Set up sops-nix

2024-04-03 23:27:14 +02:00 · 2024-04-03 23:27:14 +02:00 · ca41f6af9e
commit ca41f6af9e
parent 84c3e5a976
6 changed files with 132 additions and 10 deletions
--- a/common/nixos.nix
+++ b/common/nixos.nix
@ -19,12 +19,13 @@
    users.avery = {
      extraGroups = [ "wheel" ];
      isNormalUser = true;
+      hashedPasswordFile = config.sops.secrets.avery_password.path;
    };
  };

  environment = {
    shells = with pkgs; [ zsh ];
-    systemPackages = with pkgs; [ git htop neovim ];
+    systemPackages = with pkgs; [ git htop neovim sops ];
  };

  programs.zsh.enable = true;
@ -43,4 +44,12 @@
  };

  services.openssh.enable = true;
+
+  sops = {
+    secrets.avery_password = {
+      sopsFile = "/etc/nixos/secrets/hosts/common.yaml";
+      neededForUsers = true;
+    };
+    validateSopsFiles = false;
+  };
 }