add ssh keys

secrets/secrets.yaml

@@ -26,6 +26,10 @@ copyparty_passwd: ENC[AES256_GCM,data:I3UYy4nJ0B6RnIp661O0VVqEmxloxxcroBKmNFcgoQ
 vpncon_mex_config: ENC[AES256_GCM,data:4i356X97sBoRliskmh5ewcEwZHkpo37IhPcemKVdWJgWFWtA+AhTeEo4KQ3dRA1H/n8VjVX7CKZKPDxpmHfcUlnTLT0agtOjjyjf60kWoL8noJqcbDB4wGiYT910rPToVnYMFk0H2lerYp+/n2bhg8BHxn++VlPOOZsgla4El+FNXUqhScpAawySPSF36ocdRJ3r3DuflIhnTBXxSZukMf9Ux1uaFldSG7KasCQlStKy9O2Odd2AvAuGXOHch5KecRPT3WnonQ8oDJpuxbeaosLmtJKHL9oeXHPId2Unc1GNoOpnDC3Y/xGnrPb9WFXWYOSQ/1A3mNKwnVq0FEhluVbqodES4PVIlCS0koiQJq15P15G2z0jO+OhAQrRI5vn3Fki5A==,iv:tQvTpzhl7F7niigAXl61FMHbg6QqI2R7yGD/C2lwOR4=,tag:c+CVLd6lGrAfm38pFXOXTw==,type:str]
 #ENC[AES256_GCM,data:ep/Z5O6RNFwTd0I5hvtk5DP9,iv:M7sclKcTR+IfCEsvz0lZaoZBRZlQsN/FhwuzFNXgVew=,tag:Ddo3Qf8tMBX9Amt7C9m5FA==,type:comment]
 klefki_pub.asc: ENC[AES256_GCM,data:lGfgwhgn2xCb1cNTo0nMP8R3KSDiEn0/k6neDE2dv1DynvXsHWmZSXED6VWBjY3uMU3YtcpXGCtxTU6EiaRKiGnhxslQlBiSypAnXHeh55DZJMJJ/JM7+BCtr33LY2lusF9/aAuKO9tbdpGmu63s5ItZ1/9zMoCJwBfpQZgY2HzZoBhjwqYu2wSkOOVAMjq+jXET7nASieOZXmpQq2uDepuEDa8MP7d6G6kV2KYJPdLYYaY4U2eppEr7ALhhJidYm3P38W47JuLyu/2raG0AY2uDtCQw9d16BcJO3au+T4B4mHzPg1/cPhQ2X4dHTTGHjRZ0sT95DrEYYmcwWVKHKyiuL8WPtQmF0QBfCOPczwJajJejB4DbxEW8U2kuhuoBWr7wZe4y/nbW2hB3pcMYYXc0EXen74IttiUrvksw+hbkLaZDCJgG91SOlWSwI12UlDrJJSzOYm+ODWqK+bKyqAafQTL9xh5heM3nQlR5G6/A/8UG+0q5ZDL+IxJwe+EffJNwrL1mn4Rc3qx068udMJC+qzmft7Ljey7mfoIiwepITpii1IA/CtuEqtpe4I5MUemQ60qAw/PoVbmD8zhOcnRHCBZtQ394I5vMo1qR2a4KeBICexx3IAjpeAQYI3+MAgo/bedqpklLYjbxpv37XwinoLj9ew4hKSjAB1wRRZlswmk+GD4XKlVo8eu88RCXYrsZ2oaOD4qxrtbc7+skGm+EqxL67nLW5n9bSC2u95bFJ1386teSFhsJL9w3EFiBlQRtm5tvee/ipmr6D2W7SyfCnSxImPC4TgTwkAXziQ3XtsUtGqj0Tv1HGayaAQpYzlJaPzf7h8oanH1VaA+AgRq+RY1OjLZGHEz37jSbqhWOiIWxwJ7qFaqGB90cHq3s07qcWrDl2wUawFLTXavZ0IF3gj9KnFSIzW3+ANvedUCXOjai+zOKmpxVFZ4Bi4W3Dcbl9B+qa0Ly0NIgldi7PmqEvL3V4FnJs6WnwdagyhXOzdlKVlrAgGluucgqBpBZZfpN6uB+tdkbrqzsdMbr+H9Hwk3RUxRzAK9k+J9WRgY7eMazH0najJ1PYh9/UZJf0DKWRi2vZTlWW+6ZruJWTohOKm+7MCgvMEttIpNQfvK6+cq7p3vwPe+pmq0DznNg4LO7Uu3cXKq3zHjl08KGE04KZyfoJuZPr+XrF91AywZ03HlT2SBBaZtFld1VapccgB5DqgE1JfFg+TS4is9a8G52Ad9yh/abUmLohsnUpGdYMaj/1FmhSLM7ldHeub8CmL2vKW4f/JTuqmOxq3X5RA+qw5f946ekUz9ZF8EyGvNwaRZ2p5m0MtXQG2IKp8Q61aBSpqbMwKzTW93VycEn7L5ZsoV5eYo0rC4PMawGkfgdNzBpq4NL5bNB82l6qHnWqU7jXh611/ZV4ueX2MLSB3cyhnaFxsH9bat1jGDtUl5umNWNtvN6rWBVsClmYfBLSUCEyftGPlxzAOy6vRHGxAdCNdoiTRGgZru3aYyW9l5XhYH1aZ+dOlTOwngaqqIb3kZoPzcc9xCeZ/I/N6iVuTUI69us8y3LVL6qKa6az5zTTgumoFB5kMugPtumS1U9hzhLtm9+hY6yZVgYredgAwVVIviMAqFFZztFkPiskcwIdrPhXzoXwfuBWDaq+dF9nykjw1F9U2gyDU0YhEOtSmdIWoIma3OmdOZ/h/JbWNrwUoAirmBmWIHQTmA5Ag==,iv:btQ5xmt/AA9vW1njJH4Inj6YmOBx6pGbHbsvCMbg7fI=,tag:DuQ4Wy9wX3mPQAVLLd6t1Q==,type:str]
+#ENC[AES256_GCM,data:7V0L0832xewUXU8/Bq469w==,iv:9bCzEpUcNx6qnCMomFweXgYmWwSMzdffDikjA22xu6E=,tag:F4S80e/EPXA0tS20KFRbXw==,type:comment]
+id_snowbelle: ENC[AES256_GCM,data:MAw5R2fqVIctN7fB/d3hfCU7W3sxvuy2O3w3n0vD8FxK1DAhqoROlVv04joV1a+U1hof57TYc1cN2ng9BRWxadc8ZIpWakokZYVI0dUG05/hPMyxctWPkOiDd5909aaNUFC2G+Y/VrgAemyrB+AlQgokV0U3fiz+qjg055fzO7ypaeM8okON6rBnigfwetmSm60MxpdYrVlxVaniDVvKKUYZjpHU8SZ+TYj6Jmm/bVuKWOJ2DXZbmM0CeKeIgnA9HML1wSXojMv2IMGulxq5mmdaiiJTPoL1q17OA5zZkkVW3Dx1y6SbEeBAQTPG32RHseAxXK6qdU6lftRQZKyivuyjdCVfBBw/VzqTxbWjSXXsjDdK/Ti09051w6znA1uvRX65XsOq6zPKt4BNwR+yMDF+xR9AElBTHES/TDf7TRc5YDyovlH2PhGNg12Coy3zfb6WESLyaz3/GYZxF0IjvBnDkN65CRjstut0CgKXcWY8x+CuKVysU+U4c0A2ucDnsf3HuITrdIufhAwRNNZMka7LWVsaaR/tnvcf,iv:agf/LEjohw1XAXsOJJ78kiBVJnTT95IUmWzYUujSlJI=,tag:a55o9L85a9Z7gG9s5BEfIw==,type:str]
+#ENC[AES256_GCM,data:ozhgyE+IyqR10KT8vI9x,iv:+ZOTucRlCZRQ9ZbxZgySPMOJ/qU4gXbhSyLAMgt4QMs=,tag:mQ3X+dqCet1Yk1gZ5pZ5gw==,type:comment]
+id_snowbelle.pub: ENC[AES256_GCM,data:rQ32bqwknbVssJDN4TW72YrusMPQJRFTfpoH2M2ELsAf3DkXtchGwOSjEbeR9ezUgHkTD96rFm5JvjDFQukAOpBHfMP5aRVy6RjTtb8j7aAD+EGUEpBSAVspZKQAWAqyDQ==,iv:8bEgvJgWpu7QwsrWhkjUw3GtRI92Pn7TT0rXCQ/i2Js=,tag:EnUehKMncN5v4dZZ/es3Qw==,type:str]
 #ENC[AES256_GCM,data:lS++LQwlDVP0aYcdaaudBkKxNB3P3UBE,iv:UqGcXcX/Jvf60o409Cxj7VJCDh63uUxy45PuZbHK2l8=,tag:OXdMwuJwdN8DQaLXACpcRA==,type:comment]
 ssl_blakedheld_crt: ENC[AES256_GCM,data:EvImZ3y5lrmD2P2Cehd4yAyranHRBkejbnad1qmH9KbKeLNFsTcqW4L3NDYydbKurWCWYa/jJAL/BwT2xmUhwdFlarCiTFGnLXxMFhd6Tq+5if8r6BfSLCCS4IXcXnXP4k96ZR2fdD+lnDN1ljb7pI5hekz+HoVwBoLVVrfvQvqj72Kr5rfm5ttLN21yfi5DbgfX7n9AO6X32wzpIAXxQaYIFdPpm12WMpEX+zfxjjcpOR+Xv8npbs4AlopFaZ1N8d2AlM19ChwTZm/Zmq3BQt5Z2bhGsQD/s357F5ofmSfQ8BGXdeUguLj0BtZw6zrxQlySmJMNroBxrQresE7cdeoeEagZXXxJd0S64HcvonV3jjp4s5817YWLxGD8rws2fH9Ci91DEMlI+4/U9Jb/fWz7nxXSMekpNkGRrKPm6L+3/dxpvbkv9UyQi3OVTcx642WYyFaZnP6J6qcbH+itwfuPE1Fu+fe9IlIbAopDrvau0CGisU4FhX+NYMEmFu6N/+unFyMpj9qsqS8UFAXfgvSPRQTULqcaaOK7MRVh3JGOfR9qnbbPjt+aJRrkTW7q/8OWcqvxLgPnZlpPkvsg9PjcZmwxV4ooh3FC85vsrEc8tEqzzbrSWrJRXpL2ZJxsO2AfpHICexyjJium2Dm0hfR9EP5b4ltzeqg0rBeczec7/Tckafy3cGk1jCkPoDYN857Kl6oHi/9TduYvqReKJTV8dLB256M3TBeAYNQypCGceemPtcYrAgG+yMC8tnR57k5QjXsCmT69fAlPibvZdHUxh6Hqlx9sj5WU1NhGRCQsAj362UzGsEcVoF5/zcXVf4i2yCT+axNRyK/JU4JW6GaldJQ8PV+ay5RhNHtErgP18IaY7RjwTA0PVd5G839qbHZlJXiO/EvqrVpuy7UthQlvN+9Y+YM5jQMi64ahEcdWXYSjhqnbh6cZ3xfOXK0egTpy1/xG+FXpFMIvqK2gPZrB1B1Wc0XSvpOBFxTRaWlfDYeVwDtw9QCbM/7jhD9jaopdhMoPH5J/guLxMhRtRw0CJUemnTX1KJ8dGpvDfaCdj+I7ptb7vQ0wAfU/ferpfLX07j6g8MMa4p9jzI9BtXyd9OEOtyFfV5X5Mls9FfhmNi4+ES8LmawsLiyptKKUA7db4GZ4CLJqeR3khh/sej/ESgeXTfLXlOQbIALOdfrPo1t0fDRlW0H42FhmyHeily7KCBFS/pcziTVkM1YPrfyCXH6p8hVBNJ/JYWlEoS5qAxfcXP6cS+/3L16Y5XEP2Aea02qhim02C3qIX+6CQAc5QmuMfl+itnmWdTdwpPzEwVExoUQLCNTU610mkkKtSdMe3aLzmMrfQskEwjMhfXCwVsO+HWugi7im5GAezs+3wuK8j4GYai2sMerKesl4mJXIZWTLJqG8Vj7yKMHJ5mCiOPPYQ3AL++s916kRu3gO1evxfzul7ndh1GypVbX66QZotV9/MN4wSGxw/RCRscZrM+XzmlrhiKT3uezF9KKiw9J1F3zDrtcjmIqll2WVn+U5uzPYEj6TeC5ty/q3OdhYY58U7qe84Pj5zq72bLegBMMK8sG685ylPWD5l79+3D+JGCbjRTwu2oNaIdy9wem0rl56YX+kcGQC2IQcWXcIDASVhAQjguTU/mmMzLNZb3effZ4ZNAmnWgra4hnjEqChuxKlEM7blm057K2G7HP/j82Xy9VsBOTTc0Q2KJZpdb9t+vfDUNJtNdog5w5SnObRqIkUdDrFx04tGUDp/8eqqSHZWZOLq+G4jzarn6YhvNpEote89cARCqdZGhREJFi+zeFWhguasltfSjXhQrYc2p46GlV4USKuWiyIUny5I5/HR2/0Ci5vK2wh1jZ+JC53sKxA3MHg5Udyqkt8tLK+5X5NL6F9EBCRSzCqXDCds6mGu26X5Qt10UZdLTxJs3M0x3bSbN1qJUnv6K0iKgAVw09jeXzKcVXbmFQUDJoVEErIcg1Oed8EwfJu274rF8Nfxh+29LE0CO3q/pR0P91eiUKLKK6oy9tpGnGrnRViAZS3LvVsNVdlWBSEm6WSiwM97hDH3CFqwUHPYzM830DZS6bfIL0OfT9lH5a1f7+Uywi3O3EaJaR0lr5esGJImOQG02yjCvqmdS+igFMKzdAyxQO1WSXDwHXZGTYZbhqyGYK+zc89lKdBaXiC91POQIiz5/xciXqb77YnXKeg4g==,iv:VQIqXN3r7DOVREX4fP5/OR8xECXLjYKfhd6XP3ghMaY=,tag:eVdyxrw/w5zBGxV6Tai2Pg==,type:str]
 #ENC[AES256_GCM,data:3G8XqUKua1QgUxv2YJkW0fDnQPX7+v8GDC9BHg==,iv:BkESkMmMalgesy9why9eaKkOOvwSsN2EhNCRRRmZNtA=,tag:x95zt2B2M19BkzeMpAlXIg==,type:comment]
@@ -41,7 +45,7 @@ sops:
             U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg
             PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-14T19:45:38Z"
-    mac: ENC[AES256_GCM,data:bxMEJTiMZQo4eXmTzamCQALYSdAj7buciSra1kozyahbeD0xkDco5Pgr6AuvnITKcxvINBfS7qJ0GJCwkQ4DNtPqt/b2T9P8QvtYq7iKMbDou81Vni4C24IlHrh/oSl+gF/8G8KVKjeCc2g94xaMrHZfpdSyceNKkr/vSoOkyrk=,iv:Mn46bU1fFxztgFjYSNkGIz4Izi4CiDRlonizfuxNU50=,tag:SlYtnP2bdbwogeQ8h1rHEQ==,type:str]
+    lastmodified: "2025-10-16T05:02:49Z"
+    mac: ENC[AES256_GCM,data:IU3J61qH0zCeSSrCdIdhrZ0IVl4F6AdhQ6enJl652PBNauqyNb+6ph+RnKbTVa6f1yDI1v75YHQmGgeZjOW7OWLH91rOwP0CsH59j1xeoLA1vWsUFNbEHnYowdcBb+tz4i6FMR2u4Nb5dLlOqKm2Xi3IT8ZPo1JDb7KB868jQ+4=,iv:yWxX1zFXG/FwnRoe3+7z9bAUu8qnM4M6w7KNfKHS3DQ=,tag:gmpZK3azAopujGlaBwnYnQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0

users/blake/dots/gpg/default.nix

@@ -1,5 +1,6 @@
 {
   pkgs,
+  lib,
   config,
   ...
 }: {
@@ -12,6 +13,8 @@
     pinentry.package = pkgs.pinentry-qt;
     pinentry.program = "pinentry-qt";
   };
-  # install pinentry programs
-  home.packages = with pkgs; [pinentry-qt pinentry_mac];
+  # install pinentry programs conditionaly based on os
+  home.packages =
+    lib.optional pkgs.stdenv.isDarwin pkgs.pinentry_mac
+    ++ lib.optional pkgs.stdenv.isLinux pkgs.pinentry-qt;
 }

users/blake/dots/ssh/default.nix

@@ -23,24 +23,20 @@
   };
 
   # import sshkeys from keyring
-  home.file.".ssh/id_snowbelle".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle;
-  home.file.".ssh/id_snowbelle.pub".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle.pub;
+  #home.file.".ssh/id_snowbelle".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle;
+  #home.file.".ssh/id_snowbelle.pub".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle.pub;
 
 
-  #  # manage secrets with sops
-  #  sops.secrets = {
-  #    "id_snowbelle" = {
-  #      owner = "blake";
-  #      group = "blake";
-  #      mode = "0600";
-  #      path = "/home/blake/.ssh/id_snowbelle";
-  #    };
-  #    "id_snowbelle.pub" = {
-  #      owner = "blake";
-  #      group = "blake";
-  #      mode = "644";
-  #      path = "/home/blake/.ssh/id_snowbelle.pub";
-  #    };
-  #  };
+  # manage secrets with sops
+  sops.secrets = {
+    "id_snowbelle" = {
+      mode = "0600";
+      path = "/home/blake/.ssh/id_snowbelle";
+    };
+    "id_snowbelle.pub" = {
+      mode = "644";
+      path = "/home/blake/.ssh/id_snowbelle.pub";
+    };
+  };
 
 }

users/blake/dots/zsh/default.nix

@@ -20,33 +20,6 @@
       highlight = "fg=#45494f,underline";
     };
 
-    syntaxHighlighting = {
-      enable = true;
-      highlighters = ["main" "brackets" "pattern" "regexp" "cursor" "root"];
-      styles = {
-        "default" = "none";
-        "unknown-token" = "fg=red";
-        "reserved-word" = "fg=red";
-        "alias" = "fg=cyan,underline";
-        "suffix-alias" = "fg=cyan,underline";
-        "builtin" = "fg=cyan";
-        "function" = "fg=cyan";
-        "command" = "fg=cyan,bold";
-        "path" = "fg=cyan,underline";
-        "precommand" = "fg=cyan,underline";
-        "commandseparator" = "fg=white";
-        "globbing" = "fg=white";
-        "history-expansion" = "fg=white";
-        "hashed-command" = "fg=magenta";
-        "single-hyphen-option" = "fg=blue";
-        "double-hyphen-option" = "fg=blue";
-        "back-quoted-argument" = "fg=yellow";
-        "single-quoted-argument" = "fg=white";
-        "double-quoted-argument" = "fg=white";
-        "dollar-double-quoted-argument" = "fg=blue";
-        "back-double-quoted-argument" = "fg=blue";
-      };
-    };
 
     history = {
       size = 10000;
@@ -105,6 +78,7 @@
       pull = "git pull";
       dotfiles = "/usr/bin/git --git-dir=$HOME/.dotfiles --work-tree=$HOME";
       dtf = "/usr/bin/git --git-dir=$HOME/.dotfiles --work-tree=$HOME";
+      sec = "sops ~/.nix/secrets/secrets.yaml";
 
       # --- systemd ---
       stat = "sudo systemctl status";
@@ -131,6 +105,34 @@
 
     '';
 
+    syntaxHighlighting = {
+      enable = true;
+      highlighters = ["main" "brackets" "pattern" "regexp" "cursor" "root"];
+      styles = {
+        "default" = "none";
+        "unknown-token" = "fg=red";
+        "reserved-word" = "fg=red";
+        "alias" = "fg=cyan,underline";
+        "suffix-alias" = "fg=cyan,underline";
+        "builtin" = "fg=cyan";
+        "function" = "fg=cyan";
+        "command" = "fg=cyan,bold";
+        "path" = "fg=cyan,underline";
+        "precommand" = "fg=cyan,underline";
+        "commandseparator" = "fg=white";
+        "globbing" = "fg=white";
+        "history-expansion" = "fg=white";
+        "hashed-command" = "fg=magenta";
+        "single-hyphen-option" = "fg=blue";
+        "double-hyphen-option" = "fg=blue";
+        "back-quoted-argument" = "fg=yellow";
+        "single-quoted-argument" = "fg=white";
+        "double-quoted-argument" = "fg=white";
+        "dollar-double-quoted-argument" = "fg=blue";
+        "back-double-quoted-argument" = "fg=blue";
+      };
+    };
+
     #    zplug = {
     #      enable = true;
     #      zplugHome = "$XDG_STATE_HOME/zsh/zplug";

users/blake/home.nix

@@ -6,6 +6,7 @@
   ...
 }: {
   imports = [
+    inputs.sops-nix.homeManagerModules.sops
     ./dots/neovim
     ./dots/lf
     ./dots/zsh
@@ -32,4 +33,10 @@
 
   # for macos
   programs.home-manager.enable = true;
+
+  sops = {
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+    age.keyFile = "/home/blake/.config/sops/age/keys.txt";
+  };
 }