fix: sops + modularize a bit more

2025-08-20 13:15:30 +02:00
parent 0a164f0a49
commit 73be71fba8
9 changed files with 207 additions and 39 deletions
--- a/home/bash.nix
+++ b/home/bash.nix
@@ -20,6 +20,7 @@
        "la" = "eza -la";
        "tree" = "eza -T";
        "neofetch" = "fastfetch";
+        "htop" = "btm";
    };
    historyControl = ["ignoredups" "ignorespace" "erasedups"];
    historyIgnore = [ "ls" "cd" "exit" "cd .." ".." "la"];
--- a/home/gunalx.nix
+++ b/home/gunalx.nix
@@ -14,7 +14,6 @@

  home.packages = with pkgs; [
    bottom
-    htop
    fastfetch
    eza
    ripgrep
--- a/hosts/legolas/configuration.nix
+++ b/hosts/legolas/configuration.nix
@@ -10,20 +10,15 @@
      ./hardware-configuration.nix
      ../../modules/boot.nix
      ../../modules/displaymanager.nix
+      ../../modules/nix.nix
+      ../../secrets/sops.nix
+      ../../modules/sound.nix
+      ../../modules/gunalx.nix
    ];

-  networking.hostName = "legolas"; # Define your hostname.
-
-  # Configure network connections interactively with nmcli or nmtui.
+  networking.hostName = "legolas"; 
  networking.networkmanager.enable = true;
-
-  # Set your time zone.
  time.timeZone = "Europe/Amsterdam";
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
  # Select internationalisation properties.
  # i18n.defaultLocale = "en_US.UTF-8";

@@ -31,9 +26,6 @@
  services.xserver.enable = true;
  services.xserver.videoDrivers = ["modesetting"];

-  programs.niri.enable = true;
-  
-
  # Configure keymap in X11
  # services.xserver.xkb.layout = "us";
  # services.xserver.xkb.options = "eurosign:e,caps:escape";
@@ -41,33 +33,14 @@
  # Enable CUPS to print documents.
  # services.printing.enable = true;

-  # Enable sound.
-  # services.pulseaudio.enable = true;
-  # OR
-  services.pipewire = {
-    enable = true;
-    pulse.enable = true;
-  };
-
-  # Enable touchpad support (enabled default in most desktopManager).
  services.libinput.enable = true;

-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.gunalx = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" "tss" "networking" ]; # Enable ‘sudo’ for the user.
-    packages = with pkgs; [
-      tree
-    ];
-  };
-
  programs.firefox.enable = true;

  # List packages installed in system profile.
  # You can use https://search.nixos.org/ to find more packages (and options).
  environment.systemPackages = with pkgs; [
-    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    wget
+    vim
    alacritty
    foot
    firefox
@@ -82,7 +55,6 @@
  #   enableSSHSupport = true;
  # };

-  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;
@@ -93,10 +65,7 @@
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
+

  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
--- a/modules/gunalx.nix
+++ b/modules/gunalx.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [ ];
+   users.users.gunalx = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "tss" "networking" ]; # Enable ‘sudo’ for the user.
+    packages = with pkgs; [
+    ];
+  };
+}
--- a/modules/nix.nix
+++ b/modules/nix.nix
@@ -0,0 +1,94 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [ ];
+  
+  system.rebuild.enableNg = true;
+
+  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.permittedInsecurePackages = [
+    # example "python3.11-youtube-dl-2021.12.17"
+  ];
+  sops.secrets."github/api" = {  
+    mode = "0444";
+    group = "root";
+  };
+
+  nix = {
+    extraOptions = lib.mkDefault ''
+      builders-use-substitutes = true
+      !include ${config.sops.secrets."github/api".path}
+    '';
+    settings = {
+      trusted-users = [ "gunalx" "root" ];
+      experimental-features = [ "nix-command" "flakes" ];
+      substituters = [
+        "https://cache.nixos.org/"
+        "https://cuda-maintainers.cachix.org"
+        "https://nix-community.cachix.org"
+        "https://nixos-rocm.cachix.org"
+        "https://nixpkgs-unfree.cachix.org"
+      ];
+
+      trusted-public-keys = [
+        "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="      
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        "nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE="
+        "nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
+      ];
+  };
+
+
+  buildMachines = [
+      	   { hostName = "localhost";
+	      system = "x86_64-linux";
+	      maxJobs = 4;
+	      speedFactor = 8000;
+	      supportedFeatures = [ ];
+	      mandatoryFeatures = [ ];
+	    }
+	    { hostName = "aragon";
+	      system = "x86_64-linux";
+	      # if the builder supports building for multiple architectures, 
+	      # replace the previous line by, e.g.,
+	      # systems = ["x86_64-linux" "aarch64-linux"];
+	      maxJobs = 6;
+	      speedFactor = 6001;
+	      supportedFeatures = [ ];
+	      mandatoryFeatures = [ ];
+	    }
+	    { hostName = "galadriel";
+	      system = "x86_64-linux";
+	      maxJobs = 4;
+	      speedFactor = 4001;
+	      supportedFeatures = [ "cuda" ];
+	      mandatoryFeatures = [ ];
+	    }
+	    { hostName = "bolle.pbsds.net";
+	      system = "x86_64-linux";
+	      maxJobs = 6;
+	      speedFactor = 6000;
+	    }
+            { hostName = "garp.pbsds.net";
+	      system = "x86_64-linux";
+	      maxJobs = 4;
+	      # i7-6700
+	      speedFactor = 4000;
+           }
+
+	  ];
+    distributedBuilds = true;
+  };
+    
+
+  system.autoUpgrade = {
+    enable = true;
+    flake = "https://git.pvv.ntnu.no/adriangl/nix-dotfiles-v2.git";
+    flags = [
+      #"--no-write-lock-file"
+      "--print-build-logs" # -L
+    ];
+  };
+
+
+}
--- a/modules/sound.nix
+++ b/modules/sound.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [ ];
+
+
+  services.pulseaudio.enable = lib.mkdefault false;
+  security.rtkit.enable = lib.mkdefault true;
+  services.pipewire = lib.mkdefault {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+    wireplumber.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    pavucontrol
+    wireplumber
+    easyeffects
+  ];
+
+  programs.dconf.enable = lib.mkDefault true; #needed for easyeffects for some reason 
+
+}
--- a/secrets/nixos.pub
+++ b/secrets/nixos.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEj+Y0RUrSaF8gUW8m2BY6i8e7/0bUWhu8u8KW+AoHDh gunalx@nixos
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -0,0 +1,39 @@
+#ENC[AES256_GCM,data:dz8znC0Os5eA4nUkoqaMVw==,iv:cx8HN12ClwwUZxn2/6mc1Q5Eh2XBIRsrhG/ETRf0cnw=,tag:AuGmWa+LM9dcfVlAs1CuOw==,type:comment]
+#ENC[AES256_GCM,data:7kh9f2LAKp46UTh8LmDqvK8xOhHO9mVUD2yzLg4LRR2WU98EpztHmDcHKOF0AG60NsndYaw1en5efU0x/NVAzfdTVPJA2apDs3vtAlzGjvv593Snwb2wa4iK0tM0beMyGvzkSEPs8HOuSLvNpLHWaB1xlC0=,iv:eBoUwZfMPhBnT2+jWqT/EGh/CVNK5qiYeaspFf1VJxY=,tag:nEcuwi2nnACadGR8zw63HA==,type:comment]
+acme:
+    certs: ENC[AES256_GCM,data:L9v0y/T4Vq+fZt5U8YAcyxtvMzv8w+gCwk2z5N027cYiuauuNFYDQ4WV5bTfDL1cSjp30oYvGTlgn3+8s9MA8xqaPJytCNNClRK4isvZKP1YdiVwKdxTg814LDzgPoZsyErSHb+MvgMEUpONifRxFJ7n1HHqcyfeXpV1Bx0=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:vTMcHHexHVST3r4wiiTuXA==,type:str]
+github:
+    api: ENC[AES256_GCM,data:QYXx+9QxXJ4WwDp6FsaSmrngs/+hBugGD8L6ZdiAgu/1/RW/ip1IEC52g49N70PGh545fAone3IiZJKGxqHeitSxTFv111cmTL4dq5s1yXEwUrsrll8n6rEVMJeHnPeAhz8MNYNxJuIfwugp7XlT61v2f/ylNVa77ZubSdNa5w==,iv:Cdnlb8LFQgsWnjEl+eQUHYIiVpXFabb70FFtnWDfIl8=,tag:vzzfJlQFQBncjLJvmFxuzw==,type:str]
+nginx:
+    defaultpass: ENC[AES256_GCM,data:kbWRuL4GiHjOoy4bvDZN9etrnP9mm3Sc5+ltxXzFzU5G1cbHAa6Si9zzhoA67/MXXvOQ1mp31rQpV1K/WsrxGaajFdHgVYGUJB/RaZfZfg1THF5qvqR7vdOiVRWSIalzGMOSUyJTNg2dgQMbymVbmc/k/vZjkjjsI3oze7oN/NZnQ7nolGybQ6W8DCTRzHi5x20/zTJdXNmJf450az9sWOw7i1A6Avg2pPZ9t2N0WyuIcy1MsQICs7PE4ztrxIF82IsFLQNj6LmXXRQaZ9dCF/3h3yyNShfjgI2owYMmrRJssZCdF5dOPq+HVCEfE3jYBFcAWrvCCnYBczCx+WGl+5sQbfJtZdcDGw1bRw41I71h/W4micjo6W5XbeHVx+Rd,iv:h6gn2VKancyy6dZlON99zjRj4smArwt6I4a3PRjGfZ8=,tag:F++P/Qhh+uUUhBJYp3rGvA==,type:str]
+qbittorrent:
+    interfaceAddress: ENC[AES256_GCM,data:GsDv+UB07bQGh/DISw==,iv:Hn1zGJweLj5jy8sk4aN9rob/6kfzo7iLXPgaLBIMSVs=,tag:fbKSrAIOqTsnCCI1DBUZkA==,type:str]
+miniflux:
+    adminCredentialsFile: ENC[AES256_GCM,data:FPcdTiJqbI6MloU9JqAYPABoD/odegXks+JyEeCri8hOV0dPMd0TNDV8fN1bbIiJ4llzaclZbjl0HKM=,iv:5fd3O008aP34+7lGlG8vBPAIdmEjFPoneH+rJ6d9TI0=,tag:HKOHjGLiAIDBR54HJv9teA==,type:str]
+openvpn:
+    galadriel:
+        config: ENC[AES256_GCM,data:f9uDYNLHP63oee5lGMPsmZ76f80n51eYxd3hvF5ZhPGtCspBEOMLHRonTSEril1wKCT3i1DWR967lWTdjJs6KOpoX5JqKz2Qj9tkpXS5jnHZAf0JQg1l7jmf9/a2OKJparVCFJyNPTN5mzl3gGOyDGe0TIT+ZtP8/PCWsQNjB89Crd/kHSSAmIUb2fcNXEkxs6XwgsBAlhbR69e+06NYaRyX5ydVV/kDekx+ixpx2bIqMQqIdEk358RLCauP3wAh1FoqTTJ2eqLcDhuPySFol9cLCInWnColNdyb/0+czrEa4DiLrbFVXx7bUVwjd9rb+eoajC1e09d41aJkVHG1LxlSRjq1sBlI3v3E1vaUBJWegZBROEpqEOCKfHSagkmaanaBv/KMq1MFmXJ1MzyskDJb9MdNFKRQBjQLwBXnURts/Yj9ChrT51z+/bwItxt8XmlwIEgL65F/8h1+bUJGOi27ZAvfkixflff0ELYSPvQI+N1vFlF9QP6AmIFxF2SdmOSlYzTYIz0+LMejLltCEUdU2qdlZ0a9DuYlsxvnZ75JgWXviw==,iv:C2Zb1DLTMlsEqQ5/UUrpT9k5Z51YYGu3SUcu1F20ydc=,tag:wGkQ7LWgCfy0K3zM38JxHQ==,type:str]
+        ca: ENC[AES256_GCM,data:ENXxKPwrssp1dZtiWNEwbZGapNTMmDVHtKW/59D3yb1EqLINkHOd2gfQldUDwNbUnSh2nOvt69Uv4Tivqlep5LpSB4rGH1idbxtyWpjKCiaieuNggJ4oc5w4JuJyhJykJmHiYkwCgdaF635AKINKiOPB0j7obcASm7f7NWPuacSAMQLruVMMw9XeVeoHMGnO/Rta+Bdv43aYJD8RFqSywfPyY2LhxXBIs+of7ENXG/CF+kSOH9GCwRl4Gd4vdTxgwfm4xGa8u1dtobgYwNhhO+KaRUd3aFV4V9cVKA2rPH9shUOi6/CIe30vciHg9+ziq6l0QniM7kQlK7iBLZm6ml0ehHCLZpetgfWFYU3uJhWmrKYR67MEfmfZVmp1TykOjmlHihbCzRshsb3aktnGyhNqeWb3qPeeaAM1QtgbKIGn7/dWm64eubAGrdIfSyxT0MOaZa+j2Oo1mFjhqFJrt/bUtESodbY9ix1pbY6byi6ncRT+HK58aVwIg/JEiuvRR7Zee9dsnz91yIHnTm2yabwBZek1D+SytfIA/60WI2O/1Rc8u6oWRy4TSzRLGy6QgQiJNW1IDw6WWSTuKEIMSQb8MZbldq8xH2miwAisVceRasqH1+EHTz4DF5gUFjUrQhyCF3ae21JdT0ihz9TRDTsxva7zRqOvqtugDkzN1gqeNg33WnKP5egeK9iqVjAxhA49qnpqoCC8Y75ZgqSa3bN5EeBpZbK7bwjDpWjQBzEERZDUjk/BxA9zzYlDXoB9z6VHUXdSjFmhZHjR+96EG86YARliIjesiW1Ap/rfHBYXbGdE+N6mnnPcJbc3XekAC+2VkXDMk3EczkfQsvUmQTxiHk03Uftv4NKt148FbH30UXEsqdtFMxaqONefLKzwQp/COKArc6BR+nCu8zVmMOV7Ge/CrvjTZLfsTeNuRf2ay650C8WawpDP7ZjPNVtVH46iVUjfzaJn7UdYKuUTnkaOnw1BHj1rZiI/yzMoGWZOW5Uo3Fn664N6BXksazRi/fEA817XxT+PcrAxeVV1O5XpOIGvaJ1imHkVM0etGKMqOZmwYliLnjdvj6lOhb9e2FNDNRYTsKatcazL+3bPpKCvTCd/Rbs/Rs2//Ti+EzRwoWlKuuWk4K26QCAjaNRYVVdem7DCBdknZMs1QHaGHEughQTdyhd6SDR8ZP/wrCaR9JEM8Rfx6/1QMYBHWFR5Vtt3srD3jgrWRmB1EBTz1BuROjW/uUhrOKA3EGZPltqHk1Uph0ZZP6vJzyKy48ev7bZZNst5NDu/lh/+yEZd+ZurFErdzGQEL1SpDl3jtkzrO54HQdcTJEPdPpKAAFdi6oKsbi46lXKVwk+8i6Itxr+lejcv7UiZyimiZ8cncwP1SxYo3kJs1UwXFSGgea2fxG+qoLbpOZddz3q5hNFfdxwDDTINoynHzKhH/iFLo8QnyvduXzfwNaUW7OT/XkIIdnMFlqUVpA/d1omV3vPiEzmNlwPRPyg/5ZlFQOUTb5XNxmekIa28NFJVAfrWGrfIrhS/rFZ2BQ2TUVyj5QhecQPpWlkm0f/1xoCKQb6h1TFSi4+gjmEQm13GAl+/hNPmw0biSuiSFAIbxqU7Bgc3OyxXk+7Z8mGFbi3qJx2X9w0g0LLemA9vDl4++gQv/WPZPV5XYxKlcV9kg2/s4kjcbqs6AwDMqfoIWjJnLGU0/DBzZVUT2EBaA+VGL2wEtuLbyiJLDaiBl+hFqQDVcfWKWszAbkBy2LKw7NqwQuPTo57X+a15Tlj+r9h9vg+hO6Ca5sct3m1Mb7IANcCCwqacuBuJ8QdePxaloMjOqhfx8QflBxFu1+27t1ooWKazILoqL1zlandJE9aKjGrSDmOMBiG5CMJRm1ZkfvhQ0pv89cKb/f4/q0VyQCtvE8wA7o6JZ9bqDtvr52W8QiZf01Ow9yLi2YH/q7vvU5eycsmvqvR+0CrBCfoMFvVGxtDcAeyq1MJo+uvtTrfT7rRQfcSeE5b05+lPopDNDEmNij9CKIiIJwuws4tApltaSSegVYiBTjEXtGOyKhHbKgiR988iFP77PyxV1eKeeUXO/M+uJKsIYZvcyKb+UYndZKuRrMfGI1aj39DRoHmjiNCOEkxTBUeOy99J/wUP/r7onx7jlhMNIvJa1NlW/LWm4bLMcxl3No6/KOYBNiZSiJaGJpXzPRN8Ez/4B9hVOPuL73j/SAAn2OqhkYT/fV/wHnRGCOhgxLlV5MfYb6iubUdV19ti3gY7R6ib4ms3Bvma/NVQJCYcbhx+kOmye7W3P3eFeXysyfrj/4er+EX5QnlcXhdhrmvLm9TGMDUwLqGNIGPSAjfTS24lxconXWJ6WjGoW4tJhl6DPJrHWOTQdTmC7RId3g6L946/cqeMIWz+qTkQRVTg8Ea5xytIop6AYPprr6HPehfGYOkO3EbFg8ikX7jGhuA44R9BEzopHsRQr5+5ZGj3iw0bLvnaqXcrtv9rckLhajGbpIQ86MX5FwHND4AXYN/Tfe70j92J9NpOos8m0+g0OCtuyxV+aZPBfBz5CHlNZgIrDYlN6wu+O1WTzPF/lIPbibjFAdOayFwIcmr6RwmDKO9k/hd3D8mClRgpqaFO8+kXaxwiu7xagMipCoi3V9X+2YcU7EGIzKiTTPm0hxBJebUWrPT4wjr9RyUTgJx6deq3T5hXD8ULY6xLEmKkRsqVhWjpmsxsqkgcNNU3mGzdkrZEScMgeRO3dDtNs34Dv8MeerDnpnPeF8W2Tp6TkcA5TPi+gPmsRTVK8gMZKsAt+YaQR99vXhQR0JL7a3b1mIiX+drbxDM3Xw4jYG58R68YlP0ANtYAXgOWlTQlJods/b7QODbW9RKSm4kgExjwpa00H72BY7Rj1UFmezj00WG4qzwNmGyA4PS5zoS9i/rZ5yFYqFbsEU1kozt21o3rgVktx9BxwyEMAS3FcQolanythcvsLJzBqe1pA6jDdjVGrCEf+0yMpjYFiYEkogGK,iv:1PfKLDXQTyg5CanOFnYQ5TIlHMTjEFfUYL8+Zw0xdrw=,tag:gXjfagkBh8FX5wZd4LlLLg==,type:str]
+        cert: ENC[AES256_GCM,data:w90+WMeDkL3q5ex9n34fM+Efute3iizc0a6HOw2Pma9BpgaLL1NJ7bczjrNaI/9D12d3SAP1/BeONTEyXUDGAvfmJTx5/ZMX4+TWF8yrPPkdm5yQ58Aqkz3Cu5ntgm4xRxPnD5O2Qo1EQuBQlUpnwWqITmeUTmAGT3JYgAobN5Bkjn3h/d0XPnu+5f4jBVSTDFOW4WeJP1WdcYGtpnEj70wTotngoTMwLOKYDGppgoHG5sAxigGeXx5cPvwqecbqOZ5p6FJwCK6iiPGmopWsFgSrA+1ES5P4x0S9q/O3R5+XfqRh21Hjvc7G95J4HWA6LxdDutVl5yS/BQWgBAM4fso/tbIbwFEiNRD3zswa/1nHGTyHisCPJUgaZTS/s3KOL74VoaKl+Upsb0C48yMKJIrL8F3LDF5OjihUWcWX/e0gOJZ+rpPaNv2Qc12TNM6cy0TorxA78fyM9zStgvumi3HjHZ7ZVeMimfraNVT4qTcWXcXrDbfGORxAZlrpKwT8HWdGkGyB3GK9l3KW0nkt0VZJT+SPAII3dimRASc7X1ECTOTgHImE/a4GnlMzg3ik+3HRV/5absZwx3tkUpBtMBUXV4+HA8WXRUeWaGgg2sybC2C7X4l1ChefepVa0JbzLMt1X2vbp+UMeGWbV4lv2V5qlXrQOEBnSwQz4kc0bMoQxSh/p3kohWMtviRuWRq99K9eHsQyD3U59rs9d98E9DIwdH2/8N0/XricaXnSOHErjUTTSSTXfPawJ2bfKMjOAfOkuCHIyFqeQsLElQnR51lzS2jJV6OhEDwVEWElPsvRBxTpafSL0RD90iO39Wbn7FTTBSbzf6YnJNpLu7YG/jysiLcf3zVjarsk648WcXMnCb7Geemqn3voRrJMdKA79sZPNl6jkNi/Jbs/+MPK1VS3v2kLr64lQPctfUaWSL4OGrHRdrO4RVdO3CaDI2H5ylUVoKZmy6LXCj9mQjmvKrK8l9ehrVg0i7O39V0qNP06D5wm/KmfYQtIhAlXy5r8cVR2B4klaxfcG+O/JuIROB1udmNAVz5SkHVTBkLGzlvmV5XAHOVE5+7SRf+ncLtKHoQ6lVGJSSfdgFgqjjQnWKcICvkLL9mtWl7cEPxGg8NlLjLwEExmn1XUa99QZmLDlxFyiJZ8FlSQOngoGkA2ZmT9m8531orzzIUudImnxeiiVpZeTmxL+xKo2He0YBDnAIa+SCzJcM8KaNttVrs7Gc8Jdl1q2HZK8j/dEc31zC0gG+7lODwa9Ce+Lguu+ffsspaAwhmHA5qJElFP5gzBeUfmqDM4YJGPthPxpZCkOePQ6KcZGys1DuaMKfoOuBnFKhAoyP32dgnn8XAHmloCGaVxNbZi0kZZlY7YpubleJlDlib781EDc8WXXokiLSlVyKgstQ+tSO2MtdaEJ4ZWZ4V7p++MQQuFof0GCwNbPUabAuhqsX+6X7Q2LiS3Lakz4PUn1BSKsxWMS1C0GEoY5VBHXxukIbCWoRLCqBQAwjDDLYfUIUp7Y32Nwl0ZK7KqiYyj9ORNe8keBnWZKDHB9kjSnP4C5HQnyoe/fTL4v2mSHDeixS2DH0S83JmV8FxAQm67YWC7WBJzNZL577MQlIOArGGIAx7O5/o0sG1LxAz4/Aa+IAteebPmyqtXW4zmv0CC6H2HGq3WuPvZreSXOcMUOUpWwWsyloh6oZVTMqUHXjRvEL3B5DHGV9RFIBOAETkEP30xfl0FR5QXiavbZ+JoGt7NX+qu5rZ/u6Qx56URJ3cu2LzcGmb77cdcFKHV86f/rXdbAlr+OnqO0cXE6g5NhPr9u8j7Sxm/zTIwCVLod2coCnr/HhL0CF6f73IVWYadaXNP/tnOUYe3yEJv63IMYPQh//aOZG2BSuDxznQH1NnwNoa68lPzauK2UHHV1F/f7GEIPZJE7n+Dy5ai7Ysba91Hbv11rLXQHDypzUkj2mp6VIrC4I+FSKEGorbAXspJhuDnX1Q7mm8GOD8NxZb+rQmZOYRf+UG1z6gdpNwAlwk2bO6SeW0QCBBr0YbAAFA95uOuRpDphLQ4y/jcrKR11cWPetgtzBBIZRMT3ixq3As/MED542VffQtsQOAeUkMNz0UIMm0xIMlV/reC/woZwBLp60bhjlkwJP4bh7+6dsH9KF8ZS8jYn502MZpOTmhHJ9CxE8xVs7OSTkJTaDGkoisyaZ6jfwm18Jl4MkVjXXt0A5PrMYfOt2CbRjYS+BjUQIFZb46EWoWiPt6LV9YMaBv9IQ59ZQo02Nn4ZC9/J3MD7SZH5fWr+OJWaKPFiaFpTCyDJ8kDGq5i995X3vvKTJY8lOeBO1eFMnFe/RFyLylvGDST75P+SfG9HbT4hlR7+x9YDioZhR9FgnM7rts4pSzMZENlG7vPuzfmaTAOWxlL5F1TgaZoOnzOlc69PAPtRiLiigadRTRolDnJlFTHlQa5qby0ARvcvT2eWQGnoGCa4aDlPzPM+1pu6VwT9SkpHXR7O3HTcMZO/HZIUe93qVeZQ93WkkFl+BIlWGBAzTYJwKoEBvPY0lrP9FkLyMOLuq4BBf4RaP0lplBt9CczE0qriWhR5w48QyIv5pJRgyLU7hqOUs7WeKenNMohAy4lKiz/Njr4jXImZmY7mcuoMw27FbW+jzXlImr0QvjTpjhx4INb7iQOZTSXpm+B0jcKmxXtC3jmoT5jAks7UbXIi4VgQs2fF0Ypn77D0IIAlRh3UKr7Qd779vzHfDJAN/uqrlstzyCoLirkcLDacp1fYfmF89w+1GTKvPYKUw64fqRjGFLc/CYpLA0THP7GL3PSZo1RGl9nawm4mAX0OrE+BzVpblReAMVmxezGkV7+CYBZiHRJK5rr4kK/0lxauZb02H9MvmTVCpk36s4Mrs56HQX20sfFrW6EUQqDjrdicEEXYMTPu8tYeGgKJr2Oqin/3GEIR0BhHwh3pTjzPAn9Nh78BQFvCNVTHg24NB6SfZFWjhVMZM4qSvZeCoOoYerPDxTjq7jItzqLPhX8s/u83D2AHzHRNgsKt7NBnOOBtPL9hKSXsK5IsDhXMS1U89atiyE7E6TCIE52+32ufJgbcqhc0u03GWPk6KW+ZofEnxbVpvBsJ9+tj3j3G5ogoGxDnUshrA+9tGCqgOGA0FZo4qOhYGu14uOFL8GJpgdEECnsBAM9soz5,iv:46DOOjh6yun/FfespTsPgQdN7/z6EVDUEY2V3OJQXwk=,tag:mAicNQoXQFcUE0d4A7Frrg==,type:str]
+        userkey: ENC[AES256_GCM,data:qaJIx3uJPnRf/ZN3PUj8CdbIDZYwfDHG4APWlQTUBHtJqYZbP+sLVFmpvgCD+yFgomghLeeDCt+Hm7ti+XYjLRciDPZQb/CAlsdgQW7JbsGA2Sdfj5wwn+vF0F0BLO0hORcB4VW2cY62yuf3koS6IbgXeHRVmLe4hmTftZ2ILZm/nPdjsG2sktLklORG26h/zaLX8fe/+2E9kFu8swyFxI3b+2xDkbm8/jsYSN08sL6L/kCaRlmITISMzVOodrms2FYv7oYnKsyq8ABBnpYECRJheukWNIzcFiJ6+QQwqJUCiJvdJ2Hu60LHgSP20plm5SJ631KBEK8NelwRUhpWe0WBiTfilcmwGJUhADtOIaDIO5r6Ou/OfZupPUEQtg0XhElwWiwqnnnMA//POUxMRQ7mxbhZU9XA2BAHv+RH2SUq7IEgTYkOps4zEWk48yyCI7338hB6DOZs2lR/yWkfR/JtDF3HM8RqLVDB3b9BypkWwfXh/M1RlK4XHid0gv575rQXe507mCAb4KJ82RJSbQ213974e8jXRdMtERM4ZujcP0hfeqxj5vrKLRqVgyLDH3Lz7c9eYhUVS/JN2HC3t/BPdN5J9LJud4r1VLYR01Ru5U+IDqOi71T5jiASndrc+QQa1mulEGLIWj/2c8oe2S0p2EU+P6V5RSrqLRuYGpvCcMOs7ydzKBd3oHBMY/VDhpbKlZEw/Kofbs+Easuz5zBlLlPxc0O+AttNlfsSgxuTD5/NiUKT9+TsToSrBZQiBDKvgDpQjZsq2Clw7ZAvFNrPNTiu0sU7YCe4xO9gQ7RIcXzI6S1B1eoHAbnfv7lKE0VvxRCsfngK8Kp/NccXIsNfDCZ/1x7/WHmq9wr5XmWqY41rf1LFeouQFwydjI5iPp4jHwUzPkiGBkkaOdkb8Ovjjy4urMekTiyO5JKJUJCmtZiSj2DHCOBWm6nRQOFCenLHD6ls2NeUpqqsA2wna5DVn0EPvpaPIkmrdIqHh8d85+N9C8UbYDwAnEFvqcAIlFDWj/tUWVUyfWLRl0JSc1wQFzXavJUaLhhLfP0Gh3n5/ayALGLrLwAeUWQz+tLu7oTs27PaEbQknyPvBczG4I/usAzpdlzr4VfdKWfvdjWST1c5ZCPl4qS8T9+/5jOE1+g/y3kcZED9qjFXdnVpoSJfLx+3cY59inv2LMAnavY++zEV1SWIwKFgAgJoYR4hCKANySWY8kBxCDcRjdBno2rAM3xLfU6I1sLb0lm+6LBswOEqHTb9E20u8RXum9JUI/6iauhJHmfoyMLVvhD5XQyolbQ5n/r1qq5LOjsKWGMvo/AeosBwcAY3u67xyvNnNgrd29SBwOYyGYNKG0jyhg7HDfHFIpSDzfAI4IOyhs44cPGFoN759+Y0BNLjW1mqDiWpErvSaNc4zH2cr2fSCaGpEBbf6q3hMh4tRQJayxVSEeD2emO69UNBd4jCkHo4vaK6D9aSBEcpWR2SQM0c968zDcdmOTajsLzPYoIyaOgWFAIs+9A6f8eyqlhDfWIxp6e1fVY8sCFotZaDXRqb9/umCy0IqNQChuKYcB5oB/hvwwMMuTE+4Q4Dd7RXfW8ZMAZz3Z1bqimVhFeVXDkyT+8DXMf2166bLxxwxpxSCPd3XmmOSUiNKysTHykh5MKaPjEyTl7xgvbhqZ16k0pvkh+z5Op1NcU2tm6W+/FL1JV83KnsjC1jAdwMEeFn+0MAFXTBARAG+qAb3pGowYz/wNSsvf93a3JTANA609opK/7MK84h5n7M6TulRBw5Phnw0HUdio5SJ7DBRPr4kYGgVTMwWzxfOY3lDF/fnsqTOjGWxUoLrRXrZ8aaAHWaUYFzx52SW3J3rczRBWTC0jUUEVs7cslfR7N7VGvEXV9p9TuJOsfAyvFyseRIh66Uwi9Pwq+QBOadUttcT+iBgz72BEPwuIAcKre+ShoxE9cHGrtpvlgi7eDSlI1bZ7km+8j0TWryzKLK8P9N4MhspwRO/zGXiErAOoBe4MaBvMvjGCgCRFgnLypoDoeHeoLO1WvgskKUhHXIZV/02nBhhnxPUmJjzsqp722aDztxWKU1VX6lHooRFgpMRzOymD7XVxfZNyDrxuf0VJluIzZlFCzGpswgGnxocs0hFgTMePzhoMx2XnU9d6NM3hl1fOCCwV7Be8KjahNRc5qGChPS4kLzEyvsWHD7EiKK2gCYS0ysiPTNxKrcC9JFXqR7iX1QSQ8W5Sy5IBWYZWuBNj0STJ4J9VXImEaOnWnkNLcncwQh1Ty8OTDX15jeC7/ltfQ6KVjPj3iPs8cEADnOW7ez91vtXOg4dFhjuLAylipQYFIaUpjJOwNQuEcp121LKR1YXHeLRI4y2Cvw9ZL9HXZbB8yQR5/NNba2PScDjfg05ZhFb4yFfcrT+OOrvO6ej1mX4qPzK4X4Sxzi+c632Xi98I/L6rKE5WCLg0dXPUhy4YwD495ZoCFfT5hzNHrNjeCGG03mVC4qLTcopwyn4TlcN+SnZEzI9kVvTwOhtW2J9ol1GNjiGsmfDq9I/+jOfALFQgA/nFVyqBi14pui9yhno6WDyPGifDeKsoNBoZq63lQ/exxGzTH/sPRqeumAUWU81n3/4FLcknH1ssucMC73scO5S4+lzpF89PFCV5Qnkcghzu+vEC5/Z0roU+jQL+wPpjnq1QAuX94TX0iLVozSmcPfFwv4PyzqiCRK7dbk8TtTQlqdM+elzKzKbQkUQXvY2vGTyKnZxJjrwHx71QuEYMfu3QqO7v5XUJSayON1o/RcfQdwfxenLaLOzXYPVod2eylalY7vXKtJOclz0OsCHVL/IAs2p+qvnBhDi2LcBKFgYRgI9ZrOFWGBvk2hzNjieQtM/a9BAcAjzR8jNTgBYqTQWIuloJEjd+KtRC7S4qFVSwp5E+2eFD3QpBaf+TFuDCvSteWpHZSXIrrLEGAichsWVHK09KKGsFPb//S2bEIrHeMYwPbDZ4JFR5YzUJTnfuHFCAGxsL4qali4ZA8BlTEp675TwJ47FWpS349/10di0DbIm7+eeQUVv4obn9sk0st1tDHS5kWsWQq587t52OFuqwXZv+GdEMn/jfo4F4dEF61DbkXtMzMs0/DU9x60m0pp41LvJQsm7GyGjvtUV0ltD5n8lF40pmVZnrcrQb/VSd2mLZbkTl8K+1J2rDnel2vf5DcUSysTha8o+g0X4fqMeGnIot71ZS7bqtzYzACQukMYkSxqE/vnalxN2G4cmP0RCSwb4YhOdgsKjqUwEr560xv5M58RSMW92cFC59CHtu4G7rPyvuA9Bp6lJnxsRAfPB57QF4aqYg0VpBTpP4MHdeVuG7v7REATjyexnjuli5BSx9540nHgjrcMVcSVkcNcIykAJsHVk4PJZ01o5Ycmubvw3fHvt9OKyxY2Y7CLQpVcSwgfp4KOLnUe3+88fLfMUfg3V4rVjiriivqHVKx0aMKqkW1Od6fT5nZAd6h5rMxLWDU2U++wUcc/lfRK+J2GgY+r6MmBb1qRajW8VS3ms7e/RylxzHpaU/meUTFiFxop4iCCwBn3IjgFtZWcn+8eERkQQ0wZfuz8u5Lfy0uPQoaRhoHPXtBZQEWuQd/MIGKaetHU85XRu/1HYvQ4V5+Elu12D8idTCennGv6gqIOFZBhS1CCKbPtzTmYuV9JlmbMNhQthwuxKKbZoXhI+GNDggPMxkkmhxGChj4X2NymV7u3Yqrr1FnNGTMcuBJ10+BDeNNY9KV4MZCKH//rRjUxVEgiln0EEGFTeA/WSyG8wu72maDu2OvcfoNH3KkYYJ7JqSzvZ8raVMiWSx9nkAN18xRWxWIz4wNndrk963Ol4rwxymVcXDE9/Qrz27MAZmNhrEaF4qsut7VDLxWvnrcWCIXddNPFcqgU1IQVF48U7WAGgTFDJdDEp+Q33FNIbo70koN0KLE8ot0jIqWuwBFhA5fI7NSv5cEIOueTcD2p3J2snBebQbRtsDtu8mJBunYPqcvP3YH9xiDJkdiij/g21Wtb7FY/WPP1uVt8RJu51kxTw9VZJLLQqisk1usn3kAKM+m3gQAKpbgiFmfjb3pif3nHTCi+tRAM4hGX2VWHY8F/iaTCAZpSyd34SD6OqYIzh83nchwyaMOU9QrrOIG7Vbrd923/AMBcFVaZnQB4eGNIe6fnEiet67kb6g0yxHNKyORM0+fg9INbywzT1MzjbjozvNw5JEHm49C2J/oWcyGDW13XtQXw8uvCBVEqXpz4baNng7Xzge5WwBLTlF2+hh136npAE62aHkNZyy0E3Fa1V6ludI//BcnZ4jqYEO0/w5SA9wYFT6Aun9ltRpq60VZnYc1Jr2A=,iv:kR5g0wvCQ3NGAqviN1jvqscgAYrGzHLqhooIljtJ+gg=,tag:Z+U5Wn4U5ADIxjdfI37cBA==,type:str]
+        tlscrypt: ENC[AES256_GCM,data:zG12fAsc9/LcxO0eGx4ytjHm07BMnf5aBHlfTtif4noCXcPAx5xunhJCOaWEoTobwOEpdgXoZzQcJa7EW6N/4kEnGzk8gfSl+BFswO6LEoqzYJb4sfy2qJJQrjUNxsI9yib+OCgb4DQ94apdvVG/dVypdMQrw+x+xg8K+hdZ5LZWdZLKKcBxHKeHoZ+lt/gJNv3BbtQP6Vy+1biWxjdHy1YfvLm+iqaJfi3/9HV8YAi/iePoY+rNNtc8GlaUp/HrHfmCFF4EBWuFr2knQ5t8bx7sHGlhdcTIyHJwNQdCUIsyVqckhxDulLM8luuGJZsiulkdK2f4NSpa6CPYZPWPHQ2BfSnugBEjbWrF2RQT3eOLAEJBS9YSV1/nvHA/lU2ymf0PBzzXhE9Ms0twecrS8Ql/qRbWSqiQNzHv/P7k5i5E8iw4zqaUtir7gpu3AkC2GxMVuQfowiruZGPi6i2YbDzgaBi5fZJAosWQHvZXnVApqFqzWXCzw4ACXlMI6MZ1rb3Ut9wEDXHGMRhhcWmHDsCO6I4/EphDfLiexYeVHKB++MLilXaUa6wXN0yGefj+NC3Am5YQRwR3rd4KrjXOrbKWELoIkyYrGWkZ5w5O5fC4Z+h8jxPjng/lNM3JAzREgKcw+0IcY5q3/bRXWGMScVm5qqc9LXozhWU9gghQOhbcb4NYFob8yczTJT8IdA6D72N4pAm+524DMjTPRiAi1KQInICeZp2mILvT5aUgTEXtj+iwyqyo+io3ffOjQdHa9HU2IrZKmoapkvEOsFHm3L63uY1T92/Han8=,iv:cjIKuwyLtXT5Wg/VzinC2Lf5EysoxsgnEsHei/+Yum8=,tag:b5LKO8urIBC7BJgyfs5kWw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age14cpm59h7hx8gr54hrn4uxu4xnrp9wy3f2kdxvy6xwuyxsfg8g9zs8z5e77
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1YW5Ob0RscXBCODV2d3Z0
+            TFVVMVQwdTZKZWZDZzNHOXZobThRZ3lyOHlZCnhWQTB5aVd5enBXYUtaYWprT1B1
+            ZHhndW1vcHExYlAyTXpXWEYrSjhxaUEKLS0tIDRodGpsSS9rZzlOeWMxOTRhVnBF
+            OHNBdXMzZTN0VEVTYkVSbUVRYmo3eUUKvRiPgmrCCK1F5QoSHlV89C2MPl5FvU5i
+            z61NMJu68UEDsDu8qNRaW3aqpT+1GYsr1evi5imzNwr0qTM2oRwkFQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-15T01:14:16Z"
+    mac: ENC[AES256_GCM,data:4hqXQvlmPKuPkQEcUIpTEUudVknNVNjXjP8pB2UPnPmnr79nLWy/ZOzAcpSob1XNHyB7We5neBUEDYO56PjOM9C022XdZfaqXUC931uqLqo1iLQupApCphf/HR5bwDayv63Mr1Ys9MBdhCrYtlfy4iPiEdlpfDhLuD268EM8x0w=,iv:rgzgkB+5r/xDrN4i8O1f6CXyGxF7Peo+24kkQf96yf4=,tag:TZPaNEEYxFZ0m1CRbPQ0kA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/secrets/sops.nix
+++ b/secrets/sops.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, ... }:
+{
+  environment.systemPackages = [
+    pkgs.ssh-to-age
+    pkgs.sops
+  ];
+  
+  # This will add secrets.yaml to the nix store
+  # You can avoid this by adding a string to the full path instead, i.e.
+  # sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
+  # sops.defaultSopsFile = "/etc/nixos/nix-dotfiles/secrets/secrets.yaml";
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    validateSopsFiles = false;
+    
+    # This will automaticx-sopsally import SSH keys as age keys
+    age.sshKeyPaths = [
+			  "/etc/ssh/nixos"
+			  "/root/.ssh/nixos"
+			];
+    #This is using an age key that is expected to already be in the filesystem
+    age.keyFile = "/var/lib/sops-nix/key.txt";
+    #age.keyFile = "/root/.config/sops/age/key.txt";
+    age.generateKey = true;
+    # This is the actual specification of the secrets.
+    #secrets."myservice/my_subdir/my_secret" = {};
+  };
+}
				`@@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEj+Y0RUrSaF8gUW8m2BY6i8e7/0bUWhu8u8KW+AoHDh gunalx@nixos`