base: configure sops

2026-02-04 09:10:01 +01:00 · 2026-01-22 16:48:59 +09:00
parent f7757d697d
commit 1d47409d96
13 changed files with 15 additions and 55 deletions
--- a/base/sops.nix
+++ b/base/sops.nix
@@ -0,0 +1,12 @@
+{ config, fp, lib, ... }:
+{
+  sops.defaultSopsFile = let
+    secretsFilePath = fp /secrets/${config.networking.hostName}/${config.networking.hostName}.yaml;
+  in lib.mkIf (builtins.pathExists secretsFilePath) secretsFilePath;
+
+  sops.age = lib.mkIf (config.sops.defaultSopsFile != null) {
+    sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ];
+    keyFile = "/var/lib/sops-nix/key.txt";
+    generateKey = true;
+  };
+}