From 1bab984f02e1d6f52fd0dd1498c7e3f0a636eff0 Mon Sep 17 00:00:00 2001
From: blake <me@blakedheld.xyz>
Date: Sat, 11 Oct 2025 05:08:32 -0500
Subject: [PATCH] 274 current  2025-10-11 05:02:07  25.05.20251006.20c4598 
 6.12.50                          *

---
 flake.nix                                       |  2 +-
 .../services/smarthome/mosquitto/default.nix    |  2 +-
 .../services/smarthome/zigbee2mqtt/default.nix  | 17 ++++++++---------
 secrets/secrets.yaml                            | 12 +++++-------
 4 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/flake.nix b/flake.nix
index b06c2ad..bc7fb7d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 # flake for blakes nixos config
 # define new devices in outputs
-# generation: 273 current  2025-10-11 04:43:13  25.05.20251006.20c4598  6.12.50                          *
+# generation: 274 current  2025-10-11 05:02:07  25.05.20251006.20c4598  6.12.50                          *
 {
   description = "blakes nix config";
   inputs = {
diff --git a/modules/homelab/services/smarthome/mosquitto/default.nix b/modules/homelab/services/smarthome/mosquitto/default.nix
index e9c6c79..6b50590 100644
--- a/modules/homelab/services/smarthome/mosquitto/default.nix
+++ b/modules/homelab/services/smarthome/mosquitto/default.nix
@@ -90,7 +90,7 @@ in
 #    };
 
     sops.secrets = {
-      "${service}_password_file" = {
+      "${service}_hashed_passwd" = {
         owner = "${service}";
         group = "${service}";
       };
diff --git a/modules/homelab/services/smarthome/zigbee2mqtt/default.nix b/modules/homelab/services/smarthome/zigbee2mqtt/default.nix
index b48b5ba..0748c50 100644
--- a/modules/homelab/services/smarthome/zigbee2mqtt/default.nix
+++ b/modules/homelab/services/smarthome/zigbee2mqtt/default.nix
@@ -63,8 +63,8 @@ in
             base_topic = "zigbee2mqtt";
             client_id = "zigbee2mqtt";
             server = "mqtt://localhost:1883";
-            user = "!/run/secrets/mosquitto_passwd passwd";
-            password = "!/run/secrets/mosquitto_passwd passwd";
+            user = "!/run/secrets/mosquitto_passwd user";
+            password = "!/run/secrets/mosquitto_passwd password"
             keepalive = 20;
           };
           serial = {
@@ -103,13 +103,12 @@ in
         proxyPass = "http://127.0.0.1:${toString cfg.port}";
       };
     };
-#
-#    sops.secrets = {
-#      "${service}_" = {
-#        owner = "${service}";
-#        group = "${service}";
-#      };
-#    };
+
+    sops.secrets = {
+      "${service}_hashed_passwd" = {
+        owner = "${service}";
+        group = "${service}";
+      };
 
      # add to backups
      modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index da08265..735ad94 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -20,14 +20,12 @@ vpncon_mex_config: ENC[AES256_GCM,data:4i356X97sBoRliskmh5ewcEwZHkpo37IhPcemKVdW
 vaultwarden_admin_token: ENC[AES256_GCM,data:G1v3N064ci0Fw5EtTzaryailWpsv6f4w6eoHp2vjXIBtIlScdQk1Q0W+eDNRk8Wr2C3ysTXQNbyYismNsls+jeS3W+YqkKL4fnh3a5UTzQrMqvaH11n3ak0X9R9vmt+ZJXBrUrAOKJ6RPHJJSWenhjDB77kwEdQ=,iv:f8X+x/AdmZ3b3dtcSFrxGgA2tCgDRpgddjlVu3mdCmM=,tag:c0MXljVvhwOdvrb/8hWlsQ==,type:str]
 #ENC[AES256_GCM,data:2ESzSsQZqKdjD7OXN8ZPThj6g9acJREe,iv:aDFPB0vs8NNo8ExLcJw7qtQvWbCb1XK6TJrHSK86qss=,tag:z+dypHAGUjEXP7Y9MHYWwg==,type:comment]
 gitea_database_password: ENC[AES256_GCM,data:nhFn0/G7gW5rk996OZzlcTt7T9KMbP8MNM+ReFC8w1H9ZqBSJUbs3K+n68uQVrkOVSXE0cKpOR1VbQ+i+46z3g==,iv:bT4GRZZ83v47/EmeV2KaUFo+4qTT4T2AktFUpPiZdF4=,tag:OC9TInkAr1egM+xnBDizxw==,type:str]
-#ENC[AES256_GCM,data:nbB5Cd7i/KTMCjCzcX8o1sxREZQ/gLAG,iv:iyuO2erxdJM08WHJBjKuNIXYxVhH7rfyOLTcGCcGqNQ=,tag:UeDszimXv8kQUmDetLeFqg==,type:comment]
-mosquitto_password_file: ENC[AES256_GCM,data:7ifs2hGnFQSgJOAKpN0usfiaqLjj7Rjb7zn1/qBDbqEi5hV0JfUncZGorBivR/+kjXHQO6nxaHcKqYvPedNdJ7Qy4/uil/xwgwSmzcbisdVYkhd2pf/N34EQFxmqohud0aTH9V47QbgTdrUPfvsiL+ljLvLu4w==,iv:z7YPIfJHHaLOJrDVnMQhgcMzYAPordFR11kHRAzZqYU=,tag:LRddczdvy01YTm2DFDgSJQ==,type:str]
 #ENC[AES256_GCM,data:HJ81OxRD2xtNZKv+8oDqiT8mYpv45JMvjxU5pdmEKzl64SK3lQ==,iv:wStoC6XaZlvRPfbqti2CUbPrOOTt4KktaUp2ecVrggU=,tag:isOwKfNdQZAM+E8YQXBSFA==,type:comment]
 velocity_forwarding: ENC[AES256_GCM,data:MUNhW3q0/klK51k3,iv:dGT5N+IrZfBxMIwa0mUrIKF2HJvx/uZ5o/ps6bgDNOE=,tag:KNY2LKwmmnCdWqRnxSKctw==,type:str]
 minecraft_recpro_db_passwd: ENC[AES256_GCM,data:dPAkdEX0hBigo/lND2r3ShxnS4Jc5wTI2ShcKnvjig==,iv:WjPugYspUvhy6TAh5UF3etvxTZjAPe3bkgFxIkh6FDw=,tag:h9LGoxp2x8PHxcP8fEkSlA==,type:str]
-#ENC[AES256_GCM,data:+I4CVvVah0eHpnVAgLP6,iv:99HpIT/PKboD3vLF/06kAIKuRWJhfCOEVULfD0pO5A8=,tag:cESJHgpK1ocZCNE07YCJ9w==,type:comment]
-mosquitto_hoashed_passwd: ENC[AES256_GCM,data:toqBQ5EP4qTtKtv/O4IRlYqgRwdsaxD+HhPgCp0v8gvWM+ZTp2xMyV3/kqn3Zbvajw70BgaTVuhhyoXJCE2kmsR3GmdZ3cU1HTtIlELTcqoUShaHmUT600yCGwXQVc7ch3k55JFMVr3gjz9Ju0WDbQ==,iv:RcFFQVlICkbrvsIFR+1u1d32aayKV04kM4Ysr+91NTg=,tag:tuwh+vrmsvVFgCbY0STlrA==,type:str]
-mosquitto_passwd: ENC[AES256_GCM,data:FUdcjFRc6C8t7mzrsOVFCFvOagRHjc1sLusRxrvlKB6OdTDU2QCtj+MMLWznwUUuqalpOWFtOApgqjsy/3kbSgpXWgTYvkGSUpZjG67ArJWZXbYqsbcMYA==,iv:lJamk7yVX7cicRfFh9F7X/jc3bCVa5Z2e3KmRTc/VWI=,tag:NsABcMS0F+y54xIaDuX8+w==,type:str]
+#ENC[AES256_GCM,data:nbB5Cd7i/KTMCjCzcX8o1sxREZQ/gLAG,iv:iyuO2erxdJM08WHJBjKuNIXYxVhH7rfyOLTcGCcGqNQ=,tag:UeDszimXv8kQUmDetLeFqg==,type:comment]
+mosquitto_hashed_passwd: ENC[AES256_GCM,data:k1Lnr8ZTDpzXMoRmRH61X41boX/D8Rm1KPh7x3/IHFo+XKIOUQns53iA+7e7Ohp8uWSthDlOk4SlRvTXdUNiEz7Zmw9LYwy7BHbwpNo2pFApAye1ORPrMrhMUkUfgBgc8oqPPyRXmmrOAFp6GBbRhg==,iv:D8wQL9iF0rqOte5X24kDTVjYUJXbZSLz0Ykbp0HqmYo=,tag:RUCgO1uKPIdumSo563cg1Q==,type:str]
+mosquitto_passwd: ENC[AES256_GCM,data:lVBobfGbL8477xLzu4c6X9CtBKB/loETViGxNeHxOO0qnl262suCE08MYSozXd4sZ7pXvN86nBoyUVAcQFRnEFuxhOCJxNaqtehJ9FtHEAvV32iK6DGRyw==,iv:cOGAYiaATjRamFu4OP48Xd0M5w8V17c58susvnIwseI=,tag:GXmS3S5cu+2g8puHfdKdWg==,type:str]
 sops:
     age:
         - recipient: age14gfh682a7m7jfp3qrulql03x5rs7yedwmxwksxrrmgjsunstyuksqx93pz
@@ -39,7 +37,7 @@ sops:
             U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg
             PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-11T10:01:15Z"
-    mac: ENC[AES256_GCM,data:iDK3n4bPsvVneMV5kwwZcGwvVKpTVkYUdGjrYewqUKUB7PUCQnUfdRteFLLlzuCMSjwIcsg5KugdIGjrOMvPTSxrbKSc4EJ2dJpQeObd/NUA1vhecKf/0zK6QOhhfmM4IMiY7vGuzBWNELoVRHjnhUOHYY8nqsccmtoeaC8S7v4=,iv:N9PfshlrrDp0LZzaPwo8PPggnCh2EL4uIEYiJvStaUc=,tag:Xl6T6hbmiqR8vjqF7jZLMA==,type:str]
+    lastmodified: "2025-10-11T10:06:14Z"
+    mac: ENC[AES256_GCM,data:p8Nrhnb1oWFaVUYwmAGNq7jjQkmDv71FG+eylFyTPOsPntBS4YhsdKu26wowQy8LoePYqYUifgcPkIlXn63ozBW3Ahe7RcGunQcuLa3Lk9UGQeDJq5Pt7Xzh0T7P+EWlwCqQ+Pcj4wjGYFbsdqAasdg7wnp8Bj8a8J1aBygnfNc=,iv:wRE7a8/JaBYxoTWpD5oDye8AtVeGioZ3F/DGYt2yhpw=,tag:+Izsyy38ihKVH8eMGu9Ryg==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0