{ config, pkgs, ... }: let isCI = builtins.elem config.syscfg.hostname [ "ci" "sandbox" ]; keyFilePath = (if isCI then "/var/lib/sops-nix/mock-key.txt" else "/var/lib/sops-nix/age-key.txt"); sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml); in { environment.systemPackages = with pkgs; [ sops ]; environment.sessionVariables.SOPS_AGE_KEY_FILE = keyFilePath; sops.defaultSopsFile = sopsFilePath; sops.age.keyFile = keyFilePath; sops.age.generateKey = true; sops.secrets.wifi = { }; sops.secrets."${config.syscfg.hostname}_ssh_priv" = { mode = "0400"; owner = config.users.users.${config.syscfg.defaultUser}.name; group = config.users.users.${config.syscfg.defaultUser}.group; }; sops.secrets."${config.syscfg.hostname}_ssh_pub" = { mode = "0400"; owner = config.users.users.${config.syscfg.defaultUser}.name; group = config.users.users.${config.syscfg.defaultUser}.group; }; sops.secrets."${config.syscfg.hostname}_wg_priv" = { }; sops.secrets."${config.syscfg.hostname}_wg_pub" = { }; }