23 lines
603 B
Nix
23 lines
603 B
Nix
{
|
|
inputs,
|
|
config,
|
|
...
|
|
}: let
|
|
isEd25519 = k: k.type == "ed25519";
|
|
getKeyPath = k: k.path;
|
|
keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
|
|
in {
|
|
imports = [inputs.sops-nix.nixosModules.sops];
|
|
|
|
sops.age = {
|
|
sshKeyPaths = map getKeyPath keys;
|
|
|
|
# TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
|
|
keyFile = "/home/julian/.config/sops/age/keys.txt";
|
|
# Generate key if none of the above worked. With this, building will still work, just without secrets
|
|
generateKey = true;
|
|
};
|
|
|
|
sops.defaultSopsFile = ../secrets.yaml;
|
|
}
|