nixos-config/modules/core/sops.nix

{
  pkgs,
  inputs,
  username,
  host,
  config,
  ...
}:
{
  imports = [ inputs.sops-nix.nixosModules.sops ];

  sops = {
    defaultSopsFile = ../../secrets/${host}/secrets.yaml;
    defaultSopsFormat = "yaml";
    age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
    secrets =
      if (host == "violet") then
        {
          "systemMailerPassword" = { };
          "forgejoWorkerSecret" = { };
          "minioRootCredentials" = { };
          "matrixRegistrationSecret" = {
            owner = "matrix-synapse";
          };
          "smbLoginDetails" = { };
          "syncplay" = { };
        }
      else if (host == "sakura") then
        {
          "systemMailerPassword" = { };
          "dandelionSyncthingId" = { };
          "sakuraSyncthingId" = { };
        }
      else if (host == "dandelion") then
        {
          "systemMailerPassword" = { };
          "dandelionSyncthingId" = { };
          "sakuraSyncthingId" = { };
        }
      else
        { };
  };

  environment.systemPackages = with pkgs; [
    sops
  ];
}
feat: adds module for `sops-nix` 2025-07-28 01:00:47 +02:00			`{`
			`pkgs,`
			`inputs,`
			`username,`
feat: write cursed function so that secrets are host-based 2025-07-30 13:24:21 +02:00			`host,`
feat: set correct owner for `matrix-synapse` key 2025-07-30 14:37:35 +02:00			`config,`
feat: adds module for `sops-nix` 2025-07-28 01:00:47 +02:00			`...`
			`}:`
			`{`
			`imports = [ inputs.sops-nix.nixosModules.sops ];`

			`sops = {`
feat: write cursed function so that secrets are host-based 2025-07-30 13:24:21 +02:00			`defaultSopsFile = ../../secrets/${host}/secrets.yaml;`
feat: adds module for `sops-nix` 2025-07-28 01:00:47 +02:00			`defaultSopsFormat = "yaml";`
			`age.keyFile = "/home/${username}/.config/sops/age/keys.txt";`
feat: write cursed function so that secrets are host-based 2025-07-30 13:24:21 +02:00			`secrets =`
			`if (host == "violet") then`
			`{`
			`"systemMailerPassword" = { };`
			`"forgejoWorkerSecret" = { };`
chore: secrets 2025-08-07 13:41:26 +02:00			`"minioRootCredentials" = { };`
feat: set correct owner for `matrix-synapse` key 2025-07-30 14:37:35 +02:00			`"matrixRegistrationSecret" = {`
			`owner = "matrix-synapse";`
			`};`
chore: adds `smbLoginDetails` 2025-08-19 15:14:15 +02:00			`"smbLoginDetails" = { };`
feat: adds syncplay credentials 2025-09-19 12:24:13 +02:00			`"syncplay" = { };`
feat: write cursed function so that secrets are host-based 2025-07-30 13:24:21 +02:00			`}`
			`else if (host == "sakura") then`
			`{`
			`"systemMailerPassword" = { };`
feat: adds syncthing ids 2025-08-05 21:01:38 +02:00			`"dandelionSyncthingId" = { };`
			`"sakuraSyncthingId" = { };`
feat: write cursed function so that secrets are host-based 2025-07-30 13:24:21 +02:00			`}`
feat: adds `else if` for `dandelion` 2025-08-01 10:24:49 +02:00			`else if (host == "dandelion") then`
			`{`
			`"systemMailerPassword" = { };`
feat: adds syncthing ids 2025-08-05 21:01:38 +02:00			`"dandelionSyncthingId" = { };`
			`"sakuraSyncthingId" = { };`
feat: adds `else if` for `dandelion` 2025-08-01 10:24:49 +02:00			`}`
feat: write cursed function so that secrets are host-based 2025-07-30 13:24:21 +02:00			`else`
			`{ };`
feat: adds module for `sops-nix` 2025-07-28 01:00:47 +02:00			`};`

			`environment.systemPackages = with pkgs; [`
			`sops`
			`];`
			`}`