sops: first secret integration (nix-settings)

2026-04-06 00:14:48 +02:00 · 2026-04-06 00:14:48 +02:00 · 8914fa79ed
commit 8914fa79ed
parent e8e402e9b7
10 changed files with 86 additions and 5 deletions
--- a/darwin/sops.nix
+++ b/darwin/sops.nix
@ -0,0 +1,13 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    defaultSopsFile = lib.mkDefault ./secrets.yaml;
+    defaultSopsFormat = "yaml"; # is the default. ini had some template rendering issues in practice
+  };
+}