kclejeune
diff --git a/‎.sops.yaml‎
Lines changed: 11 additions & 0 deletions b/‎.sops.yaml‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎flake.lock‎
Lines changed: 21 additions & 0 deletions b/‎flake.lock‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎flake.nix‎
Lines changed: 4 additions & 0 deletions b/‎flake.nix‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎modules/home-manager/default.nix‎
Lines changed: 1 addition & 1 deletion b/‎modules/home-manager/default.nix‎
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,11 @@
+keys:
+  - &kclejeune age16vnps5ues20fykepcjwr5zyvf5p7pzd3skdr4kh4hf9nxl38vfxq6vanlm
+  # Derived from gateway SSH host key via ssh-to-age
+  - &gateway age1xawelux9hmvjmq3ry9yu0uh0njyjx87hskdlnlknjh3ud2rm74fs5jc8vk
+
+creation_rules:
+  - path_regex: secrets/gateway\.yaml$
+    key_groups:
+      - age:
+          - *kclejeune
+          - *gateway
@@ -52,6 +52,9 @@
 
     nix-index-database.url = "github:Mic92/nix-index-database";
     nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
+
+    sops-nix.url = "github:Mic92/sops-nix";
+    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
   };
 
   outputs =
@@ -207,6 +210,7 @@
                     ./modules/nixos/hetzner.nix
                   ];
                   extraModules = [
+                    inputs.sops-nix.nixosModules.sops
                     ./modules/nixos/gateway.nix
                     ./profiles/personal
                   ];
 
@@ -39,7 +39,6 @@
       [
         age
         alejandra
-        # argocd
         asciidoctor
         ast-grep
         attic
@@ -135,6 +134,7 @@
         shellcheck
         sig
         skopeo
+        sops
         ssh-to-age
         sshpass
         stylua