add sops-nix

2026-04-03 10:30:18 -04:00 · 2026-04-03 10:30:18 -04:00 · 330087d4ff
commit 330087d4ff
parent fab570dd29
12 changed files with 130 additions and 20 deletions
--- a/system/default.nix
+++ b/system/default.nix
@ -14,6 +14,9 @@
    email = "kovacsmillio@gmail.com";
  };

+  sops.secrets.sckova_password.neededForUsers = true;
+  users.users.sckova.hashedPasswordFile = config.sops.secrets.sckova_password.path;
+
  boot = {
    plymouth.enable = true;
    plymouth.logo = "${pkgs.nixos-icons}/share/icons/hicolor/64x64/apps/nix-snowflake-white.png";
--- a/system/searxng/default.nix
+++ b/system/searxng/default.nix
@ -1,21 +1,19 @@
 {
  lib,
-  pkgs,
  config,
  ...
 }:
 {
+  sops.templates."searxng.env".content = ''
+    SEARXNG_SECRET=${config.sops.placeholder.searxng_secret}
+  '';

  services.searx = {
    enable = true;
    redisCreateLocally = true;
+    environmentFile = config.sops.templates."searxng.env".path;
    settings = {
      server = {
-        secret_key = lib.removeSuffix "\n" (
-          builtins.readFile (
-            pkgs.runCommand "gen-key" { buildInputs = [ pkgs.openssl ]; } "openssl rand -hex 32 > $out"
-          )
-        );
        port = 5364;
        bind_address = "127.0.0.1";
      };