Add sops for secret management

2022-12-07 10:09:17 +01:00
parent f418516013
commit 3ed65c6cfa
2 changed files with 26 additions and 0 deletions
--- a/hosts/jokum/configuration.nix
+++ b/hosts/jokum/configuration.nix
@@ -4,6 +4,8 @@ let
 in
 {
  imports = [
+      <sops-nix/modules/sops>
+
      # Include the results of the hardware scan.
      ../../hardware-configuration.nix

@@ -23,6 +25,13 @@ in
    inherit unstable;
  };

+
+  sops.defaultSopsFile = ../../secrets/jokum/jokum.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.age.generateKey = true;
+  
+
  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;