Skip to main content

Sops-Nix Setup

To set up the system to run sops-nix, I usually use the host SSH key like so:

nix run 'nixpkgs#ssh-to-age' -- -private-key -i /etc/ssh/ssh_host_ed25519_key

Copy the generated private key to /var/lib/sops/age/keys.txt . This is the location set in the sopsFile option in base/secrets.nix

Afterwards, generate the public key from the private key and then copy and paste this into the .sops.yaml config file on the nix config:

nix shell 'nixpkgs#age' -c age-keygen -y /var/lib/sops/age/keys.txt

Back to top