41 lines
1.2 KiB
Nix
41 lines
1.2 KiB
Nix
{ config, lib, namespace, ... }:
|
|
let
|
|
inherit (lib.${namespace}.module) mkModule mkOpt mkBoolOpt;
|
|
in
|
|
mkModule {
|
|
name = "sops";
|
|
description = "SOPS secret management";
|
|
options = {
|
|
defaultSopsFile = mkOpt lib.types.path null "Default sops file.";
|
|
|
|
generateAgeKey = mkBoolOpt true "Whether to automatically generate an age key if one doesn't exist.";
|
|
|
|
ageKeyPath =
|
|
mkOpt (lib.types.nullOr lib.types.str) null
|
|
"Custom path to the age key file. If null, will use the default path.";
|
|
|
|
sshKeyPaths = mkOpt (lib.types.listOf lib.types.str) [
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
|
] "SSH Key paths to use.";
|
|
|
|
validateSopsFiles = mkBoolOpt false "Whether to validate that sops files exist.";
|
|
};
|
|
config = {
|
|
sops = {
|
|
inherit (config.${namespace}.sops) defaultSopsFile validateSopsFiles;
|
|
|
|
age = {
|
|
inherit (config.${namespace}.sops) generateAgeKey;
|
|
|
|
keyFile =
|
|
if config.${namespace}.sops.ageKeyPath != null then
|
|
config.${namespace}.sops.ageKeyPath
|
|
else
|
|
"${config.users.users.${config.${namespace}.user.name}.home}/.config/sops/age/keys.txt";
|
|
|
|
sshKeyPaths = config.${namespace}.sops.sshKeyPaths;
|
|
};
|
|
};
|
|
};
|
|
}
|