secrets management with SOPS

security/sops.nix

@@ -0,0 +1,23 @@
+{ inputs, ... }:
+
+{
+    imports = [
+        inputs.sops-nix.nixosModules.sops
+    ];
+
+    sops = {
+        defaultSopsFile = ./sops_nix.yaml;
+        #validateSopsFiles = false;
+        age = {
+            keyFile = "/var/lib/sops-nix/key.txt";
+        };
+        secrets = {
+            pw_root = {
+                neededForUsers = true;
+            };
+            pw_williamp = {
+                neededForUsers = true;
+            };
+        };
+    };
+}