32 lines
755 B
Nix
32 lines
755 B
Nix
{
|
|
config,
|
|
lib,
|
|
inputs,
|
|
...
|
|
}:
|
|
let
|
|
inherit (lib) mkOption types;
|
|
cfg = config.vacu.sops;
|
|
in
|
|
{
|
|
imports = [ inputs.sops-nix.nixosModules.sops ];
|
|
options.vacu.sops = {
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
};
|
|
secretsFolder = mkOption {
|
|
type = types.path;
|
|
default = "${inputs.self}/secrets";
|
|
defaultText = "<nix-stuff>/secrets";
|
|
};
|
|
};
|
|
config = lib.mkIf cfg.enable {
|
|
sops = {
|
|
defaultSopsFile = lib.mkDefault (cfg.secretsFolder + "/hosts/${config.vacu.hostname}.yaml");
|
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
gnupg.sshKeyPaths = [ ]; # explicitly empty to disable gnupg; I don't use it and it takes up space on minimal configs
|
|
};
|
|
};
|
|
}
|