25 lines
812 B
Nix
25 lines
812 B
Nix
|
{ config, inputs ,... }:
|
||
|
{
|
||
|
imports = [
|
||
|
inputs.sops-nix.nixosModules.sops
|
||
|
];
|
||
|
|
||
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||
|
sops.age.generateKey = true;
|
||
|
|
||
|
sops.defaultSopsFile = ./common.yaml;
|
||
|
#sops.defaultSopsFile = lib.mkIf (builtins.pathExists ./secrets/${hostname}.yaml) ./secrets/${hostname}.yaml;
|
||
|
#sops.secrets = let # TODO: importYAML does not exist
|
||
|
# file = ./secrets/${hostname}.yaml;
|
||
|
# exists = builtins.pathExists file;
|
||
|
# yaml = lib.removeAttrs (lib.importYAML file) ["sops"];
|
||
|
# secrets = lib.attrNames yaml; # TODO: recurse
|
||
|
#in
|
||
|
# if !exists then {} else lib.mkMerge (lib.forEach secrets (secret:
|
||
|
# lib.mkIf (config.sops.secrets ? secret) {
|
||
|
# "${secret}".sopsFile = file;
|
||
|
# }
|
||
|
# ));
|
||
|
}
|