summaryrefslogtreecommitdiff
path: root/modules/core
diff options
context:
space:
mode:
Diffstat (limited to 'modules/core')
-rw-r--r--modules/core/security/default.nix1
-rw-r--r--modules/core/security/sops.nix18
2 files changed, 19 insertions, 0 deletions
diff --git a/modules/core/security/default.nix b/modules/core/security/default.nix
index 7a571a9..a71b590 100644
--- a/modules/core/security/default.nix
+++ b/modules/core/security/default.nix
@@ -8,6 +8,7 @@
./pam.nix
./pki.nix
./polkit.nix
+ ./sops.nix
./sudo.nix
];
diff --git a/modules/core/security/sops.nix b/modules/core/security/sops.nix
new file mode 100644
index 0000000..b2e6524
--- /dev/null
+++ b/modules/core/security/sops.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+ environment.systemPackages = [
+ pkgs.sops
+ ];
+
+ sops = {
+ defaultSopsFile = ../../../secrets/secrets.yaml;
+ gnupg.sshKeyPaths = [ ];
+ secrets.openai_api_key.owner = "ebisu";
+
+ age = {
+ sshKeyPaths = [ ];
+ keyFile = "/var/lib/sops-nix/keys.txt";
+ generateKey = true;
+ };
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-11 10:25:00 +0000