added sops-nix

2024-12-18 09:27:31 +01:00 · 2024-12-18 09:27:31 +01:00 · b83c4f77c7
commit b83c4f77c7
parent a8354d0c0d
6 changed files with 63 additions and 10 deletions
--- a/nixos/modules/sops/default.nix
+++ b/nixos/modules/sops/default.nix
@ -0,0 +1,15 @@
+{ pkgs, inputs, username, hwconfig, ... }:
+{
+    environment.systemPackages = with pkgs; [sops];
+    sops.defaultSopsFile = ./secrets/secrets.yaml;
+    sops.defaultSopsFormat = "yaml";
+    sops.age.keyFile = (if hwconfig.useImpermanence then "/persist/sops/age/keys.txt" else "/home/${username}/.config/sops/age/keys.txt");
+    # This will generate a new key if the key specified above does not exist
+    sops.age.generateKey = true;
+
+    sops.secrets = {
+	"users/kylekrein" = {
+	    neededForUsers = true;
+	};
+    };
+}