Squash merge sops-nix into main

2025-04-22 13:20:41 +08:00 · 2025-04-22 13:20:41 +08:00 · 21fc0ee318
commit 21fc0ee318
parent 135df24a36
15 changed files with 180 additions and 17 deletions
--- a/system/modules/sops-nix.nix
+++ b/system/modules/sops-nix.nix
@ -0,0 +1,25 @@
+{ config, ... }:
+let
+  defaultSopsFile = ../.. + "/system/dev/${config.networking.hostName}/secret.yaml";
+  ageKeyFile = "/var/lib/sops-nix/key.txt";
+in
+{
+  sops = {
+    defaultSopsFile = defaultSopsFile;
+
+    age = {
+      keyFile = ageKeyFile;
+    };
+
+    secrets = {
+      "wireguard/privateKey" = { };
+      "wireguard/conf" = { };
+      "nextcloud/adminPassword" = { };
+      "step_ca/password" = { };
+    };
+  };
+
+  environment.variables = {
+    SOPS_AGE_KEY_FILE = ageKeyFile;
+  };
+}