From 785af695df38f0a73a40921fa41f55cae1b2512c Mon Sep 17 00:00:00 2001
From: DashieTM <fabio.lenherr@gmail.com>
Date: Sun, 25 Aug 2024 14:38:35 +0200
Subject: [PATCH] Modularize secrets

---
 example/hosts/secrets/secrets.md   |  3 +++
 example/hosts/secrets/secrets.yaml |  0
 modules/programs/sops.nix          | 20 +++++++++++++-------
 3 files changed, 16 insertions(+), 7 deletions(-)
 create mode 100644 example/hosts/secrets/secrets.md
 create mode 100644 example/hosts/secrets/secrets.yaml

diff --git a/example/hosts/secrets/secrets.md b/example/hosts/secrets/secrets.md
new file mode 100644
index 0000000..86d99c6
--- /dev/null
+++ b/example/hosts/secrets/secrets.md
@@ -0,0 +1,3 @@
+# Secrets
+
+This file is for sops-nix and is also where your keys for various secrets will be stored.
diff --git a/example/hosts/secrets/secrets.yaml b/example/hosts/secrets/secrets.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/modules/programs/sops.nix b/modules/programs/sops.nix
index 6a8907b..be52697 100644
--- a/modules/programs/sops.nix
+++ b/modules/programs/sops.nix
@@ -6,6 +6,18 @@
       type = lib.types.bool;
       description = "Enable sops secrets";
     };
+    secrets = lib.mkOption {
+      default = {
+        hub = { };
+        lab = { };
+        ${config.conf.username} = { };
+        nextcloud = { };
+        access = { };
+      };
+      example = { };
+      type = with lib.types; attrsOf anything;
+      description = "secrets for sops";
+    };
   };
   config = lib.mkIf config.mods.sops.enable
     (lib.optionalAttrs (options ? home.packages) {
@@ -16,13 +28,7 @@
           sshKeyPaths = [ ];
         };
         defaultSopsFile = root + /secrets/secrets.yaml;
-        secrets = {
-          hub = { };
-          lab = { };
-          ${config.conf.username} = { };
-          nextcloud = { };
-          access = { };
-        };
+        secrets = config.mods.sops.secrets;
       };
 
       systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];