materusPC: prepare sops

.gitattributes

@@ -0,0 +1 @@
+private/** filter=git-crypt diff=git-crypt

configurations/home/genHomes.nix

@@ -20,6 +20,7 @@ let
                 ../host/${host}/extraHome.nix
                 profiles.homeProfile
                 inputs.private.homeModule
+                materusFlake.nixosConfigurations.${host}.materusCfg.configInputs.sops-nix.homeManagerModules.sops
               ];
             };
         }]
@@ -46,6 +47,7 @@ let
             ./${username}
             profiles.homeProfile
             inputs.private.homeModule
+            materusCfg.configInputs.sops-nix.homeManagerModules.sops
           ];
         };
     };

configurations/host/default.nix

@@ -25,6 +25,7 @@ let
         ./${host}
         inputs.private.systemModule
         profiles.osProfile
+        materusCfg.configInputs.sops-nix.nixosModules.sops
       ] ++ extraModules;
     }) // { inherit materusCfg; };
 in

configurations/host/materusPC/default.nix

@@ -5,6 +5,7 @@
 
       ./hardware
       ./vm
+      ./secrets
 
       ./scripts.nix
       ./tmp.nix
@@ -12,6 +13,7 @@
 
       ./kde.nix
     ];
+  
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   system.copySystemConfiguration = false;

configurations/host/materusPC/secrets/default.nix

@@ -0,0 +1,27 @@
+{ config, pkgs, lib, ... }:
+{
+  imports =
+    [
+    ];
+    sops.age.keyFile = "/materus/root/age.key";
+    sops.age.generateKey = false;
+    sops.gnupg.home = null;
+    sops.gnupg.sshKeyPaths = [];
+    sops.secrets.users.materus = {
+      format = "json";
+      sopsFile = ./users.json;
+    };
+
+    services.openssh.hostKeys = [
+      {
+        bits = 4096;
+        path = "/materus/root/ssh_host_rsa_key";
+        type = "rsa";
+      }
+      {
+        path = "/materus/root/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+
+}

configurations/host/materusPC/secrets/private/default.nix

@@ -0,0 +1,7 @@
+{ config, pkgs, lib, ... }:
+{
+  imports =
+    [
+    ];
+
+}

configurations/host/materusPC/secrets/users.json

@@ -0,0 +1,29 @@
+{
+	"users": {
+		"materus": "ENC[AES256_GCM,data:rB089alZTUAB24VX76vg7dOdQdWa12/rVXdSKNj80TTQhXu1Alw1l697BbzuOwlkcj+OaeV+cU+rPgXPIPVjnQlyHJNNC9VPUg==,iv:uWjjrvnwEZERsJDw6bAe3qcHO5zl6bCK9rv4MZbXCnU=,tag:QvMjcefg2xHsfXdJs5KguQ==,type:str]",
+		"root": "ENC[AES256_GCM,data:sbq8UeP6QmJ7gRa8RlL4/upy1y5RhWRrU+THCs1Sdc1vZy6s7pJThZeT/GEe9WNYFvbRjgTorkaKpTBp2Xar/fW52EuqSM+P0Q==,iv:Hm//gIpCqYA9aemq4VAly31U9niy/xYYrTghlBbXKSc=,tag:J8VT7nFRrTOHA8wIlOUw+g==,type:str]"
+	},
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1fq9ckkwtgvm69w045rf9pgurnhch6ukdxejr8yxgrthn7j8vp48qvd9rkx",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2a21FTnMwM3JIZmhWSExI\naUJXVUZVVDZ4VFRXTXJ6R0hKY1VkZWQwejJNClB1NS9vWXRrendOSmpobjZ6ZGJv\na2cwR2lNcm96aEtjMktpWmUwZTdxWEUKLS0tIDF4b2tyQ24yMVQ1citpdDZUMUt5\nRGZIV3ZaakY3aDFjek9Hdklpb01IaTAKGwMh6ZPBRnBRTzMzYM2qfgqPcDhxcdnB\nVI3v6eQMpJcqfKg8t2RtPoS0sXItEIGb22O1cqv7lqsDNFTfJFsKcQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-03-02T21:30:11Z",
+		"mac": "ENC[AES256_GCM,data:k1L4cZJD+o8oxCxD0DaF7596Oca4npFQSKKG7XQzkLJdCEyq1u51waCXcOn976lipgCPrgPlnc1Ad8QpRjvkROaUjFVq3NH/dUtEQa+haWHTQC58kVJU+hzE8NPv6fId+m5z1nu4KRhHoFoMOtuiXc/XLR8yLejIg17d+ncKokA=,iv:YOiwx2NX/piw43E74B/kWwr+zw02DLqiOxe5vVgK0gI=,tag:TdEHcJmwNMTos9T/tpT1pQ==,type:str]",
+		"pgp": [
+			{
+				"created_at": "2024-03-02T20:47:34Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D5fSX77p80GYSAQdA12LSQRZXdxMZVUaMilMqDfY2f9Zx25S5wxsvg4HirjEw\nI2SIG1eW6MZaeFqJc3rEHEx6SY0igFy+gpwWr6KugBTdJmXVJgh6aG5fsv7z00Rx\n1GYBCQIQ1hXRnsn6UsaNcFaqv1WCsIc+h5WLIFZeB3Jrwdzy8YeVv8WYkNlbrni8\nihQnWhOwWfzjOYpmee1goRAqKBrbqHBouJwZJH6V7ZGUDfOMU63gvpmdKhUu2ML6\nw7swxzkrglo=\n=g87z\n-----END PGP MESSAGE-----",
+				"fp": "28D140BCA60B4FD1"
+			}
+		],
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}