mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 07:08:45 +08:00
23 lines
719 B
Nix
23 lines
719 B
Nix
|
inputs:
|
||
|
|
{
|
||
|
|
options.nixos.system.sops = let inherit (inputs.lib) mkOption types; in
|
||
|
|
{
|
||
|
|
enable = mkOption { type = types.bool; default = false; };
|
||
|
|
keyPathPrefix = mkOption { type = types.str; default = ""; };
|
||
|
|
};
|
||
|
|
config =
|
||
|
|
let
|
||
|
|
inherit (inputs.lib) mkIf;
|
||
|
|
inherit (inputs.config.nixos.system) sops;
|
||
|
|
in mkIf sops.enable
|
||
|
|
{
|
||
|
|
sops =
|
||
|
|
{
|
||
|
|
defaultSopsFile = ../../secrets/${inputs.config.networking.hostName}.yaml;
|
||
|
|
# sops start before impermanence, so we need to use the absolute path
|
||
|
|
age.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_ed25519_key" ];
|
||
|
|
gnupg.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_rsa_key" ];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}
|