15 lines
391 B
Nix
15 lines
391 B
Nix
{ config, lib, ... }:
|
|
|
|
{
|
|
# sops-nix reads secrets from YAML files in ./secrets
|
|
# You will create these later.
|
|
sops.defaultSopsFile = ../secrets/secrets.yaml;
|
|
|
|
# Where the age key lives on target machines
|
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
|
|
|
# Good to have a dedicated secrets mount/dir
|
|
systemd.tmpfiles.rules = [
|
|
"d /var/lib/sops-nix 0700 root root - -"
|
|
];
|
|
}
|