Sops, add user secret management
This commit is contained in:
parent
5c256edcb3
commit
5186992f88
SSH key fingerprint:
SHA256:KI8YxpkPRbnDRkXPgCuQCVz181++Vy7NAvmQj8alOhM
3 changed files with 24 additions and 32 deletions
|
|
@ -1,18 +1,32 @@
|
|||
{ inputs, config, pkgs, lib, ... }:
|
||||
let rootPath = ./.; in
|
||||
|
||||
{
|
||||
options = {
|
||||
sops-nix.enable = lib.mkEnableOption "Enables nix-sops for secret management";
|
||||
options.sops-nix = let
|
||||
externalPath = lib.mkOptionType {
|
||||
name = "externalPath";
|
||||
check = x: !lib.path.hasStorePathPrefix (/. + x);
|
||||
merge = lib.mergeEqualOption;
|
||||
};
|
||||
in {
|
||||
enable = lib.mkEnableOption "Enables nix-sops for secret management";
|
||||
keyFile = lib.mkOption {
|
||||
description = "A key file to unlock your secrets file";
|
||||
type = lib.types.nullOr externalPath;
|
||||
};
|
||||
sopsFile = lib.mkOption {
|
||||
description = "The path to your secrets file";
|
||||
type = lib.types.path;
|
||||
};
|
||||
secrets = lib.mkOption { default = {}; };
|
||||
};
|
||||
|
||||
imports = [ inputs.sops-nix.nixosModules.sops ];
|
||||
|
||||
config = lib.mkIf config.sops-nix.enable {
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = rootPath + "secrets.yaml";
|
||||
defaultSopsFormat = "yaml";
|
||||
age.keyFile = "/home/" + config.user.name + ".config/sops/age/keys.txt";
|
||||
defaultSopsFile = config.sops-nix.sopsFile;
|
||||
age.keyFile = config.sops-nix.keyFile;
|
||||
secrets = config.sops-nix.secrets;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
sops
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue