Commit

modules/secrets/sops.nix

@@ -1,29 +1,27 @@
-{ inputs, den, ... }:
+{ inputs, ... }:
+let
+  sopsConfig = {
+    # TODO: Should this be user owned or root-owned?
+    # How do we determine the keys location without hardcoding?
+    # TODO: Take a look at quasigod
+    age.keyFile = "/home/kiri/.config/sops/age/keys.txt";
+    defaultSopsFile = ./secrets.yaml;
+
+  };
+in
 {
-  den.default.includes = [
-    (
-      { host, ... }:
-      {
-        nixos =
-          { pkgs, ... }:
-          {
-            imports = [ inputs.sops-nix.nixosModules.sops ];
+  # TODO: Do we need both modules?
+  den.ctx.host.nixos = {
+    imports = [ inputs.sops-nix.nixosModules.sops ];
+    sops = sopsConfig;
+  };
 
-            sops = {
-              age.keyFile = "/home/${(builtins.head (builtins.attrValues host.users)).name}/.config/sops/age/keys.txt";
-              defaultSopsFile = ./secrets.yaml;
-              secrets = {
-                hashed-password-kiri.neededForUsers = true;
-              };
-            };
+  den.ctx.user.homeManager =
+    { pkgs, ... }:
+    {
+      imports = [ inputs.sops-nix.homeManagerModules.sops ];
+      sops = sopsConfig;
 
-            environment.systemPackages = with pkgs; [
-              sops
-              age
-            ];
-
-          };
-      }
-    )
-  ];
+      home.packages = [ pkgs.sops ];
+    };
 }