feat: setup sops-nix

2026-06-17 10:16:31 +05:30 · 2026-05-07 17:16:30 +05:30
parent 3115bd6d0e
commit 594c1d07e7
5 changed files with 70 additions and 1 deletions
--- a/modules/nixos/core/sops.nix
+++ b/modules/nixos/core/sops.nix
@@ -0,0 +1,25 @@
+{ inputs, ... }:
+{
+  flake.modules.nixos.core =
+    {
+      config,
+      pkgs,
+      ...
+    }:
+    let
+      isEd25519 = k: k.type == "ed25519";
+      getKeyPath = k: k.path;
+      keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
+    in
+    {
+      imports = [ inputs.sops-nix.nixosModules.sops ];
+
+      sops.age = {
+        sshKeyPaths = map getKeyPath keys;
+        keyFile = "/var/lib/sops-nix/key.txt";
+        generateKey = true;
+      };
+
+      environment.systemPackages = with pkgs; [ sops ];
+    };
+}
--- a/modules/nixos/core/users.nix
+++ b/modules/nixos/core/users.nix
@@ -3,6 +3,7 @@
    {
      pkgs,
      lib,
+      config,
      userName,
      userEmail,
      ...
@@ -30,7 +31,7 @@
        mutableUsers = false;
        defaultUserShell = pkgs.zsh;
        users.${userName} = {
-          initialPassword = userName;
+          hashedPasswordFile = config.sops.secrets.tux-password.path;
          isNormalUser = true;
          extraGroups = [
            "networkmanager"