sops: first secret integration (nix-settings)

home/common.nix

@@ -13,6 +13,7 @@
     ./modules/captive-browser.nix
     ./modules/ensureDirs.nix
     ./modules/ssh.nix
+    ./modules/sops.nix
   ];
   home.homeDirectory =
     if pkgs.stdenv.isDarwin then "/Users/${config.home.username}" else "/home/${config.home.username}";

home/modules/sops.nix

@@ -0,0 +1,7 @@
+{ inputs, ... }:
+{
+  sops = {
+    age.keyFile = "/home/user/.age-key.txt"; # must have no password!
+    # deliberately not setting `defaultSopsFile` because there is no clear file-hostname-mapping. Each separate home config has to configure this explicitly.
+  };
+}