system/sops.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

{
  config,
  pkgs,
  lib,
  inputs,
  hostDir,
  ...
}: let
  inherit (lib) mkIf;
  cfg = config.sops;
in {
  imports = [
    inputs.sops-nix.nixosModules.sops
  ];

  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      sops
    ];

    sops = {
      defaultSopsFile = hostDir + "/secrets.yaml";
      gnupg.home = config.homePath + "/.local/share/gnupg";
      gnupg.sshKeyPaths = [];
    };
  };
}