john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3097fb0af19dccb0eef74c4ef7f1dfa3129d9dad
dendritic/modules/programs/sops.nix
T
John Lancaster a45f5a4cca started soteria-specific secrets
2026-03-23 17:58:26 -05:00

61 lines
2.2 KiB
Nix
Raw Blame History

{ inputs, ... }:
let
inputs' = inputs; # save a reference before it's shadowed
in
{
flake-file.inputs = {
# Adding sops-nix to the flake-file inputs causes it to get added to the inputs in flake.nix when it gets generated.
# This also makes the sops-nix module available
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
};
flake.modules.nixos.sops = {
imports = [ inputs.sops-nix.nixosModules.sops ];
# sops.defaultSopsFile = ../../keys/secrets.yaml;
};
# Define the homeModules that are used by flake-parts
# https://flake.parts/options/home-manager.html#opt-flake.modules.homeManager
flake.modules.homeManager.sops = { inputs, config, pkgs, lib, ... }:
let
sopsBin = lib.getExe pkgs.sops;
sopsConfigPath = ../../.sops.yaml;
sopsSecretsPath = ../../keys/secrets.yaml;
ageKeyFile = "${config.xdg.configHome}/sops/age/keys.txt";
flakeDir = "${config.xdg.configHome}/home-manager/jsl-dendritic";
in
{
home.packages = with pkgs; [
eza
age
sops # This is necessary to make the sops binary available
ssh-to-age
(writeShellScriptBin "gen-age-key" ''
mkdir -p "${config.xdg.configHome}/sops/age"
${lib.getExe pkgs.ssh-to-age} -i ${config.ssh.IdentityFile} -private-key > ${ageKeyFile}
echo -n "Created ${ageKeyFile}: "
echo $(show-age-key)
'')
(writeShellScriptBin "show-age-key" "${lib.getExe' pkgs.age "age-keygen"} -y ${ageKeyFile}")
(writeShellScriptBin "edit-secrets" "${sopsBin} --config ${sopsConfigPath} ${flakeDir}/keys/secrets.yaml")
(writeShellScriptBin "ls-secrets" "${lib.getExe pkgs.eza} -alT --follow-symlinks ~/.config/sops-nix/secrets")
];
home.shellAliases.sops = "${sopsBin} --config ${sopsConfigPath}";
imports = [
# This import makes the sops config attribute available below
inputs'.sops-nix.homeManagerModules.sops
];
# Option definitions for the sops home-manager module:
# https://github.com/Mic92/sops-nix/blob/master/modules/home-manager/sops.nix
sops = {
# defaultSopsFile = sopsSecretsPath;
defaultSopsFormat = "yaml";
age.sshKeyPaths = [ "${config.ssh.IdentityFile}" ];
};
};
}
Reference in New Issue View Git Blame Copy Permalink