Decrypt rndc keys for telperion.
This commit is contained in:
parent
67e83e764c
commit
c9902bebc2
1 changed files with 14 additions and 0 deletions
|
@ -10,6 +10,15 @@
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
# Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.
|
||||||
|
secrets = {
|
||||||
|
"rndc_keys" = {
|
||||||
|
# owner = config.users.users
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
@ -41,6 +50,11 @@
|
||||||
wget
|
wget
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.bind = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
# started in user sessions.
|
# started in user sessions.
|
||||||
programs.mtr.enable = true;
|
programs.mtr.enable = true;
|
||||||
|
|
Reference in a new issue