pantheon/systems/modules/sops.nix

{ inputs, config, ... }:
{
  imports = [ inputs.sops-nix.nixosModules.sops ];
  sops = {
    defaultSopsFile = ../../secrets/secrets.yaml;
    age.sshKeyPaths = [
      "/home/rafiq/.ssh/id_ed25519"
      "/home/rafiq/.ssh/rafiq-master"
    ];
    secrets = {
      hashed_password_rafiq = {
        neededForUsers = true;
      };
      cwp_jira_access_key = { };
      cwp_jira_link = { };
      cargo_api_key = {
        mode = "0440";
        owner = config.users.users.rafiq.name;
        group = config.users.users.rafiq.group;
      };
    };
  };
}