Concentrate all dev shells in one file

2026-03-22 15:29:07 +01:00 · 2026-02-05 21:02:47 +01:00 · 2026-02-05 21:02:47 +01:00 · f00f85074b
commit f00f85074b
parent 2cb6bb6a3c
3 changed files with 45 additions and 48 deletions
--- a/flake-parts/sops-config.nix
+++ b/flake-parts/sops-config.nix
@ -0,0 +1,41 @@
+{ self, ... }:
+{
+  perSystem =
+    { pkgs, lib, ... }:
+    {
+      packages.sops-config =
+        let
+          adminPublicKey = "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5";
+
+          mkCreationRule = sopsCfg: {
+            path_regex = self.lib.relativePath sopsCfg.secretsFile;
+            key_groups = lib.singleton {
+              age = [
+                adminPublicKey
+                sopsCfg.agePublicKey
+              ];
+            };
+          };
+
+          hostCreationRules =
+            self.nixosConfigurations
+            |> lib.attrValues
+            |> lib.map (host: host.config.custom.sops)
+            |> lib.filter (sops: sops.enable)
+            |> lib.map mkCreationRule;
+
+          userCreationRules =
+            self.nixosConfigurations
+            |> lib.attrValues
+            |> lib.filter (host: host.config |> lib.hasAttr "home-manager")
+            |> lib.map (host: host.config.home-manager.users.seb.custom.sops)
+            |> lib.filter (sops: sops.enable)
+            |> lib.map mkCreationRule;
+
+          jsonConfig = { creation_rules = hostCreationRules ++ userCreationRules; } |> lib.strings.toJSON;
+        in
+        pkgs.runCommand "sops.yaml" { buildInputs = [ pkgs.yj ]; } ''
+          echo '${jsonConfig}' | yj -jy > $out
+        '';
+    };
+}