smg1024/nix-darwin
1
0
Fork 0
mirror of https://github.com/smg1024/nix-darwin.git synced 2026-05-22 20:32:59 +09:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: install sops cli

Browse source
This commit is contained in:
Poby 2026-05-13 22:38:43 +09:00
parent d54f1b591a
commit 832367e4e4
No known key found for this signature in database
2 changed files with 10 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/aspects/system-packages.nix
View file

@ -7,6 +7,7 @@
git
neovim
just
sops
tree
fastfetchMinimal
];

16
secrets/README.md
View file

@ -9,18 +9,13 @@ aspect. Do not commit plaintext secrets.
- SOPS rules: `.sops.yaml`
- Age key file: `~/.config/sops/age/keys.txt`
- Environment variable: `SOPS_AGE_KEY_FILE`, exported by the `secrets` aspect
- SOPS CLI: installed by the system packages aspect
- Secret declarations: `modules/aspects/_secrets/sops.nix`
- SSH host wiring: `modules/aspects/_ssh/ssh.nix`
## Add An SSH Private Key
From the repository root, open a shell with `sops` and `age`:
```bash
nix-shell -p sops age
```
Open the encrypted secret file with the age key:
From the repository root, open the encrypted secret file:
```bash
sops secrets/poby.yaml
@ -46,6 +41,13 @@ file explicitly for the command:
SOPS_AGE_KEY_FILE="$HOME/.config/sops/age/keys.txt" sops secrets/poby.yaml
```
If the system package set has not been applied yet, run the command from a
temporary shell with `sops`:
```bash
nix-shell -p sops --run 'sops secrets/poby.yaml'
```
## Generate A New SSH Key First
If the key does not exist yet, generate it before opening SOPS: