sops: first secret integration (nix-settings)

2026-04-06 00:14:48 +02:00 · 2026-04-06 00:14:48 +02:00 · 8914fa79ed
commit 8914fa79ed
parent e8e402e9b7
10 changed files with 86 additions and 5 deletions
--- a/common/sops.nix
+++ b/common/sops.nix
@ -0,0 +1,11 @@
+{ lib, config, ... }:
+let
+  inputs = config.inputInjection.flake-inputs;
+in
+{
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    defaultSopsFile = lib.mkDefault toString (./. + "/hosts/${config.networking.hostname}/secrets.ini");
+    defaultSopsFormat = "yaml"; # is the default. ini had some template rendering issues in practice
+  };
+}