37 lines
1.2 KiB
Nix
37 lines
1.2 KiB
Nix
{ config, lib, ... }:
|
|
let
|
|
inherit (lib.mjallen.module) mkModule mkOpt mkBoolOpt;
|
|
in
|
|
mkModule {
|
|
name = "sops";
|
|
description = "SOPS secret management";
|
|
options = {
|
|
defaultSopsFile = mkOpt lib.types.path null "Default sops file.";
|
|
|
|
generateAgeKey = mkBoolOpt true "Whether to automatically generate an age key if one doesn't exist.";
|
|
|
|
ageKeyPath = mkOpt (lib.types.nullOr lib.types.str) null "Custom path to the age key file. If null, will use the default path.";
|
|
|
|
sshKeyPaths = mkOpt (lib.types.listOf lib.types.str) [
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
|
] "SSH Key paths to use.";
|
|
|
|
validateSopsFiles = mkBoolOpt false "Whether to validate that sops files exist.";
|
|
};
|
|
config = {
|
|
sops = {
|
|
inherit (config.mjallen.sops) defaultSopsFile validateSopsFiles;
|
|
|
|
age = {
|
|
inherit (config.mjallen.sops) generateAgeKey;
|
|
|
|
keyFile = if config.mjallen.sops.ageKeyPath != null
|
|
then config.mjallen.sops.ageKeyPath
|
|
else "${config.users.users.${config.mjallen.user.name}.home}/.config/sops/age/keys.txt";
|
|
|
|
sshKeyPaths = config.mjallen.sops.sshKeyPaths;
|
|
};
|
|
};
|
|
};
|
|
}
|