sops and user in own modules

leanix/configuration.nix

@@ -23,13 +23,6 @@
     };
   };
 
-  # User configuration
-  users.users.${userSettings.username} = {
-    isNormalUser = true;
-    description = "${userSettings.username}";
-    extraGroups = ["wheel"];
-  };
-
   # Bootloader
   boot.loader.systemd-boot.enable = true;
 

nixos/home/desktop/hyprland/hyprland.nix

@@ -38,6 +38,7 @@
 
     services.network-manager-applet.enable = true;
     services.dunst.enable = true;
+
     programs.hyprlock.enable = true;
 
     home.sessionVariables = {

nixos/system/packages.nix

@@ -6,6 +6,7 @@
     ./packages/tor.nix
     ./packages/virtual-machines.nix
     ./packages/yubikey.nix
+    ./packages/sops/sops.nix
   ];
 
   program = {
@@ -19,6 +20,7 @@
     yubikey.enable = lib.mkDefault false;
   };
   sys.desktop.steamdeck.enable = lib.mkDefault false;
+  sys.security.sops.enable = lib.mkDefault true;
   programs.kdeconnect.enable = lib.mkDefault true;
   programs.wireshark.enable = lib.mkDefault true;
 }

nixos/system/packages/sops/sops.nix

@@ -0,0 +1,23 @@
+{
+  lib,
+  config,
+  userSettings,
+  ...
+}: {
+  options = {
+    sys.security.sops.enable = lib.mkEnableOption "Enable SOPS";
+  };
+
+  config = lib.mkIf config.sys.security.sops.enable {
+    sops.defaultSopsFile = ./secrets/secrets.yaml;
+    sops.defaultSopsFormat = "yaml";
+
+    sops.age.keyFile = "/home/${userSettings.username}/.config/sops/age/keys.txt";
+
+    sops.secrets."zenith/password-hash" = {
+      neededForUsers = true;
+    };
+
+    users.users.${userSettings.username}.hashedPasswordFile = "${config.sops.secrets."${userSettings.hostname}/password-hash".path}";
+  };
+}

nixos/system/settings/desktops.nix

@@ -60,6 +60,7 @@
       };
 
       services.udisks2.enable = true;
+      services.power-profiles-daemon.enable = true;
 
       security = {
         polkit.enable = true;

nixos/system/settings/user.nix

@@ -0,0 +1,11 @@
+{userSettings, ...}: {
+  # User configuration
+  users.users.${userSettings.username} = {
+    isNormalUser = true;
+    description = "${userSettings.username}";
+    extraGroups = ["wheel"];
+    #! User Hashed password is stored in SOPS
+    #! and is set in the module configuration
+    #! file ../packages/sops/sops.nix
+  };
+}

nixos/system/system.nix

@@ -10,6 +10,8 @@
     ./settings/loginManager.nix
     ./settings/style.nix
     ./settings/default-applications.nix
+
+    ./settings/user.nix
   ];
 
   sys = {

zenith/configuration.nix

@@ -3,7 +3,6 @@
   pkgs,
   pkgs-stable,
   userSettings,
-  config,
   ...
 }: {
   imports = [
@@ -17,15 +16,6 @@
   nix.settings.experimental-features = ["nix-command" "flakes"];
   programs.nix-ld.dev.enable = true;
 
-  sops.defaultSopsFile = ./secrets/secrets.yaml;
-  sops.defaultSopsFormat = "yaml";
-
-  sops.age.keyFile = "/home/foglar/.config/sops/age/keys.txt";
-
-  sops.secrets."zenith/password-hash" = {
-    neededForUsers = true;
-  };
-
   # Home manager
   home-manager = {
     extraSpecialArgs = {inherit inputs pkgs pkgs-stable userSettings;};
@@ -39,20 +29,12 @@
     ];
   };
 
-  # User configuration
-  users.users.${userSettings.username} = {
-    isNormalUser = true;
-    description = "${userSettings.username}";
-    extraGroups = ["wheel"];
-    hashedPasswordFile = "${config.sops.secrets."zenith/password-hash".path}";
-  };
-
   # Bootloader
   boot.loader.systemd-boot.enable = true;
 
   # Environment variables
   environment.sessionVariables = {
-    FLAKE = "/home/${userSettings.username}/dotfiles";
+    FLAKE = "/home/${userSettings.username}/.dotfiles";
   };
 
   # System level configuration