From a663a90ada6759ec297a55c795c66b60a09f5b2f Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 9 Feb 2025 11:06:53 -0500
Subject: [PATCH] Install sops for encrypting kubernetes secrets.

---
 nix/configuration/configuration.nix      |  1 +
 nix/configuration/hosts/odo/default.nix  |  1 +
 nix/configuration/roles/sops/default.nix | 29 ++++++++++++++++++++++++
 3 files changed, 31 insertions(+)
 create mode 100644 nix/configuration/roles/sops/default.nix

diff --git a/nix/configuration/configuration.nix b/nix/configuration/configuration.nix
index 60b23fb..7602805 100644
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@@ -66,6 +66,7 @@
     ./roles/flux
     ./roles/tekton
     ./roles/gnuplot
+    ./roles/sops
   ];
 
   nix.settings.experimental-features = [
diff --git a/nix/configuration/hosts/odo/default.nix b/nix/configuration/hosts/odo/default.nix
index 2915c6a..ef0ce71 100644
--- a/nix/configuration/hosts/odo/default.nix
+++ b/nix/configuration/hosts/odo/default.nix
@@ -67,6 +67,7 @@
   me.python.enable = true;
   me.qemu.enable = true;
   me.rust.enable = true;
+  me.sops.enable = true;
   me.sound.enable = true;
   me.steam.enable = true;
   me.sway.enable = true;
diff --git a/nix/configuration/roles/sops/default.nix b/nix/configuration/roles/sops/default.nix
new file mode 100644
index 0000000..0213d6f
--- /dev/null
+++ b/nix/configuration/roles/sops/default.nix
@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    sops.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install sops.";
+    };
+  };
+
+  config = lib.mkIf config.me.sops.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          sops # For encrypting kubernetes secrets.
+        ];
+      }
+    ]
+  );
+}