Improve secrets management with sops-nix

2025-06-08 14:49:47 -04:00
parent 034b693380
commit 1988d45fbf
5 changed files with 54 additions and 9 deletions
--- a/nixos/base.nix
+++ b/nixos/base.nix
@@ -116,6 +116,21 @@
    vimAlias = true;
  };

+  sops = {
+    defaultSopsFile = ../secrets.yaml;
+    validateSopsFiles = false;
+
+    age = {
+      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      keyFile = "/var/lib/sops-nix/key.txt";
+      generateKey = true;
+    };
+  };
+
+  secrets = {
+    smb-password = {};
+  };
+
  # List packages installed in system profile.
  environment.systemPackages = with pkgs; [
    alejandra