From 414ca82c7d6e97458bcc92b8946dc5fc1a16a289 Mon Sep 17 00:00:00 2001
From: oqyude <oqyude@gmail.com>
Date: Thu, 9 Oct 2025 15:37:52 +0300
Subject: [PATCH] sops

---
 nixosModules/users.nix | 24 ++++++++++++------------
 secrets/default.yaml   | 16 ++++++++++++++++
 secrets/example.yaml   |  0
 3 files changed, 28 insertions(+), 12 deletions(-)
 create mode 100644 secrets/default.yaml
 delete mode 100644 secrets/example.yaml

diff --git a/nixosModules/users.nix b/nixosModules/users.nix
index 85d2020..681c16e 100755
--- a/nixosModules/users.nix
+++ b/nixosModules/users.nix
@@ -35,19 +35,19 @@
       sshKeyPaths = [ "/etc/ssh/id_ed25519" ];
       generateKey = true;
     };
-    defaultSopsFile = ../secrets/example.yaml;      # наш зашифрованный файл
+    defaultSopsFile = ../secrets/default.yaml;      # наш зашифрованный файл
     # Указываем секрет SSH-ключа:
-    # secrets.ssh_key = {
-    #   # формат секрета (YAML по умолчанию)
-    #   format = "yaml";
-    #   sopsFile = ../secrets/default.yaml;
-    #   # (имя ключа в YAML: "ssh_key", т.е. ключ из файла выше)
-    #   key = "ssh_key";
+    secrets.ssh_key = {
+      # формат секрета (YAML по умолчанию)
+      format = "yaml";
+      sopsFile = ../secrets/default.yaml;
+      # (имя ключа в YAML: "ssh_key", т.е. ключ из файла выше)
+      key = "ssh_key";
 
-    #   path = "/home/test/.ssh/id_ed25519";
-    #   owner = "root";   # владелец – наш пользователь
-    #   group = "root";  # группа пользователя
-    #   mode = "0600";                           # права 600
-    # };
+      path = "/home/test/.ssh/id_ed25519";
+      owner = "root";   # владелец – наш пользователь
+      group = "root";  # группа пользователя
+      mode = "0600";                           # права 600
+    };
   };
 }
diff --git a/secrets/default.yaml b/secrets/default.yaml
new file mode 100644
index 0000000..3f0ead1
--- /dev/null
+++ b/secrets/default.yaml
@@ -0,0 +1,16 @@
+ssh_key: ENC[AES256_GCM,data:xa1sTBAHSBhkZ4SxEIWJZ7trb4EbFIbQTiTiBU0ARg0Rptz0UipQBG3tM7hoML1VnZOS1Xe3N61pKmwhvgtfay+Xs7Fb9Mj3k9MIgo58UozgufzrG3w0gZq6hpXSDkd83H2iRcQnsXitYy+3Jl5/Dvr/ldVcSlrkX+qXb8VrrXf6buoCozTZL0UAKRKH3CHTgZZyltT5XdA24o6eCBqHZF+VA5VOS+S8ESkrdASFAtAokidLZFlXOKkNoxOG+eDJz5d6M02Vpk73g9ZBjdeBdrbDw8i11/opEENzEUTEg5I/uPj7JGbsiGjYNYNBFw2xoHYl2MbCLO+785k89HQep6xmPhSeL9KWriMPncJnYS9Z4puai/+4lGN8uXNjVN2aAG/0m7zbZxYS4kwdOK7JCTmxW1OnLB/ujTLW5lY0256YMSYaGdL/VNXEvm0ObIwzQ/OWzJk7aRjSsZbqjTQMP76weYukZNybMPuL6rz3CpGaIBPvSy5COe7dyYvLRWGq7p/rWcTn/SMFHi10Rt31,iv:R5brgW6svZtIttvzDZjqS7PdApXhJZZsi2ZBRcF1f8g=,tag:jSZ1uAFj/exFqF8WTvms3A==,type:str]
+sops:
+    age:
+        - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2bU9xUDVRMEdCMUczZity
+            TS9SeFJzdWNRTkdTUk1LTWJZOUY1VW1iY204Ck52bWlaaG8wZTZaZnJ5WXFaRW56
+            dVhHRENVcW1BRDJaRzFiTmJDekdvSkEKLS0tIC9nVTQ4WEVTRk5iVjNRQ2lKRVNo
+            Y3ZpV3BuY1dyMzFEbU9kWjBzV3JJVkEKYRTSsHuOSMDleYst5loSPQpKY0ovf3l9
+            yadmT0jBd0TbUT4kZulgAdR96b/EdDVUCJNP6HrILpiai1KI8sjyjw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-10-09T12:35:23Z"
+    mac: ENC[AES256_GCM,data:H0LsP8DAHAcyV9EJTXf//luWUbJLtDoXNf/J/at/TKbTsPB6qFEIQQ7/eEwZJkQsld5r9A9gtZ/4hEUhW6jsDEQoN2JKLzU6hLizgMkgUgYmBwYQgin4QRRSeeYCUktVmbYyZMWzFNcBWjScr24zCBRfmExMSoKqf2tJvsZrQr4=,iv:CY9/xcR0jUgDpeoyo9KTroQwpMY/z0T2C2NTRaS8Dcg=,tag:qZ5sfNF59ubkhAwnyUbEKg==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/secrets/example.yaml b/secrets/example.yaml
deleted file mode 100644
index e69de29..0000000