[sops] add a dummy key to allow secret usage within test vms

2025-01-19 22:46:31 +01:00
parent 36ec5f5837
commit fda348f5da
5 changed files with 99 additions and 10 deletions
--- a/outputs.nix
+++ b/outputs.nix
@@ -110,8 +110,19 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
      in
      result // {
        # boot any machine in a microvm
-        "${host}-vm-withssh" = (self.nixosConfigurations.${host}.extendModules {
+        "${host}-vm-withsops" = (self.nixosConfigurations.${host}.extendModules {
          modules = [{
+            sops.defaultSopsFile = pkgs.lib.mkForce ./machines/${host}/dummy.yaml;
+
+            environment.etc = {
+                devHostKey.source = ./machines/secrets/devkey_ed25519;
+            };
+
+            services.openssh.hostKeys = [{
+              path = "/etc/devHostKey";
+              type = "ed25519";
+            }];
+
            microvm = {
              mem = pkgs.lib.mkForce 4096;
              hypervisor = pkgs.lib.mkForce "qemu";
@@ -122,20 +133,11 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
                  source = "/nix/store";
                  mountPoint = "/nix/.ro-store";
                }
-                {
-                  source = "/etc/ssh";
-                  mountPoint = "/etc/ssh";
-                  tag = "etcssh";
-                }
              ];
            };
            boot.isContainer = pkgs.lib.mkForce false;
            users.users.root.password = "";
            fileSystems."/".fsType = pkgs.lib.mkForce "tmpfs";
-            fileSystems."/etc/ssh" = {
-              depends = [ "/etc" ];
-              neededForBoot = true;
-            };
            services.getty.helpLine = ''
              Log in as "root" with an empty password.
              Use "reboot" to shut qemu down.