27 lines
462 B
Nix
27 lines
462 B
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
pkgsUnstable,
|
|
inputs,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
let
|
|
ageKeyDir = "/var/lib/sops/age";
|
|
ageKeyFile = "${ageKeyDir}/keys.txt";
|
|
in
|
|
{
|
|
imports = [ inputs.sops-nix.nixosModules.sops ];
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d ${ageKeyDir} 0700 root root -"
|
|
"C ${ageKeyFile} 0400 root root -"
|
|
];
|
|
|
|
sops.defaultSopsFile = ../secrets/${config.networking.hostName}.yml;
|
|
sops.defaultSopsFormat = "yaml";
|
|
sops.age.keyFile = ageKeyFile;
|
|
}
|