2024-04-07 17:08:48 -07:00
|
|
|
{ inputs, config, pkgs, lib, ... }:
|
2024-11-07 14:58:37 -08:00
|
|
|
|
2024-04-07 17:08:48 -07:00
|
|
|
{
|
2024-11-07 14:58:37 -08:00
|
|
|
options.sops-nix = let
|
|
|
|
|
externalPath = lib.mkOptionType {
|
|
|
|
|
name = "externalPath";
|
|
|
|
|
check = x: !lib.path.hasStorePathPrefix (/. + x);
|
|
|
|
|
merge = lib.mergeEqualOption;
|
|
|
|
|
};
|
|
|
|
|
in {
|
|
|
|
|
enable = lib.mkEnableOption "Enables nix-sops for secret management";
|
|
|
|
|
keyFile = lib.mkOption {
|
|
|
|
|
description = "A key file to unlock your secrets file";
|
|
|
|
|
type = lib.types.nullOr externalPath;
|
|
|
|
|
};
|
|
|
|
|
sopsFile = lib.mkOption {
|
|
|
|
|
description = "The path to your secrets file";
|
|
|
|
|
type = lib.types.path;
|
|
|
|
|
};
|
|
|
|
|
secrets = lib.mkOption { default = {}; };
|
2024-04-07 17:08:48 -07:00
|
|
|
};
|
|
|
|
|
|
2024-04-09 00:00:42 -07:00
|
|
|
imports = [ inputs.sops-nix.nixosModules.sops ];
|
|
|
|
|
|
2024-04-07 17:08:48 -07:00
|
|
|
config = lib.mkIf config.sops-nix.enable {
|
|
|
|
|
sops = {
|
2024-11-07 14:58:37 -08:00
|
|
|
defaultSopsFile = config.sops-nix.sopsFile;
|
|
|
|
|
age.keyFile = config.sops-nix.keyFile;
|
|
|
|
|
secrets = config.sops-nix.secrets;
|
2024-04-07 17:08:48 -07:00
|
|
|
};
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
sops
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
}
|
