dots/modules/hosts/nixos/hetznix02/post-install/default.nix

{ config, username, ... }: {
  imports = [
    ../../../common/linux/lets-encrypt.nix
    ./monitoring.nix
    ./nginx.nix
  ];

  sops = {
    age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
    defaultSopsFile = ../secrets.yaml;
    secrets = {
      local_git_config = {
        owner = "${username}";
        path = "${config.users.users.${username}.home}/.gitconfig-local";
      };
      local_private_env = {
        owner = "${username}";
        path = "${config.users.users.${username}.home}/.private-env";
      };
      tailscale_key = {
        restartUnits = [ "tailscaled-autoconnect.service" ];
      };
    };
  };
}