Does `nix-sops` support using it as a module in `home-manager` configuration? about sops-nix HOT 5 CLOSED

There is no home-manager module right now, but I would accept pull requests if they also come with a NixOS test for regression testing.

from sops-nix.

How would this look? I believe most home-manager modules are implemented in home-manager itself, rather than downstream.

A flakes implementation would probably need to output something like a homeManagerModule, but that's not an official output spec, and it'd be the first such. Home manager itself currently is also just starting to support flakes, so I'm not sure how happy upstream would be to support something like that.

I'd like to see some code sharing between this and a potential home manager module, and I'm interested in implementing it, I'm just not sure how it would best fit. Is it maybe better to start this discussion upstream?

from sops-nix.

How would this look? I believe most home-manager modules are implemented in home-manager itself, rather than downstream.

A flakes implementation would probably need to output something like a homeManagerModule, but that's not an official output spec, and it'd be the first such. Home manager itself currently is also just starting to support flakes, so I'm not sure how happy upstream would be to support something like that.

I am aware of one flake-based home-manager module: https://github.com/vlaci/nix-doom-emacs#getting-started I would open an issue within the home-manager project to specify what flake attribute. Ideally this would be document somewhere in the README/documentation to manifest a standard.

I'd like to see some code sharing between this and a potential home manager module, and I'm interested in implementing it, I'm just not sure how it would best fit. Is it maybe better to start this discussion upstream?

I think home-manager also has activation scripts that can be hooked. One can obviously not use the host ssh key because it won't be readable to the user. However one can specify alternative ssh key directories i.e. $HOME/.ssh/id_rsa if it does not have password protection or a gnupg directory. For integration tests the home-assistant module could be added to a nixos configuration and tested in a nixos test.

from sops-nix.

I think the issue opened by @berbiche answers my question then :)

I agree on $HOME/.ssh/id_rsa (with a configuration option), since this is a home configuration after all, those should be represented by the user ssh keys.

from sops-nix.

I think the issue opened by @berbiche answers my question then :)

I agree on $HOME/.ssh/id_rsa (with a configuration option), since this is a home configuration after all, those should be represented by the user ssh keys.

Many people will have a password for this file so, which we don't support. Hence I would force the user to make a decision which key to use, so they could do a different key in theory. Also using gnupg becomes more attractive again since the user running the activation and the owner of the gnupg directory should match in this case.

from sops-nix.