Squash merge sops-nix into main

system/modules/presets/basic.nix

@@ -26,5 +26,6 @@
     ../tmux.nix
     ../users.nix
     ../ca.nix
+    ../sops-nix.nix
   ];
 }

system/modules/presets/minimal.nix

@@ -16,5 +16,6 @@
     ../users.nix
     ../tmux.nix
     ../ca.nix
+    ../sops-nix.nix
   ];
 }

system/modules/sops-nix.nix

@@ -0,0 +1,25 @@
+{ config, ... }:
+let
+  defaultSopsFile = ../.. + "/system/dev/${config.networking.hostName}/secret.yaml";
+  ageKeyFile = "/var/lib/sops-nix/key.txt";
+in
+{
+  sops = {
+    defaultSopsFile = defaultSopsFile;
+
+    age = {
+      keyFile = ageKeyFile;
+    };
+
+    secrets = {
+      "wireguard/privateKey" = { };
+      "wireguard/conf" = { };
+      "nextcloud/adminPassword" = { };
+      "step_ca/password" = { };
+    };
+  };
+
+  environment.variables = {
+    SOPS_AGE_KEY_FILE = ageKeyFile;
+  };
+}

system/modules/wireguard.nix

@@ -1,14 +1,12 @@
 {
+  config,
   ...
 }:
-let
-  configPath = "/etc/wireguard/wg0.conf";
-in
 {
   networking = {
     firewall = {
       allowedUDPPorts = [ 51820 ];
     };
-    wg-quick.interfaces.wg0.configFile = configPath;
+    wg-quick.interfaces.wg0.configFile = config.sops.secrets."wireguard/conf".path;
   };
 }