39 lines
838 B
Nix
39 lines
838 B
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
user,
|
|
...
|
|
}:
|
|
let
|
|
home-dir = config.hm.home.homeDirectory;
|
|
in
|
|
{
|
|
options.custom = with lib; {
|
|
sops.enable = mkEnableOption "sops" // {
|
|
default = true;
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf config.custom.sops.enable {
|
|
environment.systemPackages = with pkgs; [
|
|
sops
|
|
];
|
|
|
|
sops = {
|
|
defaultSopsFile = ../hosts/secrets.yaml;
|
|
defaultSopsFormat = "yaml";
|
|
|
|
# use full path to persist as the secrets activation script runs at the start
|
|
# of stage 2 boot before impermanence
|
|
gnupg.sshKeyPaths = [ ];
|
|
|
|
age = {
|
|
sshKeyPaths = [ "${home-dir}/.ssh/id_ed25519" ];
|
|
keyFile = "${home-dir}/.config/sops/age/keys.txt";
|
|
# This will generate a new key if the key specified above does not exist
|
|
generateKey = false;
|
|
};
|
|
};
|
|
};
|
|
}
|