Modules: Add sops-nix module

system/default.nix

@@ -248,9 +248,6 @@ with mylib.networking; {
     libimobiledevice
     ifuse
     usbmuxd
-
-    # Secrets handling
-    # inputs.agenix.packages.${system}.default
   ];
 
   # It is preferred to use the module (if it exists) over environment.systemPackages,

system/modules/default.nix

@@ -5,7 +5,8 @@
     ./docker
     ./fonts
     ./mime
-    ./polkit
     ./network
+    ./polkit
+    ./sops
   ];
 }

system/modules/sops/default.nix

@@ -0,0 +1,15 @@
+{
+  config,
+  lib,
+  mylib,
+  pkgs,
+  ...
+}: let
+  inherit (config.modules) sops;
+in {
+  options.modules.sops = import ./options.nix {inherit lib mylib;};
+
+  config = {
+    environment.systemPackages = [pkgs.sops];
+  };
+}

system/modules/sops/options.nix

@@ -0,0 +1,6 @@
+{
+  lib,
+  mylib,
+  ...
+}: {
+}

system/modules/sops/sops.yaml

@@ -0,0 +1,7 @@
+keys:
+  - &christoph 2D77520CF698928A855E0B9A2AB59FDA7728388B
+creation_rules:
+  - path_regex: secrets.yaml$
+    key_groups:
+      - pgp:
+        - *christoph