Add sops to manage secrets

2022-04-27 10:32:05 +00:00 · 2022-04-27 10:32:05 +00:00 · 97970e7fb9
commit 97970e7fb9
parent 5c0fbfd6c4
2 changed files with 32 additions and 2 deletions
--- a/flake.lock
+++ b/flake.lock
@ -114,7 +114,28 @@
        "nix-pre-commit-hooks": "nix-pre-commit-hooks",
        "nixpkgs": "nixpkgs",
        "nixpkgs-unstable": "nixpkgs-unstable",
-        "nur": "nur"
+        "nur": "nur",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1649756291,
+        "narHash": "sha256-KTll8bCINAzIUGaaMrbn9wb5nfhkXRLgmFrWGR/Dku0=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "c2614c4fe61943b3d280ac1892fcebe6e8eaf8c8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -16,6 +16,11 @@
      inputs.flake-utils.follows = "flake-utils";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };
+
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };
  outputs =
    { self
@ -50,6 +55,8 @@
            just
            nixpkgs-fmt
            shellcheck
+            sops
+            ssh-to-age
          ]);

          shellHook = ''
@ -76,7 +83,9 @@
            nixpkgs.overlays = [ nur.overlay ];
          }] ++ [
            home-manager.nixosModules.home-manager
-          ] ++ extraModules;
+          ] ++ (with inputs; [
+            sops-nix.nixosModules.sops
+          ]) ++ extraModules;
        })
        (import ./machines inputs);
    };