feat: add age plugin and fido2 hmac support

Co-authored-by: brianmcgee <brian@41north.dev>
2026-02-22 21:05:44 +08:00 · 2025-04-23 17:33:01 -05:00 · 2025-04-23 17:33:01 -05:00 · 899e202643
commit 899e202643
parent d7593b87b0
4 changed files with 31 additions and 0 deletions
--- a/modules/nix-darwin/default.nix
+++ b/modules/nix-darwin/default.nix
@ -308,6 +308,14 @@ in
          Paths to ssh keys added as age keys during sops description.
        '';
      };
+
+      plugins = lib.mkOption {
+        type = lib.types.listOf lib.types.package;
+        default = [ ];
+        description = ''
+          List of plugins to use for sops decryption.
+        '';
+      };
    };

    gnupg = {
@ -395,6 +403,7 @@ in
      sops.environment.SOPS_GPG_EXEC = lib.mkIf (cfg.gnupg.home != null || cfg.gnupg.sshKeyPaths != [ ]) (
        lib.mkDefault "${cfg.gnupg.package}/bin/gpg"
      );
+      sops.environment.PATH = lib.mkIf (cfg.age.plugins != [ ]) (lib.makeBinPath cfg.age.plugins);
    }
  ];
 }