sops: new way of decrypting secrets

2024-11-12 16:12:32 +01:00 · 2024-11-12 16:12:32 +01:00 · cc9c283e12
commit cc9c283e12
parent cfbdeed038
8 changed files with 56 additions and 38 deletions
--- a/modules/nixos/security/sops/default.nix
+++ b/modules/nixos/security/sops/default.nix
@ -19,13 +19,15 @@ in
    environment.systemPackages = with pkgs; [
      sops
      age
+      ssh-to-age
    ];

    sops = {
      defaultSopsFile = lib.snowfall.fs.get-file "secrets/secrets.yaml";
      defaultSopsFormat = "yaml";

-      age.keyFile = "/home/cholli/.config/sops/age/keys.txt";
+      # age.keyFile = "/home/cholli/.config/sops/age/keys.txt";
+      age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
    };
  };
 }