diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..7dd86b7 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,12 @@ +keys: + - &users: + - &bryan F1F3466458452B2DF351F1E864D12BA95ACE1F2D + - &hosts: + - &server age1jvqcc984v5xr8yhwm72arsy2hx6rm9gvsr7zeeasvcl0k2l9efmsgys3eg +creation_rules: + - path_regex: src/system/machines/server/secrets.ya?ml$ + key_groups: + age: + - *server + pgp: + - *bryan diff --git a/flake.lock b/flake.lock index 107b007..63f0545 100644 --- a/flake.lock +++ b/flake.lock @@ -137,7 +137,28 @@ "home-manager": "home-manager", "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs", - "nur": "nur" + "nur": "nur", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1752544651, + "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "owner": "mic92", + "repo": "sops-nix", + "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "type": "github" + }, + "original": { + "owner": "mic92", + "repo": "sops-nix", + "type": "github" } }, "treefmt-nix": { diff --git a/flake.nix b/flake.nix index febc6bf..f7d6588 100644 --- a/flake.nix +++ b/flake.nix @@ -15,9 +15,13 @@ url = "github:nix-community/NixOS-WSL/2411.6.0"; inputs.nixpkgs.follows = "nixpkgs"; }; + sops-nix = { + url = "github:mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; - outputs = { self, nixpkgs, nur, home-manager, nixos-wsl }: + outputs = { self, nixpkgs, nur, home-manager, nixos-wsl, sops-nix }: let system = "x86_64-linux"; pkgs = import nixpkgs { @@ -56,6 +60,7 @@ inherit system pkgs; modules = [ ./src/system/machines/server + sops-nix.nixosModules.sops home-manager.nixosModules.home-manager (import ./src/system/machines/server/modules/home-manager) ]; @@ -77,6 +82,7 @@ name = "devShell"; packages = [ just + age ]; }; };