refactored

for 26.05
2026-03-02 03:38:24 -07:00 · 2026-03-02 03:38:24 -07:00 · 075cb86d40
commit 075cb86d40
parent e92d8e6616
34 changed files with 435 additions and 345 deletions
--- a/hosts/modules/sops.nix
+++ b/hosts/modules/sops.nix
@ -0,0 +1,40 @@
+{
+  inputs,
+  config,
+  lib,
+  ...
+}: let
+  apiKeys = [
+    "api/openai"
+    "api/deepseek"
+    "api/anthropic"
+    "api/openrouter"
+    "api/xai"
+    "api/perplexity"
+    "api/replicate"
+    "api/brave"
+    "api/firecrawl"
+    "api/deepl"
+    "api/gelbooru_id"
+    "api/gelbooru_api"
+    "api/fireworks"
+    "cachix/token"
+  ];
+in {
+  imports = [inputs.sops-nix.nixosModules.sops];
+  sops = {
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+    age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+
+    secrets =
+      lib.genAttrs apiKeys (_: {owner = "cobray";})
+      // {
+        "cachix/token" = {};
+        "git/credentials" = {
+          owner = "cobray";
+          mode = "0600";
+        };
+      };
+  };
+}