a

boxes/desktop/home.nix

@@ -15,6 +15,9 @@ let
 
 in
 {
+imports = [
+    inputs.sops-nix.homeManagerModules.sops
+]
   programs.zsh.enable = true;
   programs.zsh.oh-my-zsh.enable = true;
   programs.zsh.initExtra = builtins.trace _z1 _z1;

boxes/wsl/home.nix

@@ -1,6 +1,7 @@
 { config, lib, pkgs, inputs, ... }:
 
 let
+  _s1 = import ../../common/sops.nix {inherit configl; };
   files = import ../../common/files.nix { inherit config; };
   shell = import ../../common/shell.nix { inherit config pkgs; };
   p = import ../../common/pkgs.nix { inherit pkgs config; };
@@ -15,6 +16,10 @@ let
 
 in
 {
+imports = [
+    inputs.sops-nix.homeManagerModules.sops
+];
+sops = _s1;
   programs.zsh.enable = true;
   programs.zsh.oh-my-zsh.enable = true;
   programs.zsh.initExtra = builtins.trace _z1 _z1;

common/files.nix

@@ -9,10 +9,13 @@
     target = "./.config/.eslintrc.json";
   };
   gh = {
-      recursive = true;
-      source = ../dotfiles/gh;
-      target = "./.config/gh";
+    source = ../dotfiles/gh/config.yml;
+    target = "./.config/gh/config.yml";
   };
+  gh_auth = {
+    source = config.sops.hosts.path;
+    target = "./.config/gh/hosts.yml"
+  }
   btop = {
     recursive = true;
     source = ../dotfiles/btop;

common/sops.nix

@@ -0,0 +1,10 @@
+{ config }:
+{
+  age.keyFile = "/home${config.home.username}/.config/sops/age/keys.txt";
+  defaultSopsFile = ../../secrets.yaml;
+  secrets.hosts = {
+    format = "binary";
+    sopsFile = ../../secrets/hosts;
+    owner = "${config.home.username}"
+      };
+  }

secrets/hosts

@@ -0,0 +1,28 @@
+{
+	"data": "ENC[AES256_GCM,data:90aRKN1foxr77gsPKWqjlk0GU0QnQIPdHNyfdUhjp5Ws7+5QoR0QHSLfWKM9iFU9Ee5UZrSX2z24hY7pbTMOubRf5zQmNEK+phT98m8PqHxrdxctRSHKgklLdAiGH03yM41ZsCoRpMW3nnHbJh6UhyHiwxMTGJg/2XlueEVYlh1vla0hsaFlw3XF2mEzcGNO9HghfthGg0XMsDm7qriyhd2VjWfI/DbFqQDvr2YMsC1mTYcorL5bo0dkjOZ1pR6rQA==,iv:8ntUEwOB9m+OxfKY2/oOqjS3YkcEirJgaD7ropcQzTU=,tag:cgN+e7OGVtvwC8mDBy2YJw==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1xsuyaeehzv4ar4f6xpc6tfp9pttzjf7qdyl3x2tj42vjc8szlqpq834e3d",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWGczdExuSk10K2x6Qkhv\ndlhqeGwrMjJUdTRYUjNvcmMvVjZBanE5bFhvCnIxdy9OWEZ5YVZ1b1JPaEVoRjlQ\nS2tTekdZVk1XV2o0TmdwbXFvTTU0QmcKLS0tIHEyUldoaUNXV0xuTjlqd3FiaC81\nT002TGZuOUFYOWtJNHQ5VEZxRGdGZ1EKfn6ogFhUJTPOWa9pwTrQDBly1A30JppY\n164UbgNlIx+muZqkm3l+RMUx41hzIA8JwdW/yDlhFM8pl9tR3y10FQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1tq8zaaqe8t4u2jgyf7usngtzyql0ymyxq6hntmu04vt5ypwhxensmzynhl",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrN002bTJUcmt2TVNXR1Vu\nOElRLzdpdGU0c1daTjlEZlpXbXlnYTNNQ3hVCjdKcWR4UndSdUF3YnA0a1RKUy9m\ncEEyT3p4K3orNGhOT0RBa00yQS8vSW8KLS0tIElQMXdQMXdEelFPSlU3NENubVZE\nOTI5bmFFK0xUS0ZEMWtUZDloQTdOVFUKbgTzgiNPT+QXLXjNlBGK/XQFx9Ox8Bos\nTLUkJ23rsk+LMPWSO4Flpv+5ce/G2YQFV6SXlpFSYlNJlSxU2mZtWw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1cz006hex596lmj88kkhrkvq89luqk59hxuq83q4kvhz82ltwpe4ss8gm3t",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRy9UZjRCaGlOUjVtTnZI\nV3VtdWwwbzQxaDhIVUN3cVF5OEUyVm8reUF3Cjh6bFVDY3ZZUWVvQ1h0QTFEU08r\nZ2tJN3ZrVisyQmpIcnoxZGdjcWcwbDAKLS0tIGNlbTc1QUJiWHU5bnhJKzRYTDVJ\nR1lrWlVmSkJJS2dZQlFTRWloN05mK2MKGVyjmdWFtCfR0AlnH8SaDdtHXlGsVleG\nRkHDFvAN2Y62S45w5l9d66J5WykSCmgQB2TNuzlYKNAsCwTbzaBBDg==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-05-28T02:14:52Z",
+		"mac": "ENC[AES256_GCM,data:B/Jj1zszWdqX1xAABaKg/j39CwQtTXh5fh43eT1vMCk/spHXJhhZc6kdIP1Ll0xGXQobxF/fRtL5EVz2/3qz8Hi/XfTXeNZRIq4d6mhuL5SoSJfgo9NynaLu9of4zYpWJobIWFAnv/wZRq9swKUEypkGvqBzx/CmSvOsxw6EMWQ=,iv:NPFEhI6Z2rFz1cXRacj91NIdi07S/lyRyEIsVfloZpQ=,tag:Q7vEyQh933/HO3bowqKfZA==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}