Add sops for secret management

.sops.yaml

@@ -0,0 +1,17 @@
+keys:
+  - &user_danio age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
+  - &host_jokum age1n4vc3dhv8puqz6ntwrkkpdfj0q002hexqee48wzahll8cmce2ezssrq608
+creation_rules:
+  # Global secrets
+  - path_regex: secrets/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *user_danio
+      - *host_jokum
+  # Host specific secrets
+  ## Jokum
+  - path_regex: secrets/jokum/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *user_danio
+      - *host_jokum

hosts/jokum/configuration.nix

@@ -4,6 +4,8 @@ let
 in
 {
   imports = [
+      <sops-nix/modules/sops>
+
       # Include the results of the hardware scan.
       ../../hardware-configuration.nix
 
@@ -23,6 +25,13 @@ in
     inherit unstable;
   };
 
+
+  sops.defaultSopsFile = ../../secrets/jokum/jokum.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.age.generateKey = true;
+  
+
   # Use the GRUB 2 boot loader.
   boot.loader.grub.enable = true;
   boot.loader.grub.version = 2;