nixos-infra/hosts/velarion/secrets.nix

{
  lib,
  ...
}:
let
  cfg = config.machine.bind;
in
with lib; mkIf cfg.enable {
  sops.secrets = {
    "velarion/publicKey" = {
      sopsFile = ./../../secrets/velarion.yaml;
      path = "/etc/ssh/ssh_host_ed25519_key.pub";
      mode = "0644";
      owner = "root";
      group = "root";
    };
    "velarion/privateKey" = {
      sopsFile = ./../../secrets/velarion.yaml;
      path = "/etc/ssh/ssh_host_ed25519_key";
      mode = "0600";
      owner = "root";
      group = "root";
    };
  };
}