feat: configure sops

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>

.sops.yaml

@@ -0,0 +1,13 @@
+keys:
+  - &users:
+    - &lander 4BE1257015580BAB9F4B9D5FCA5B1C34E649BF92
+  - &hosts:
+    - &wodan age15m0pdv8mkt4aue8wjay9k4endyymtka5je3gc2t63dgamfzh9vts7774hh
+
+creation_rules:
+  - path_regex: hosts/common/secrets.yam?l$
+    key_groups:
+      - age:
+          - *wodan
+        pgp:
+          - *lander

hosts/common/global/default.nix

@@ -8,12 +8,12 @@
   imports = [
     inputs.home-manager.nixosModules.home-manager
     inputs.lix-module.nixosModules.default
-    inputs.sops-nix.nixosModules.sops
     inputs.catppuccin.nixosModules.catppuccin
 
     ./locale.nix
     ./nh.nix
     ./openssh.nix
+    ./sops.nix
   ];
 
   home-manager.useGlobalPkgs = true;

hosts/common/global/sops.nix

@@ -0,0 +1,15 @@
+{ inputs, config, ... }:
+
+let
+  isEd25519 = k: k.type == "ed25519";
+  getKeyPath = k: k.path;
+  keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
+in {
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+    age.sshKeyPaths = map getKeyPath keys;
+  };
+}