From 290183a4e413b628e26b602a5af6100ee1c3874a Mon Sep 17 00:00:00 2001
From: "Gustavo \"Guz\" L. de Mello" <contact.guz013@gmail.com>
Date: Fri, 12 Jan 2024 17:49:26 -0300
Subject: [PATCH] feat: sops and nix-sops secrets management

---
 hosts/desktop/shared-configuration.nix | 8 ++++++++
 secrets/desktop-secrets.yaml           | 8 ++++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/hosts/desktop/shared-configuration.nix b/hosts/desktop/shared-configuration.nix
index c98c27e..1efd598 100644
--- a/hosts/desktop/shared-configuration.nix
+++ b/hosts/desktop/shared-configuration.nix
@@ -2,12 +2,18 @@
 
 {
   imports = [
+    inputs.sops-nix.nixosModules.sops
     ../../modules/nixos/config/host.nix
     ../../modules/nixos/systems/set-user.nix
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
   ];
 
+  sops.defaultSopsFile = ../../secrets/desktop-secrets.yaml;
+  sops.defaultSopsFormat = "yaml";
+
+  sops.age.keyFile = "/home/guz/.config/sops/age/keys.txt";
+
   programs.hyprland = {
     enable = true;
     xwayland.enable = true;
@@ -27,6 +33,8 @@
     dunst
     libnotify
     swww
+    sops
+    wl-clipboard
   ];
 
   hardware = {
diff --git a/secrets/desktop-secrets.yaml b/secrets/desktop-secrets.yaml
index 1aed3a6..72cb7c3 100644
--- a/secrets/desktop-secrets.yaml
+++ b/secrets/desktop-secrets.yaml
@@ -1,5 +1,5 @@
-lat: ENC[AES256_GCM,data:C1bJHXoy,iv:hSpUpB74mFJm/b7EgLcvp+M+AY4DVzwZHGYHTx9n6K4=,tag:x7ZZ7Uea9aS/TrDLezvMeQ==,type:float]
-lon: ENC[AES256_GCM,data:831hTxaRam4NBQ==,iv:+YeNizL7Tqp3vu6I8yyuxLxViQgJUrfDCKBFSSky0Xw=,tag:qvQLQykJ7ij+XIKAuZQOAA==,type:float]
+lat: ENC[AES256_GCM,data:jmQPcQFV,iv:k4+a7lA64yT9AJANcOQ4HDZzq8aL2Tga67BesqfnL3A=,tag:OjRTtL/BoDwDBWvWQUCt9Q==,type:str]
+lon: ENC[AES256_GCM,data:Qn9Gi5LP7ve3kA==,iv:s3ZdJ6rfl03nzEes4BpGPIzUUq5yCOIBKbKhfznG0nw=,tag:uyvowjKDoTMtuApUVZA+ag==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,8 +15,8 @@ sops:
             Nm1UT1pUeWJhS1hhUWo4b3A1RElKNG8KIzbqwoCynolclZkZ3AiIkqpGjEBUZPo2
             h8Y3Rx2QASD6tg9jlxRqGtbXe+mNgcCNTt7cdOyhndQzzq/2GfbujA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-12T16:30:51Z"
-    mac: ENC[AES256_GCM,data:1LhytMdnYlN82+cyqnRaPu4QyAAa0dwS1krDD3ZhuZpp0SfHrgApX9BN38ZaAmWKjwhcAvVjhhLBevZJeWmfbsg7DVRkyptXrjv6Gr66szkfhA/PE286JM3U66UeZmU9FkB5XJqT/PL86jr5rUiY4yTYoixcXbs9OEQJ66qIr4M=,iv:RSPVzk+W0gEsPQ22O0wENf/c+iBXIW9zpeP1QY8XjBE=,tag:O41GNx6w2a2LP0oooNiEfw==,type:str]
+    lastmodified: "2024-01-12T16:34:42Z"
+    mac: ENC[AES256_GCM,data:jORvHtVDAYoM+8kY4gGC15r4ee+oYHczapmGdcAl71L4qNBE/qG/KuvyNCrG/mbiqM+U8W81Jwm32oCjrGDL6+Pv0stFlDmsB4ql7piyILQYUU4cLvRCaUPm2KVrD7Y+9sa0vgPOZQyUFQZmTQ1vbKNeHRmZn0qfHmqvji/Mfow=,iv:jKIgix5MGCrRqVxh5JCEjzBWQzW1kSoQLiQuDfGkzh8=,tag:0z/x5TplHjV5hMHC/JKiyw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1