Secret management via sops-nix.

2024-09-21 10:24:16 +01:00
parent 9619607919
commit a79e666a85
9 changed files with 142 additions and 4 deletions
--- a/common/global/default.nix
+++ b/common/global/default.nix
@@ -10,6 +10,7 @@
    ./nix.nix
    ./packages.nix
    ./show-changelog.nix
+    ./sops.nix
    ./sudo.nix
    ./tailscale.nix
  ];
--- a/common/global/packages.nix
+++ b/common/global/packages.nix
@@ -1,9 +1,12 @@
 { pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
+    age
    file
    lm_sensors # TODO: this shouldn't be installed on cloud nodes
    nodejs_20 # TODO: this is for one job on nomad, it should just be a dependency there
    neovim
+    sops
+    ssh-to-age
  ];
 }
--- a/common/global/sops.nix
+++ b/common/global/sops.nix
@@ -0,0 +1,5 @@
+{
+  sops = {
+    defaultSopsFile = ./../../secrets/secrets.yaml;
+  };
+}