sid/synix
1
0
Fork 0
Code Issues 7 Pull requests 1 Projects Activity Actions
synix/docs/modules/nixos/sops.md
sid 95a533c876
All checks were successful
Deploy docs / build-and-deploy (push) Successful in 3s
Details
initial commit
2026-02-23 20:34:35 +01:00

1.2 KiB
Raw Blame History

Sops

Atomic secret provisioning for NixOS based on sops.

View the synix NixOS module on Forgejo.

References

Setup

Generate an age key for your host from its ssh host key:

nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'

Then, add it to .sops.yaml (see usage example).

Config

Flake

# flake.nix
inputs = {
  sops-nix.url = "github:Mic92/sops-nix";
  sops-nix.inputs.nixpkgs.follows = "nixpkgs";
};

Host configuration

Create a secrets directory in your hosts directory. Declare all your secrets in it:

# hosts/YOUR_HOST/secrets/default.nix
{ inputs, ... }:

{
  imports = [ inputs.synix.nixosModules.sops ];

  sops.secrets.your-secret = { };
  sops.secrets.other-secret = { };

Usage

For more information on how to use sops-nix, see the Sops Home Manager module documentation.

Update Keys

Update the keys of your SOPS files after making changes to .sops.yaml:

sops --config PATH/TO/.sops.yaml updatekeys PATH/TO/secrets.yaml