Add sops and setup sops-nix
We want to store secrets, and due to the shortcomings of git-crypt (not
working, not being able to push to public caches, etc.) we have decided
to use sops.
Change-Id: I9ed38a93879ca5ff4a452e6e8017b500a4d2cbb6
Reviewed-on: https://git.clicks.codes/c/Chimera/NixFiles/+/414
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Skyler Grey <minion@clicks.codes>
diff --git a/.sops.nix b/.sops.nix
new file mode 100644
index 0000000..ae58c94
--- /dev/null
+++ b/.sops.nix
@@ -0,0 +1,38 @@
+nixpkgs: let
+ keys = {
+ users = {
+ coded = "BC82DF237610AE9113EB075900E944BFBE99ADB5";
+ minion = "76E0B09A741C4089522111E5F27E3E5922772E7A";
+ };
+ hosts = {
+ shorthair = "B5237D6B63AB2E13FDA07170E5AED9775DD21543";
+ greylag = "047bf8897df877fe86133e98522c6d280d545c00";
+ };
+};
+in {
+ creation_rules = [
+ {
+ path_regex = ''.*\.sops\.chimera\.(yaml|json|env|ini|[^.]*\.bin)$'';
+ pgp = nixpkgs.lib.concatStringsSep "," [
+ keys.users.coded
+ keys.users.minion
+ keys.hosts.shorthair
+ keys.hosts.greylag
+ ];
+ }
+ {
+ path_regex = ''.*\.sops\.coded\.(yaml|json|env|ini|[^.]*\.bin)$'';
+ pgp = nixpkgs.lib.concatStringsSep "," [
+ keys.users.coded
+ keys.hosts.shorthair
+ ];
+ }
+ {
+ path_regex = ''.*\.sops\.minion\.(yaml|json|env|ini|[^.]*\.bin)$'';
+ pgp = nixpkgs.lib.concatStringsSep "," [
+ keys.users.minion
+ keys.hosts.greylag
+ ];
+ }
+ ];
+}
\ No newline at end of file