feat(modules/secrets): init sops-nix

2025-05-18 22:57:16 +08:00 · 2025-05-18 22:57:16 +08:00 · 7a18d65b0c
commit 7a18d65b0c
parent 1c32074f69
7 changed files with 61 additions and 1 deletions
--- a/modules/nixos/system/default.nix
+++ b/modules/nixos/system/default.nix
@ -5,6 +5,7 @@
    ./users.nix
    ./localisation.nix
    ./nix-config.nix
+    ./secrets.nix
  ];

  options.system = {
--- a/modules/nixos/system/secrets.nix
+++ b/modules/nixos/system/secrets.nix
@ -0,0 +1,10 @@
+{ config, lib, ... }:
+{
+  sops = {
+    defaultSopsFile = lib.snowfall.fs.get-file "secrets/secrets.yaml";
+    age.sshKeyPaths = ["/persist/home/rafiq/.ssh/id_ed25519"];
+    secrets ={
+      "rafiq/hashedPassword".neededForUsers = true;
+    };
+  };
+}