nixos/modules/system/sops.nix

24 lines
785 B
Nix

inputs:
{
options.nixos.system.sops = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = true; };
keyPathPrefix = mkOption { type = types.str; default = "/nix/persistent"; };
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.system) sops;
in mkIf sops.enable
{
sops =
{
defaultSopsFile =
"${inputs.topInputs.self}/secrets/${inputs.config.nixos.system.networking.hostname}/default.yaml";
# sops start before impermanence, so we need to use the absolute path
age.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_ed25519_key" ];
gnupg.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_rsa_key" ];
};
};
}