fix: Fix more installation errors and potential security flaws

2025-05-05 16:28:37 -04:00 · 2025-05-05 16:28:37 -04:00 · dd929d89d3
commit dd929d89d3
parent 86c41180b8
6 changed files with 29 additions and 15 deletions
--- a/system/sops.nix
+++ b/system/sops.nix
@ -1,4 +1,4 @@
-{inputs, ...}; let
+{inputs, ...}: let
  secretspath = builtins.toString inputs.nix-secrets;
 in
 {
@ -9,11 +9,14 @@ in
  sops = {
    defaultSopsFile = "${secretspath}/secrets.yaml";
    age = {
+      # I'd prefer different OpenSSH keys for different hosts so I'm not 100% screwed if one of my devices get compromised.
+      # Therefore, we set a custom path for the sops key.
+      sshKeyPaths = ["/var/lib/sops-nix/ssh_host_ed25519_key"];
      keyFile = "/var/lib/sops-nix/key.txt";
      generateKey = false;
    };
    secrets = {
-      tera_passwd = {
+      tera_password = {
        neededForUsers = true;
      };
    };