From b8841a2c3e1d18649d099681259a4b7c27ff4c66 Mon Sep 17 00:00:00 2001
From: Felix Albrigtsen <felixalbrigtsen@gmail.com>
Date: Sun, 23 Apr 2023 14:27:27 +0200
Subject: [PATCH] Start adding sops secrets

---
 .sops.yaml | 17 +++++++++++++++++
 flake.nix  |  4 ++++
 shell.nix  |  8 ++++++++
 3 files changed, 29 insertions(+)
 create mode 100644 .sops.yaml
 create mode 100644 shell.nix

diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..c7ccbf8
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,17 @@
+keys:
+  - &user_felixalb age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
+  - &host_voyager
+
+creation_rules:
+  # Global secrets
+  - path_regex: secrets/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *user_felixalb
+
+  # Host specific secrets
+  - path_regex: secrets/voyager/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *host_voyager
+      - *user_felixalb
diff --git a/flake.nix b/flake.nix
index e8b1e6a..2c806a2 100644
--- a/flake.nix
+++ b/flake.nix
@@ -45,5 +45,9 @@
           ];
         };
       };
+
+      devShells.x86_64-linux = {
+        default = nixpkgs.legacyPackages.x86_64-linux.callPackage ./shell.nix { };
+      };
     };
 }
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 0000000..ccc31db
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1,8 @@
+{ pkgs ? import <nixpkgs> {} }:
+pkgs.mkShell {
+  nativeBuildInputs = with pkgs; [
+    sops
+    gnupg
+  ];
+}
+