move sops to modules

modules/nixos/sops.nix

@@ -0,0 +1,17 @@
+{
+  inputs,
+  config,
+  ...
+}: let
+  isEd25519 = k: k.type == "ed25519";
+  getKeyPath = k: k.path;
+  keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
+in {
+  imports = [inputs.sops-nix.nixosModules.sops];
+
+  sops.age = {
+    sshKeyPaths = map getKeyPath keys;
+    keyFile = "/var/lib/sops-nix/key.txt";
+    generateKey = true;
+  };
+}