From 72200431696b9a6a4129c7dafc01efbe8aed07ca Mon Sep 17 00:00:00 2001
From: Lander Van den Bulcke <landervandenbulcke@gmail.com>
Date: Thu, 29 Aug 2024 10:02:38 +0200
Subject: [PATCH] feat: configure sops

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
---
 .sops.yaml                      | 13 +++++++++++++
 hosts/common/global/default.nix |  2 +-
 hosts/common/global/sops.nix    | 15 +++++++++++++++
 3 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 .sops.yaml
 create mode 100644 hosts/common/global/sops.nix

diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..77c8518
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,13 @@
+keys:
+  - &users:
+    - &lander 4BE1257015580BAB9F4B9D5FCA5B1C34E649BF92
+  - &hosts:
+    - &wodan age15m0pdv8mkt4aue8wjay9k4endyymtka5je3gc2t63dgamfzh9vts7774hh
+
+creation_rules:
+  - path_regex: hosts/common/secrets.yam?l$
+    key_groups:
+      - age:
+          - *wodan
+        pgp:
+          - *lander
diff --git a/hosts/common/global/default.nix b/hosts/common/global/default.nix
index a8c4414..0830df8 100644
--- a/hosts/common/global/default.nix
+++ b/hosts/common/global/default.nix
@@ -8,12 +8,12 @@
   imports = [
     inputs.home-manager.nixosModules.home-manager
     inputs.lix-module.nixosModules.default
-    inputs.sops-nix.nixosModules.sops
     inputs.catppuccin.nixosModules.catppuccin
 
     ./locale.nix
     ./nh.nix
     ./openssh.nix
+    ./sops.nix
   ];
 
   home-manager.useGlobalPkgs = true;
diff --git a/hosts/common/global/sops.nix b/hosts/common/global/sops.nix
new file mode 100644
index 0000000..fff5a74
--- /dev/null
+++ b/hosts/common/global/sops.nix
@@ -0,0 +1,15 @@
+{ inputs, config, ... }:
+
+let
+  isEd25519 = k: k.type == "ed25519";
+  getKeyPath = k: k.path;
+  keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
+in {
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+    age.sshKeyPaths = map getKeyPath keys;
+  };
+}