From fde69ca283e3c0d10b4eea8014bd0ef3366a4647 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Mon, 1 Apr 2024 23:45:29 +0200
Subject: [PATCH] base: add sops keys for everyone and everything

---
 .sops.yaml          | 4 ++++
 base.nix            | 6 ++++++
 secrets/common.yaml | 0
 3 files changed, 10 insertions(+)
 create mode 100644 secrets/common.yaml

diff --git a/.sops.yaml b/.sops.yaml
index 10f769d..ffbdd28 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -17,6 +17,10 @@ creation_rules:
     key_groups:
     - age:
       - *host_jokum
+      - *host_ildkule
+      - *host_bekkalokk
+      - *host_bicep
+
       - *user_danio
       - *user_felixalb
       - *user_eirikwit
diff --git a/base.nix b/base.nix
index 1c41ba0..a47e021 100644
--- a/base.nix
+++ b/base.nix
@@ -84,6 +84,12 @@
     settings.PermitRootLogin = "yes";
   };
 
+  sops.age = {
+    sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    keyFile = "/var/lib/sops-nix/key.txt";
+    generateKey = true;
+  };
+
   # nginx return 444 for all nonexistent virtualhosts
 
   systemd.services.nginx.after = [ "generate-snakeoil-certs.service" ];
diff --git a/secrets/common.yaml b/secrets/common.yaml
new file mode 100644
index 0000000..e69de29