Eww Overlay

modules/nixos/system/security/sops/default.nix

@@ -1,26 +1,30 @@
 { config, pkgs, ... }:
-let keyFilePath = "/var/lib/sops-nix/age-key.txt";
+let
+  keyFilePath = "/var/lib/sops-nix/age-key.txt";
+  isCI = builtins.elem config.hostcfg.hostname [ "ci" ];
+  sopsSettings = {
+    sops.defaultSopsFile = ./common.yaml;
+    sops.age.keyFile = keyFilePath;
+    sops.age.generateKey = true;
+
+    sops.secrets.wifi = { };
+
+    sops.secrets."${config.hostcfg.hostname}_ssh_priv" = {
+      mode = "0400";
+      owner = config.users.users.sora.name;
+      group = config.users.users.sora.group;
+    };
+    sops.secrets."${config.hostcfg.hostname}_ssh_pub" = {
+      mode = "0400";
+      owner = config.users.users.sora.name;
+      group = config.users.users.sora.group;
+    };
+    sops.secrets."${config.hostcfg.hostname}_wg_priv" = { };
+    sops.secrets."${config.hostcfg.hostname}_wg_pub" = { };
+  };
 in {
-  sops.defaultSopsFile = ./common.yaml;
-  sops.age.keyFile = keyFilePath;
-  sops.age.generateKey = true;
-
-  sops.secrets.wifi = { };
-
-  sops.secrets."${config.hostcfg.hostname}_ssh_priv" = {
-    mode = "0400";
-    owner = config.users.users.sora.name;
-    group = config.users.users.sora.group;
-  };
-  sops.secrets."${config.hostcfg.hostname}_ssh_pub" = {
-    mode = "0400";
-    owner = config.users.users.sora.name;
-    group = config.users.users.sora.group;
-  };
-  sops.secrets."${config.hostcfg.hostname}_wg_priv" = { };
-  sops.secrets."${config.hostcfg.hostname}_wg_pub" = { };
-
   environment.systemPackages = with pkgs; [ sops ];
   environment.sessionVariables.OPS_AGE_KEY_FILE = keyFilePath;
+  inherit (if isCI then { } else sopsSettings) sops;
 
 }