feat: add sops module

2026-03-07 12:28:02 +01:00 · 2026-03-04 22:24:33 +01:00
parent 8574e4d19a
commit aeba37e8a2
4 changed files with 39 additions and 1 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -583,9 +583,30 @@
        "hyprland": "hyprland",
        "nixpkgs": "nixpkgs_2",
        "nixvim": "nixvim",
+        "sops-nix": "sops-nix",
        "spotiflac-cli": "spotiflac-cli"
      }
    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1772495394,
+        "narHash": "sha256-hmIvE/slLKEFKNEJz27IZ8BKlAaZDcjIHmkZ7GCEjfw=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "1d9b98a29a45abe9c4d3174bd36de9f28755e3ff",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
+      }
+    },
    "spotiflac-cli": {
      "inputs": {
        "nixpkgs": "nixpkgs_4"
--- a/flake.nix
+++ b/flake.nix
@@ -5,11 +5,14 @@
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-
    nixvim = {
      url = "github:Superredstone/nixvim";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
    hyprland.url = "github:hyprwm/Hyprland";
    spotiflac-cli.url = "github:Superredstone/spotiflac-cli";
  };
@@ -20,6 +23,7 @@
      home-manager,
      nixvim,
      spotiflac-cli,
+      sops-nix,
      ...
    }@inputs:
    let
@@ -32,6 +36,7 @@
          overlays
          nixvim
          spotiflac-cli
+          sops-nix
          inputs
          nixpkgs
          home-manager
--- a/lib/mksystem.nix
+++ b/lib/mksystem.nix
@@ -3,6 +3,7 @@
  overlays,
  nixvim,
  spotiflac-cli,
+  sops-nix,
  inputs,
  nixpkgs,
  home-manager,
@@ -38,6 +39,7 @@ let
    enableZram = enableZram;
    nixvim = nixvim;
    spotiflac-cli = spotiflac-cli;
+    sops-nix = sops-nix;
    inputs = inputs;
    additionalModules = additionalModules;
  };
@@ -58,6 +60,7 @@ nixpkgs.lib.nixosSystem {
      home-manager.sharedModules = [
      ];
    }
+    sops-nix.nixosModules.sops
    machineConfig
  ]
  ++ additionalModules;
--- a/modules/nix-config/security.nix
+++ b/modules/nix-config/security.nix
@@ -4,4 +4,13 @@
    		Defaults pwfeedback
        		Defaults timestamp_timeout=120
    	'';
+  sops = {
+    age.sshKeyPaths = [
+      "/etc/ssh/ssh_host_ed25519_key"
+    ];
+    defaultSopsFile = ../../secrets/default.sops.yaml;
+    secrets = {
+      "wifi_password" = { };
+    };
+  };
 }