From 4e99308d6692c633b7add010ef3e6d7662753a84 Mon Sep 17 00:00:00 2001
From: blake <me@blakedheld.xyz>
Date: Mon, 6 Oct 2025 10:29:13 -0500
Subject: [PATCH] 20 current  2025-10-06 10:29:10  25.05.20251001.5b5be50 
 6.12.49                          *

---
 flake.nix               |  2 +-
 modules/system/sops.nix | 13 +++++++++++--
 secrets/secrets.yaml    |  6 ++++--
 3 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/flake.nix b/flake.nix
index 2110d65..e7b800a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 # flake for blakes nixos config
 # define new devices in outputs
-# generation: 19 current  2025-10-05 21:56:34  25.05.20251001.5b5be50  6.12.49                          *
+# generation: 20 current  2025-10-06 10:29:10  25.05.20251001.5b5be50  6.12.49                          *
 {
   description = "blakes nix config";
   inputs = {
diff --git a/modules/system/sops.nix b/modules/system/sops.nix
index 018258a..e53939d 100644
--- a/modules/system/sops.nix
+++ b/modules/system/sops.nix
@@ -18,8 +18,17 @@ in
       age.keyFile = "/home/blake/.config/sops/age/keys.txt";
 
       secrets = {
-      "tailscale_authkey" = { owner = "root"; };
-
+        # define secrets with the following syntax
+        # secret path is the nesting of headings in the yaml file
+        # the secret is auto place in /run/<path to secret> path allows you to symlink to the /run to where ever is needed
+        # "<secret_name/path>" = {
+        #   owner = "<user>";
+        #   group = "<group>";
+        #   path = "<path on system to place flile>"
+        # };
+        "tailscale_authkey" = { 
+          owner = "root";
+        };
       };
     };
   };
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 95d7932..db3d5af 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -10,6 +10,8 @@ example_booleans:
     - ENC[AES256_GCM,data:Fo9fEJA=,iv:nPxly0FQRo5/xY5vP5V2n8gcdbjbDslhFPlmB5MAGyQ=,tag:Gq3/hljDSPbd5BuDtSKdGQ==,type:bool]
 #ENC[AES256_GCM,data:9A2p05BEY4NdZQ==,iv:QDSNH1BPOO7zbA1kuxvsAgRCXFGXVTZaFOelbgshONY=,tag:zx4jKl2fDXaU0UX1TDpwiQ==,type:comment]
 tailscale_authkey: ENC[AES256_GCM,data:SU0k3asrJd+WZ86VbC4w8TDJp+MqsbyagrzCfDcgTzO5yvBjpWAKbJ7A+VxgQvdu4+S2jMYbdrONPp3YbQ==,iv:VMYmGVk5GpUQApKKQYhdOw/cYCXrXxEZJJwHfQL4MjQ=,tag:7ruaoCDxuFQ7tE/JLJ37Xw==,type:str]
+users:
+    - blake: ENC[AES256_GCM,data:irGwPeuYxg4=,iv:qavBrea+vf3KC1NxzgDwoAqUSRa2FI3wmL7OwC5L1a4=,tag:1MbyiinuoQnATBOk5COQsQ==,type:str]
 sops:
     age:
         - recipient: age14gfh682a7m7jfp3qrulql03x5rs7yedwmxwksxrrmgjsunstyuksqx93pz
@@ -21,7 +23,7 @@ sops:
             U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg
             PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-05T16:02:10Z"
-    mac: ENC[AES256_GCM,data:OWR0wy6uRBoWoA2ipvNNCJoj5Pkbode5dp69cLZrw9B1OVS6ZZXOBXSHUKwq7sza+2lROKkpG31oHIjAN8RMbszZojjPIRluhwSMcvPbD8K7SqtedYvsFM23wR6EuY9bDjrtSe8keZ37J1Dn25+UvxUJ816s7PRqT2z2RL1NKro=,iv:A/glNiNcprFt2K2+TZuaRyWG2FlTAVG/gM3/FmIk+xY=,tag:KYU8HjfGlRZy/s/VY6mOwg==,type:str]
+    lastmodified: "2025-10-06T15:29:00Z"
+    mac: ENC[AES256_GCM,data:wy58rPiUmH0UkSNXVJL4CqmAcxjwHZJ9K3b61jfZrmhRsYxr6YRSppZ7r8q+r6uQXLsc49k0bdcrd3XqNRpkSIVdQEPdrsDkeCHbC4GrWrZixEG5Rth3iRx6y3qm+B9J/3ta3pzeKXq9qsj1H2qK+7XXoZuc1Y8XUs/wNs2kz/o=,iv:HkY4oCnS7/jfztA/JsWtalrHVR2cJrxLNd5jePjyB+M=,tag:ZsTJzLnZ0j2WheR2c5N+WQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2