Introduce sops and sops-nix for secret management

Use the GPG keys used for the password-store noc directory for the admin keys. Switch the git hosts secret management from colmena to sops-nix. https://github.com/getsops/sops https://github.com/Mic92/sops-nix
2024-05-25 16:47:34 +02:00 · 2024-05-25 16:47:34 +02:00 · 88e3da11a6
commit 88e3da11a6
parent eab3523033
7 changed files with 341 additions and 12 deletions
--- a/flake.nix
+++ b/flake.nix
@ -14,9 +14,16 @@
      url = "github:nix-community/nixos-generators";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+
+    # Add sops-nix as an input for secret management.
+    # See here: https://github.com/Mic92/sops-nix?tab=readme-ov-file#flakes-current-recommendation
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

-  outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, ... }:
+  outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }:
    let
      # Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support.
      shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
@ -180,6 +187,7 @@
          imports = [
            ./config/common
            ./config/proxmox-vm
+            sops-nix.nixosModules.sops
            ./config/hosts/git
          ];
        };