From 5a93a7b4c6161635bf45c9ccb8ef97f57cd405f2 Mon Sep 17 00:00:00 2001
From: foglar <kohout.fi.2023@skola.ssps.cz>
Date: Sat, 4 Jan 2025 15:28:02 +0100
Subject: [PATCH] sops update

---
 .gitignore                                      | 9 ++++++++-
 nixos/system/packages/sops/secrets/secrets.yaml | 5 +++--
 nixos/system/packages/sops/sops.nix             | 6 ++++++
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index d58052d..87a4058 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,9 @@
 kogami.qcow2
-ginoza.qcow2
\ No newline at end of file
+ginoza.qcow2
+docs/kogami.png
+
+docs/masaoka.jpg
+
+docs/tsunemori.jpg
+
+ginoza/hardware-configuration.nix
diff --git a/nixos/system/packages/sops/secrets/secrets.yaml b/nixos/system/packages/sops/secrets/secrets.yaml
index 458d30f..ebce6df 100644
--- a/nixos/system/packages/sops/secrets/secrets.yaml
+++ b/nixos/system/packages/sops/secrets/secrets.yaml
@@ -1,3 +1,4 @@
+sync: ENC[AES256_GCM,data:2El2mY9XhCQ=,iv:EmgT5CgeCZjj9uwiDHbDNuty9czgQGJTSnXIIIm0JDM=,tag:ysZqmWibHkoQGjUoc/Mnxg==,type:str]
 kogami:
     password-hash: ENC[AES256_GCM,data:HXuzumA7zAzBUcOBszeslYVDLA7r3W7gINn2FvMCTEHkc+y3zWftK4CVnk+TuRcgP9/htUphs2BmusogFAdmRQ3HmQU8WGQN0A==,iv:n2063dWbEmFKEvXbY2uk+C6lwF7WzA8jalKOFHPVICc=,tag:wb5bq4Dk3a9UnzYFBInHEA==,type:str]
 ginoza:
@@ -21,8 +22,8 @@ sops:
             T0cxV21SN0hJaFg3R3hpTjIxa3lJNVEKdIrR5XDHxpCojk2A1pxc4dYtSJRrObbY
             JS/nDgu74LugEchiOhuIJ7nh3MS5XBOmmt2GTHrqxZEZFoIykjIGug==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-30T11:16:07Z"
-    mac: ENC[AES256_GCM,data:roSfCo0syYs/of6TRQ+IZhs/0sQPJPEkWvefjzz/ctC9Oi4zFh0xlsSBZk73l1d5cYwVOYIyxLcpXnuWJ2r8eKVLpVozik460rj7K5GlkRkcWYUE6nRv1Vzz5CVToCdx4ZX+3qG/gdDQXmpav+2ECadmysrlRaObQ9CpQm2jU6o=,iv:L8wOy6aWvB09EdCFe5I60J3LuBFxEDk4Aso+nU3wsPk=,tag:hYF1rrV8m+A8/ZGqww6HFQ==,type:str]
+    lastmodified: "2025-01-04T14:26:29Z"
+    mac: ENC[AES256_GCM,data:5waKR2Ke3l5UIeg6nXqNMEYrQD75aXGsavQlbwQWRcyt+yr/Zn5CP+WB+8YTA56c+sZQ50xKiLP5q6WTEC3nnTb+AvOlvnF8FZ+NN+jLzDi9WbfWCChR3mAE3TbcLFfsdwKMwewLNjzRxGm9ErVORNo1+6i+VH8IUSBGcKTWy1s=,iv:Kem2lzKEUOEwtNkW57lfRFc3Ln7Au7mqbeA/9NEd0VU=,tag:9Nf4J7/SEIOPzRHeoBsVNA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.2
diff --git a/nixos/system/packages/sops/sops.nix b/nixos/system/packages/sops/sops.nix
index dcce568..7b33c54 100644
--- a/nixos/system/packages/sops/sops.nix
+++ b/nixos/system/packages/sops/sops.nix
@@ -32,7 +32,10 @@
       };
     };
 
+    # Password hash
     users.users.${userSettings.username}.hashedPasswordFile = "${config.sops.secrets."${userSettings.hostname}/password-hash".path}";
+
+    # YubiKey IDs
     security.pam.yubico.id =
       []
       ++ (
@@ -40,5 +43,8 @@
         then ["${config.sops.secrets.yubikey_id}".value]
         else []
       );
+
+    # Syncthing password
+    services.syncthing.settings.gui.password = "${config.sops.secrets."syncthing".value}";
   };
 }