35 lines
638 B
Nix
35 lines
638 B
Nix
{ lib, config, inputs, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.settings.services.sops;
|
|
in {
|
|
options = {
|
|
settings.services.sops.enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
description = ''
|
|
Enable sops secret management
|
|
'';
|
|
default = false;
|
|
};
|
|
};
|
|
|
|
imports = [
|
|
inputs.sops-nix.homeManagerModules.sops
|
|
];
|
|
|
|
config = mkIf cfg.enable {
|
|
home.packages = with pkgs; [
|
|
sops
|
|
age
|
|
];
|
|
|
|
sops = {
|
|
age.keyFile = "/home/${config.home.username}/.config/sops/age/keys.txt"; # must have no password!
|
|
|
|
defaultSopsFile = ../../../secrets/deploy.yaml;
|
|
};
|
|
};
|
|
}
|