More sops secret setup.

.sops.yaml

@@ -1,2 +1,2 @@
 creation_rules:
-  - age: age1hvzwr0a0m6wlx3tprsfawdlrr7dcxkutxehjqcjp06xglxc0yd3smlqv22
+  - age: age1kn9632x2upcckl5jr9h2xda9l9j6r23u3pzjdp4v7vdjs42fpq3qur2qf0

nodes/hosts/common/configuration.nix

@@ -32,6 +32,7 @@
     ./system/networking.nix
     ./system/nixos.nix
     ./system/security.nix
+    ./system/sops.nix
     ./system/time.nix
     ./system/users.nix
   ];

nodes/hosts/common/system/sops.nix

@@ -0,0 +1,11 @@
+{ config, inputs, ... }: {
+  sops = {
+    defaultSopsFile = "/home/jay/nixverse/private/secrets.yaml"
+    secrets = {
+      jay_password = {
+        neededForUsers = true;
+      };
+    };
+  };
+}
+

nodes/hosts/common/system/users.nix

@@ -1,16 +1,16 @@
 { config, inputs, ... }: {
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  #sops.secrets = {
+  sops.secrets = {
-  #  jay_password_hash = { };
+    jay_password_hash = { };
-  #};
+  };
 
   users = {
-    #mutableUsers = false;
+    mutableUsers = false;
     users.jay = {
       isNormalUser = true;
       description = "jay";
-      #hashedPasswordFile = config.sops.secrets.jay_password_hash.path;
+      hashedPasswordFile = config.sops.secrets.jay_password.path;
-      hashedPassword = "$6$RTOXVXRP1iLIXnQb$rVtTeqlJ7g3AcZgftmVdKFnT2ggCsnVayPlT4beLST9Oz2LHGT2fdcOC/yaQkISK3wzFLqh47fSHgQvRUWpl41";
+      #hashedPassword = "$6$RTOXVXRP1iLIXnQb$rVtTeqlJ7g3AcZgftmVdKFnT2ggCsnVayPlT4beLST9Oz2LHGT2fdcOC/yaQkISK3wzFLqh47fSHgQvRUWpl41";
       extraGroups = [ "networkmanager" "wheel" ];
     };
   };