System update & Sops

flake.lock

@@ -648,10 +648,31 @@
         "nixpkgs": "nixpkgs",
         "nixpkgs-stable": "nixpkgs-stable_2",
         "plasma-manager": "plasma-manager",
+        "sops-nix": "sops-nix",
         "spicetify-nix": "spicetify-nix",
         "stylix": "stylix"
       }
     },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1734546875,
+        "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
+      }
+    },
     "spicetify-nix": {
       "inputs": {
         "flake-compat": "flake-compat_2",

zenith/.sops.yaml

@@ -0,0 +1,7 @@
+keys:
+  - &primary age1xzkhm0m0gzph8akd7zjv4880hrauynk80ldktld0r44pgn48le5q3tfw8l
+creation_rules:
+  - path_regex: secrets/secrets.yaml$
+    key_groups:
+      - age:
+        - *primary

zenith/configuration.nix

@@ -3,6 +3,7 @@
   pkgs,
   pkgs-stable,
   userSettings,
+  config,
   ...
 }: {
   imports = [
@@ -10,11 +11,21 @@
     ../nixos/system/packages.nix
     ../nixos/system/system.nix
     inputs.home-manager.nixosModules.home-manager
+    inputs.sops-nix.nixosModules.sops
   ];
 
   nix.settings.experimental-features = ["nix-command" "flakes"];
   programs.nix-ld.dev.enable = true;
 
+  sops.defaultSopsFile = ./secrets/secrets.yaml;
+  sops.defaultSopsFormat = "yaml";
+
+  sops.age.keyFile = "/home/foglar/.config/sops/age/keys.txt";
+
+  sops.secrets.email = {};
+  #sops.secrets.email.owner = config.users.users.foglar.name;
+  #sops.secrets.email.group = config.users.users.foglar.group;
+
   # Home manager
   home-manager = {
     extraSpecialArgs = {inherit inputs pkgs pkgs-stable userSettings;};
@@ -44,7 +55,7 @@
   sys = {
     audio.enable = true;
     desktop = {
-      plasma.enable = true;
+      plasma.enable = false;
       gnome.enable = false;
       hyprland.enable = true;
       steamdeck.enable = true;
@@ -81,6 +92,8 @@
   programs.kdeconnect.enable = true;
   programs.wireshark.enable = true;
 
+  services.twingate.enable = true;
+
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
 

zenith/secrets/secrets.yaml

@@ -0,0 +1,21 @@
+email: ENC[AES256_GCM,data:B0I7UzBKR18oImVpzq3RhV4y8tLhAZWph7R0Rw==,iv:xxgH1jWLC5u+FqhnswqHQCRbdSN1M8/ou7jFChOHROg=,tag:EhiKsfWhKdTg7p6uH5H5MQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1xzkhm0m0gzph8akd7zjv4880hrauynk80ldktld0r44pgn48le5q3tfw8l
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwME1uUDlWc2RDTWw0dGly
+            TEx0dWtxOGlsdGtLVmpMZzRqcUN0d0VNOGxZCkkraGs3cjRIQ3o1MUN4eXZnbXhU
+            MXROMzYrenkyVS9TTStmZnVGRXF4YVkKLS0tIFhVUnIyMHdtQ2VZQlQrbCtTWHVG
+            T0cxV21SN0hJaFg3R3hpTjIxa3lJNVEKdIrR5XDHxpCojk2A1pxc4dYtSJRrObbY
+            JS/nDgu74LugEchiOhuIJ7nh3MS5XBOmmt2GTHrqxZEZFoIykjIGug==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-12-23T10:12:18Z"
+    mac: ENC[AES256_GCM,data:qnGM3IBvkly+LdfxU+wKeLUsNrlNJ3SfhobFM9qbPAsh1K3Wv+6S55V2E2rzf33syJ7gm32h++/pJxK7mJHx9BjkPHxcJ3d8g0B8cG364DANbANoG6MMIgnUTPZxV2eLEtEdta0tNIaQkQrEhEUGpc2Mc1nmaU6nxWt9RurR84Y=,iv:hzmiGfnnqm622phgafgnnr9lweE87trcXDDTlqgs4U4=,tag:9csc86pL9rB6hV1uYphWZQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.2