ashie/nixos-vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add sops-nix for secrets management

Browse source 
- Add flake.nix with sops-nix input
- Configure sops with age key encryption
- Add .sops.yaml template for age key configuration
- Create secrets/ directory for encrypted secrets
- Add .gitignore for age keys and nix result symlinks

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
ashisgreat22 2026-03-17 19:34:10 +01:00
parent 58905b7666
commit 5dcb85e56d
5 changed files with 45 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
configuration.nix
View file

@ -39,6 +39,15 @@
# === Sudo without password for wheel group ===
security.sudo.wheelNeedsPassword = false;
# === SOPS (Secrets Management) ===
sops = {
defaultSopsFile = ./secrets/secrets.yaml;
defaultSopsFormat = "yaml";
age.keyFile = "/var/lib/sops-nix/key.txt";
# Generate with: nix-shell -p age --run "age-keygen -o key.txt"
# Then add the public key to .sops.yaml
};
# === Automatic Updates ===
system.autoUpgrade = {
enable = true;