globally add sops

hosts/sakotop/configuration.nix

@@ -107,6 +107,7 @@
     };
     security = {
       age.enable = true;
+      sops.enable = true;
     };
   };
 
@@ -122,6 +123,12 @@
   };
 
   security.pki.certificateFiles = [./trust/homelab.pem];
+
+  networking.wireguard.interfaces = {
+    wg0 = {
+    };
+  };
+
   # Enable the OpenSSH daemon.
   # services.openssh.enable = true;
 

modules/security/default.nix

@@ -1,5 +1,6 @@
 {
   imports = [
     ./age.nix
+    ./sops.nix
   ];
 }

modules/security/sops.nix

@@ -0,0 +1,21 @@
+{
+  outputs,
+  options,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.modules.security.age;
+in {
+  options.modules.security.sops = {
+    enable = mkEnableOption false;
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      sops
+    ];
+  };
+}