hosts/shinji/sops.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

{
  config,
  pkgs,
  inputs,
  ...
}: let
  isEd25519 = k: k.type == "ed25519";
  getKeyPath = k: k.path;
  keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
in {
  imports = [
    inputs.sops-nix.nixosModules.sops
  ];

  environment.systemPackages = with pkgs; [
    sops
  ];

  sops = {
    defaultSopsFile = ./secrets.yaml;

    gnupg.home = config.homePath + "/.gnupg";
    gnupg.sshKeyPaths = [];

    secrets = {
      freyanetWg = {};
      tinternetWg = {};
    };
  };
}