From acf1cdb9c3f7fc52a81e352d7e9f857c4a0231ff Mon Sep 17 00:00:00 2001
From: jay <jay@zerojay.com>
Date: Sat, 12 Jul 2025 09:20:03 -0400
Subject: [PATCH] More sops secret setup.

Compilation fix.
---
 .sops.yaml                           |  2 +-
 nodes/hosts/common/configuration.nix |  1 +
 nodes/hosts/common/system/sops.nix   | 11 +++++++++++
 nodes/hosts/common/system/users.nix  | 12 ++++++------
 4 files changed, 19 insertions(+), 7 deletions(-)
 create mode 100644 nodes/hosts/common/system/sops.nix

diff --git a/.sops.yaml b/.sops.yaml
index b512b39..acd9840 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,2 +1,2 @@
 creation_rules:
-  - age: age1hvzwr0a0m6wlx3tprsfawdlrr7dcxkutxehjqcjp06xglxc0yd3smlqv22
+  - age: age1kn9632x2upcckl5jr9h2xda9l9j6r23u3pzjdp4v7vdjs42fpq3qur2qf0
diff --git a/nodes/hosts/common/configuration.nix b/nodes/hosts/common/configuration.nix
index 38dbcce..5a4188d 100644
--- a/nodes/hosts/common/configuration.nix
+++ b/nodes/hosts/common/configuration.nix
@@ -32,6 +32,7 @@
     ./system/networking.nix
     ./system/nixos.nix
     ./system/security.nix
+    ./system/sops.nix
     ./system/time.nix
     ./system/users.nix
   ];
diff --git a/nodes/hosts/common/system/sops.nix b/nodes/hosts/common/system/sops.nix
new file mode 100644
index 0000000..5f6c0c0
--- /dev/null
+++ b/nodes/hosts/common/system/sops.nix
@@ -0,0 +1,11 @@
+{ config, inputs, lib, ... }: {
+  sops = {
+    defaultSopsFile = "/home/jay/nixverse/private/secrets.yaml";
+    secrets = {
+      jay_password = {
+        neededForUsers = true;
+      };
+    };
+  };
+}
+
diff --git a/nodes/hosts/common/system/users.nix b/nodes/hosts/common/system/users.nix
index 0a05a9a..b5ffaba 100644
--- a/nodes/hosts/common/system/users.nix
+++ b/nodes/hosts/common/system/users.nix
@@ -1,16 +1,16 @@
 { config, inputs, ... }: {
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  #sops.secrets = {
-  #  jay_password_hash = { };
-  #};
+  sops.secrets = {
+    jay_password_hash = { };
+  };
 
   users = {
-    #mutableUsers = false;
+    mutableUsers = false;
     users.jay = {
       isNormalUser = true;
       description = "jay";
-      #hashedPasswordFile = config.sops.secrets.jay_password_hash.path;
-      hashedPassword = "$6$RTOXVXRP1iLIXnQb$rVtTeqlJ7g3AcZgftmVdKFnT2ggCsnVayPlT4beLST9Oz2LHGT2fdcOC/yaQkISK3wzFLqh47fSHgQvRUWpl41";
+      hashedPasswordFile = config.sops.secrets.jay_password.path;
+      #hashedPassword = "$6$RTOXVXRP1iLIXnQb$rVtTeqlJ7g3AcZgftmVdKFnT2ggCsnVayPlT4beLST9Oz2LHGT2fdcOC/yaQkISK3wzFLqh47fSHgQvRUWpl41";
       extraGroups = [ "networkmanager" "wheel" ];
     };
   };