61 lines
1.4 KiB
Nix
61 lines
1.4 KiB
Nix
{
|
|
lib,
|
|
pkgs,
|
|
config,
|
|
options,
|
|
root,
|
|
...
|
|
}: {
|
|
options.mods.sops = {
|
|
enable = lib.mkOption {
|
|
default = true;
|
|
example = false;
|
|
type = lib.types.bool;
|
|
description = "Enable sops secrets";
|
|
};
|
|
secrets = lib.mkOption {
|
|
default = {};
|
|
example = {
|
|
hub = {};
|
|
lab = {};
|
|
${config.conf.username} = {};
|
|
nextcloud = {};
|
|
access = {};
|
|
};
|
|
type = with lib.types; attrsOf anything;
|
|
description = "secrets for sops";
|
|
};
|
|
sopsPath = lib.mkOption {
|
|
default = root + /secrets/secrets.yaml;
|
|
example = "/your/path";
|
|
type = with lib.types;
|
|
oneOf [
|
|
str
|
|
path
|
|
];
|
|
description = "sops secrets path";
|
|
};
|
|
validateSopsFile = lib.mkOption {
|
|
default = true;
|
|
example = false;
|
|
type = lib.types.bool;
|
|
description = "Whether to validate the sops file -> set this to false when using full paths";
|
|
};
|
|
};
|
|
config = lib.mkIf config.mods.sops.enable (
|
|
lib.optionalAttrs (options ? home.packages) {
|
|
home.packages = with pkgs; [sops];
|
|
sops = {
|
|
gnupg = {
|
|
home = "~/.gnupg";
|
|
sshKeyPaths = [];
|
|
};
|
|
defaultSopsFile = config.mods.sops.sopsPath;
|
|
validateSopsFiles = config.mods.sops.validateSopsFile;
|
|
secrets = config.mods.sops.secrets;
|
|
};
|
|
|
|
systemd.user.services.mbsync.Unit.After = ["sops-nix.service"];
|
|
}
|
|
);
|
|
}
|