refactor(security): migrate hardcoded credentials and SSH keys to sops-nix

2026-03-17 21:45:56 +01:00 · 2026-03-17 21:45:56 +01:00 · ccfa328771
commit ccfa328771
parent cbb70ab8bb
10 changed files with 47 additions and 14 deletions
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@ -1,4 +1,8 @@
 {
+  imports = [
+    ./secrets.nix
+  ];
+
  config = {
    homelab = {
      services.openssh.enable = true;
@ -12,5 +16,10 @@

    # Set your time zone.
    time.timeZone = "Europe/Brussels";
+
+    sops = {
+      defaultSopsFile = ../../secrets/secrets.yaml;
+      age.keyFile = "/var/lib/sops-nix/key.txt";
+    };
  };
 }