Initial NixOS infra flake skeleton

2026-03-03 11:21:32 +01:00 · 2026-03-03 11:21:32 +01:00 · 9383d615d7
commit 9383d615d7
9 changed files with 267 additions and 0 deletions
--- a/modules/sops.nix
+++ b/modules/sops.nix
@ -0,0 +1,15 @@
+{ config, lib, ... }:
+
+{
+  # sops-nix reads secrets from YAML files in ./secrets
+  # You will create these later.
+  sops.defaultSopsFile = ../secrets/secrets.yaml;
+
+  # Where the age key lives on target machines
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+
+  # Good to have a dedicated secrets mount/dir
+  systemd.tmpfiles.rules = [
+    "d /var/lib/sops-nix 0700 root root - -"
+  ];
+}