From dda02c86f8da74f1b40d13f2b1be0183dcdb41e1 Mon Sep 17 00:00:00 2001
From: jopejoe1 <johannes@joens.email>
Date: Sat, 12 Oct 2024 17:27:53 +0200
Subject: [PATCH] some sops stuff

---
 .sops.yaml                     |  7 +++++++
 nixos-modules/sops/default.nix | 26 ++++++++++++++++++++++++++
 secrets/main.yaml              | 21 +++++++++++++++++++++
 3 files changed, 54 insertions(+)
 create mode 100644 .sops.yaml
 create mode 100644 nixos-modules/sops/default.nix
 create mode 100644 secrets/main.yaml

diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..8e1fff2
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,7 @@
+keys:
+  - &kuraokami age1q7tr77fyygpvlwenrj4zw9d4e59p66pz3vckelecgepectt9jvrq4qd6ll
+creation_rules:
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+    - age:
+      - *kuraokami
diff --git a/nixos-modules/sops/default.nix b/nixos-modules/sops/default.nix
new file mode 100644
index 0000000..33bc526
--- /dev/null
+++ b/nixos-modules/sops/default.nix
@@ -0,0 +1,26 @@
+{
+  config,
+  lib,
+  pkgs,
+  self,
+  ...
+}:
+
+let
+  cfg = config.jopejoe1.sops;
+in
+{
+  options.jopejoe1.sops = {
+    enable = (lib.mkEnableOption "Enable sops") // { default = true;};
+  };
+
+  config = lib.mkIf cfg.enable {
+    sops = {
+      defaultSopsFile = ../../secrets/main.yaml;
+      age = {
+        keyFile = "/home/jopejoe1/.config/sops/age/keys.txt";
+
+      };
+    };
+  };
+}
diff --git a/secrets/main.yaml b/secrets/main.yaml
new file mode 100644
index 0000000..0185abe
--- /dev/null
+++ b/secrets/main.yaml
@@ -0,0 +1,21 @@
+asf_key: ENC[AES256_GCM,data:NZqrDt8ajbVa,iv:4ynhNOIyERVKj8CND2TBW0frKeJXYkGNWigsxvLKAHQ=,tag:jwpAQx7YpiTcr34BEnRhGQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1q7tr77fyygpvlwenrj4zw9d4e59p66pz3vckelecgepectt9jvrq4qd6ll
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByaG1kZFU2dXo5L0s1ZDho
+            UXlmakhqdGtqWWlkTEZ6cUV6TEUzbytkOUI4CnZlN2lKWGc0aTB1Y2M0NHNOL0du
+            OEI0eGltWE1nYU0ybGtHUlN0VWlVTDAKLS0tIHJKblo5L05KU1V5eXhhUlYvWmkz
+            d0FxeEZhaDBxWjdiS21EWFVqR3NVMmsKgKtMEtrq06TdaP38zmZgm4/X4nREpWLx
+            InDOmjwR3fOysz+lTH2lGVqJVqdiJkveJRDodgcyodf5BqfD8oLgDQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-12T15:20:29Z"
+    mac: ENC[AES256_GCM,data:ncWyrFiP2htNovn43Uook3QtXvqhhPQwQkxa9cAiGvzSusae7rH1kN9ZYPYObZJvIKrFLPSqwagdNoCa8VhnGjpPg1LrwIjqvDudT+N7/ZM/i7PIpOGagbnPrMFln+zzcrp2ocJeo4ZXPJJOVmH6ncENszJ/VGOL41GXbPJT09M=,iv:pfgGj6SHMyAzGLScBTUfF6OGjiPnurIaRJltu7yWDBU=,tag:NW/m6mBCOCSriqdxPul/Iw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0