commit 82ea805ff6f1bffc2638cc9f68af5cca7f216e36
author Skyler Grey <minion@clicks.codes> Sat Jun 08 22:56:00 2024 +0000
committer Samuel Shuert <coded@clicks.codes> Sun Jun 09 00:40:11 2024 +0000
tree 85e77e7cbaefa20045e7b6efdac72172dba7e322
parent d3377400b7bd81cb1d5b62c0463a52438e2330a9

feat: add sops

We've previously used SOPS for our secrets management and liked it. We
did, however, find the configuration was a bit annoying to do. In aid of
this, we've made a SOPS module that we find a little easier to make the
sort of configurations we want without creating so much mess.

We haven't set up scalpel/equivalent yet - we intend to avoid it if at
all possible. It isn't necessarily out-of-scope but it isn't included in
our current SOPS plans.

Change-Id: I35b9c7e94c12a4f1360833026efe06803d59626e
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/725
Reviewed-by: Samuel Shuert <coded@clicks.codes>
Tested-by: Samuel Shuert <coded@clicks.codes>

flake.nix

diff --git a/flake.nix b/flake.nix
index a565974..25086f4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -20,6 +20,14 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs = {
+        nixpkgs.follows = "unstable";
+        nixpkgs-stable.follows = "nixpkgs";
+      };
+    };
+
     impermanence.url = "github:nix-community/impermanence";
   };
 
@@ -39,7 +47,10 @@
     lib.mkFlake {
       overlays = with inputs; [ ];
 
-      systems.modules.nixos = [ inputs.impermanence.nixosModules.impermanence ];
+      systems.modules.nixos = [
+        inputs.impermanence.nixosModules.impermanence
+        inputs.sops-nix.nixosModules.sops
+      ];
 
       deploy = lib.mkDeploy {
         inherit (inputs) self;