixpkgs, ... }: { imports = [ ./services @@ -65,13 +65,25 @@ createHome = false; }; + sops.secrets = let + machines = builtins.readDir ../machines; + in lib.mkIf config.sops.remoteBuildHost (builtins.listToAttrs + (builtins.map + (x: { name = "remoteBuildClientKeys/${x}"; value = { sopsFile = ./secrets.yaml; }; }) + (builtins.filter + (x: machines.${x} == "directory" && (import ../machines/${x} { config = {}; inputs = {}; inherit lib pkgs; }).config.sysconfig.remoteBuildClient) + machines + ) + ) + ); + sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost { content = builtins.concatStringsSep ''''\n'' (builtins.map (y: config.sops.placeholder.${y}) - (builtins.partition + (builtins.filter (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) (builtins.attrNames config.sops.secrets) - ).right + ) ); path = "/etc/ssh/authorized_keys.d/remote-builder"; owner = "remote-builder";