-
-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathdefault.nix
More file actions
23 lines (20 loc) · 590 Bytes
/
default.nix
File metadata and controls
23 lines (20 loc) · 590 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# sops secrets/machine.yaml
# scripts/with-buildkite-age-key.sh public sops secrets/buildkite-public.yaml
# scripts/with-buildkite-age-key.sh private sops secrets/buildkite-private.yaml
{
config,
lib,
pkgs,
...
}: {
options = {
secrets.ageKeyPath = lib.mkOption {type = lib.types.str;};
};
config = {
environment.systemPackages = [pkgs.gnupg];
environment.variables.SOPS_AGE_KEY_FILE = config.secrets.ageKeyPath;
programs.ssh.startAgent = true;
sops.age.keyFile = config.secrets.ageKeyPath;
sops.defaultSopsFile = ../../secrets/machine.yaml;
};
}