sops: first secret integration (nix-settings)

darwin/configuration.nix

@@ -8,6 +8,7 @@ in
   imports = [
     ../common/nix-settings.nix
     ../common/angrr.nix
+    ./sops.nix
   ];
   nix = {
     enable = true;

darwin/sops.nix

@@ -0,0 +1,13 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    defaultSopsFile = lib.mkDefault ./secrets.yaml;
+    defaultSopsFormat = "yaml"; # is the default. ini had some template rendering issues in practice
+  };
+}