sops

system/default.nix

@@ -20,6 +20,8 @@
     ./fonts.nix
     ./bluetooth.nix
     ./zsh.nix
+
+    ./sops.nix
   ];
 
   system.stateVersion = "24.11";

system/fonts.nix

@@ -1,4 +1,4 @@
-{...}: {
+{ pkgs, ...}: {
   fonts.packages = with pkgs; [
     nerd-fonts.jetbrains-mono
     twemoji-color-font

system/persistence.nix

@@ -29,7 +29,7 @@
         ".keepass"
       ];
       files = [];
-    }
+    };
   };
 
   environment.persistence."/persist/cache" = {

system/sops.nix

@@ -0,0 +1,5 @@
+{ sops-nix, ... }: {
+  imports = [ sops-nix.nixosModules.sops ];
+
+  sops.age.keyFile = /persist/data/home/lilith/.config.sops/age/keys.txt;
+}

system/syncthing.nix

@@ -1,5 +1,5 @@
-{ config, ...}: let 
+{ config, sops, ...}: let 
-    host = networking.hostName;
+    host = config.networking.hostName;
   in {
 
   sops.secrets."syncthing/key.pem" = {
@@ -12,7 +12,7 @@
   services.syncthing = {
     enable = true;
 
-    user = lilith;
+    user = "lilith";
     dataDir = "/home/lilith";
     configDir = "/home/lilith/.config/syncthing";
 

system/users.nix

@@ -17,12 +17,12 @@
       neededForUsers = true;
     };
     "user/ssh/private" = {
-      sopsFile = ../hosts/${conf.hostname}/secrets/default.yaml;
+      sopsFile = ../hosts/${host}/secrets/default.yaml;
       path = "/home/lilith/.ssh/id_ed25519";
       owner = "lilith";
     };
     "user/ssh/public" = {
-      sopsFile = ../hosts/${conf.hostname}/secrets/default.yaml;
+      sopsFile = ../hosts/${host}/secrets/default.yaml;
       path = "/home/lilith/.ssh/id_ed25519.pub";
       owner = "lilith";
     };