From 00c6855875539ca981f2244b1f90ce34052dad88 Mon Sep 17 00:00:00 2001
From: blake <me@blakedheld.xyz>
Date: Sun, 5 Oct 2025 11:28:06 -0500
Subject: [PATCH] add sops module

---
 .gitignore              |  4 ++--
 flake.lock              | 23 ++++++++++++++++++++++-
 flake.nix               |  6 ++++--
 modules/system/sops.nix |  4 ++--
 secrets/secrets.yaml    | 27 +++++++++++++++++++++++++++
 5 files changed, 57 insertions(+), 7 deletions(-)
 create mode 100644 secrets/secrets.yaml

diff --git a/.gitignore b/.gitignore
index 7f1fcb6..7b3499f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,5 @@
-secrets/*
-!secrets/*.age
+#secrets/*
+#!secrets/*.age
 
 .keyring
 .keyring/
diff --git a/flake.lock b/flake.lock
index 8e5cba1..5fe16f7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -39,7 +39,28 @@
     "root": {
       "inputs": {
         "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1759635238,
+        "narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "6e5a38e08a2c31ae687504196a230ae00ea95133",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
       }
     }
   },
diff --git a/flake.nix b/flake.nix
index dda53a8..34c6534 100644
--- a/flake.nix
+++ b/flake.nix
@@ -9,8 +9,10 @@
       url = "github:nix-community/home-manager/release-25.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    inputs.sops-nix.url = "github:Mic92/sops-nix";
-    inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs";
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
   
   outputs = { self, nixpkgs, home-manager, ... }@inputs: 
diff --git a/modules/system/sops.nix b/modules/system/sops.nix
index 73db33a..3115e3f 100644
--- a/modules/system/sops.nix
+++ b/modules/system/sops.nix
@@ -1,7 +1,7 @@
-{ pkgs, config, lib, inputs ... }:
+{ pkgs, config, lib, inputs, ... }:
 
 {
-  imports =[ inputs.sops-nix.nixosModules.sops ];
+  imports = [ inputs.sops-nix.nixosModules.sops ];
 
   options = {
     modules.system.sops.enable = lib.mkEnableOption "enables ssh";
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
new file mode 100644
index 0000000..95d7932
--- /dev/null
+++ b/secrets/secrets.yaml
@@ -0,0 +1,27 @@
+hello: ENC[AES256_GCM,data:ZjhIiTAN/rdHlO3nEVrctNuoS5vFaG8grAqsfnaWfUUVJOtjoi3jlm/s9A8dD7V3VUTrrjljSQ==,iv:3cpM6+cfaAELzDTm4uRM4DAU6rKRfjefXLIhiPT/Jo0=,tag:cXFux4EJ5jWhHB6CJyiCbw==,type:str]
+example_key: ENC[AES256_GCM,data:NhzYUlbq19YmVJ2B+A==,iv:YJ3m7mwIozoz/eqNtPoQzqR6kMqyyKabyo4kEkkwWE4=,tag:nC/IoJ2q1Vcrn7+o5xovyA==,type:str]
+#ENC[AES256_GCM,data:Z0/zSgdQuyko6bYCwdst0Q==,iv:Xa5LOvSN4YW+IzUVXzDEt0fLqXSZoGDqRb42f39LRSA=,tag:vP2hP3Zs9Kx+OpCUKVvLhQ==,type:comment]
+example_array:
+    - ENC[AES256_GCM,data:Ckt3o09eu2ynouMYtj4=,iv:yvAXPtBiRGUOEQZCpD7vn/aoy8Y1aHlkPBuW49kGlOI=,tag:tPwmSlptK7Z63Jo01XfyKg==,type:str]
+    - ENC[AES256_GCM,data:k/iGyDQbP0dTMt+A2pc=,iv:XLeSUyqA9AyDhUtW//fcnwsxWgZKk2kc5lxuL5AqqbM=,tag:u3W2UFN6+qDfGl3vtUicfw==,type:str]
+example_number: ENC[AES256_GCM,data:ZRuo8oZLx9stAA==,iv:9hXm/5/+GEBNB4ctWMmjTKotcR9uufAjV4FyH1KCq5k=,tag:RD+VuR7nwrUgNWuAjpRIGA==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:H9p/ww==,iv:kVMcx6aVQAZj4T2V6z1HWyeottAnX7FFMTRzBfCP4vM=,tag:xVP3rUfNwh7yXW2XNhnfMw==,type:bool]
+    - ENC[AES256_GCM,data:Fo9fEJA=,iv:nPxly0FQRo5/xY5vP5V2n8gcdbjbDslhFPlmB5MAGyQ=,tag:Gq3/hljDSPbd5BuDtSKdGQ==,type:bool]
+#ENC[AES256_GCM,data:9A2p05BEY4NdZQ==,iv:QDSNH1BPOO7zbA1kuxvsAgRCXFGXVTZaFOelbgshONY=,tag:zx4jKl2fDXaU0UX1TDpwiQ==,type:comment]
+tailscale_authkey: ENC[AES256_GCM,data:SU0k3asrJd+WZ86VbC4w8TDJp+MqsbyagrzCfDcgTzO5yvBjpWAKbJ7A+VxgQvdu4+S2jMYbdrONPp3YbQ==,iv:VMYmGVk5GpUQApKKQYhdOw/cYCXrXxEZJJwHfQL4MjQ=,tag:7ruaoCDxuFQ7tE/JLJ37Xw==,type:str]
+sops:
+    age:
+        - recipient: age14gfh682a7m7jfp3qrulql03x5rs7yedwmxwksxrrmgjsunstyuksqx93pz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WkdJMnJ3Y3IvN3lkemJK
+            RjF0dmgzT2lDcENka3BlK1NQRTBuR1BtSmhnCmI2cnRWdVpIM2t5SWNMOWNWdG84
+            SWRtMkNOYWZWbXFZYjJEWnVYazljcmMKLS0tIEF3eThDQTRKbEI0VWFLc3BSRVlF
+            U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg
+            PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-10-05T16:02:10Z"
+    mac: ENC[AES256_GCM,data:OWR0wy6uRBoWoA2ipvNNCJoj5Pkbode5dp69cLZrw9B1OVS6ZZXOBXSHUKwq7sza+2lROKkpG31oHIjAN8RMbszZojjPIRluhwSMcvPbD8K7SqtedYvsFM23wR6EuY9bDjrtSe8keZ37J1Dn25+UvxUJ816s7PRqT2z2RL1NKro=,iv:A/glNiNcprFt2K2+TZuaRyWG2FlTAVG/gM3/FmIk+xY=,tag:KYU8HjfGlRZy/s/VY6mOwg==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2