38 lines
870 B
Nix
38 lines
870 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let cfg = config.sydnix.sops;
|
|
in {
|
|
options = {
|
|
sydnix.sops = {
|
|
enable = mkEnableOption "Sops secrets";
|
|
keyFile = mkOption {
|
|
description = "Path to an Age key file.";
|
|
type = types.path;
|
|
};
|
|
secrets = mkOption {
|
|
description = "Secrets passed directly to sops-nix.";
|
|
default = {};
|
|
};
|
|
package = mkOption {
|
|
description = "Sops CLI package. If null, nothing will be installed.";
|
|
type = with types; nullOr package;
|
|
default = pkgs.sops;
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
sops.defaultSopsFile = ../../secrets.yaml;
|
|
sops.defaultSopsFormat = "yaml";
|
|
|
|
environment.systemPackages =
|
|
mkIf (cfg.package != null)
|
|
[ cfg.package ];
|
|
|
|
sops.age.keyFile = cfg.keyFile;
|
|
sops.secrets = cfg.secrets;
|
|
};
|
|
}
|