From 460f0d132dbf31b4451c3adc08b73b2d4267ba84 Mon Sep 17 00:00:00 2001 From: John Lancaster <32917998+jsl12@users.noreply.github.com> Date: Mon, 7 Jul 2025 00:22:25 -0500 Subject: [PATCH] added sops --- flake.nix | 4 ++++ homeManagerModules/default.nix | 2 ++ homeManagerModules/sops.nix | 17 +++++++++++++++++ 3 files changed, 23 insertions(+) create mode 100644 homeManagerModules/sops.nix diff --git a/flake.nix b/flake.nix index ccf5253..3e06d89 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,10 @@ url = "github:nix-community/nixGL"; inputs.nixpkgs.follows = "nixpkgs"; }; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self, nixpkgs, ... }@inputs: diff --git a/homeManagerModules/default.nix b/homeManagerModules/default.nix index 83eab63..f1b9fde 100644 --- a/homeManagerModules/default.nix +++ b/homeManagerModules/default.nix @@ -11,6 +11,7 @@ ../nixosModules/options.nix inputs._1password-shell-plugins.hmModules.default + inputs.sops-nix.homeManagerModules.sops ]; nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ @@ -53,6 +54,7 @@ btop yazi sops + age (writeShellScriptBin "nhmu" '' nix flake update --flake ~/.config/home-manager nix run home-manager -- switch --flake ~/.config/home-manager --impure diff --git a/homeManagerModules/sops.nix b/homeManagerModules/sops.nix new file mode 100644 index 0000000..603bef2 --- /dev/null +++ b/homeManagerModules/sops.nix @@ -0,0 +1,17 @@ +{ inputs, config, pkgs, lib, ... }: +{ + sops = { + # It's also possible to use a ssh key, but only when it has no password: + sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; + defaultSopsFile = ./secrets.yaml; + secrets.test = { + # sopsFile = ./secrets.yml.enc; # optionally define per-secret files + + # %r gets replaced with a runtime directory, use %% to specify a '%' + # sign. Runtime dir is $XDG_RUNTIME_DIR on linux and $(getconf + # DARWIN_USER_TEMP_DIR) on darwin. + path = "%r/test.txt"; + }; + + }; +} \ No newline at end of file