From 78b61aa45cb63edce51178ae26599d9bcbce1d07 Mon Sep 17 00:00:00 2001
From: oqyude <oqyude@gmail.com>
Date: Thu, 9 Oct 2025 15:14:40 +0300
Subject: [PATCH] sops st

---
 nixosModules/users.nix | 20 ++++++++++++++++++++
 secrets/example.yaml   | 18 ------------------
 2 files changed, 20 insertions(+), 18 deletions(-)
 delete mode 100755 secrets/example.yaml

diff --git a/nixosModules/users.nix b/nixosModules/users.nix
index 4db2879..720d2e4 100755
--- a/nixosModules/users.nix
+++ b/nixosModules/users.nix
@@ -29,4 +29,24 @@
       };
     };
   };
+
+  sops = {
+    age = {
+      sshKeyPaths = [ "/etc/ssh/id_ed25519" ];
+    };
+    defaultSopsFile = ../secrets/default.yaml;      # наш зашифрованный файл
+    # Указываем секрет SSH-ключа:
+    secrets.ssh_key = {
+      # формат секрета (YAML по умолчанию)
+      format = "yaml";
+      sopsFile = ../secrets/default.yaml;
+      # (имя ключа в YAML: "ssh_key", т.е. ключ из файла выше)
+      key = "ssh_key";
+
+      path = "/home/test/.ssh/id_ed25519";
+      owner = "root";   # владелец – наш пользователь
+      group = "root";  # группа пользователя
+      mode = "0600";                           # права 600
+    };
+  };
 }
diff --git a/secrets/example.yaml b/secrets/example.yaml
deleted file mode 100755
index 3be184a..0000000
--- a/secrets/example.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-services:
-    nextcloud:
-        admin-pass: ENC[AES256_GCM,data:24E1tKwHxY94Cf+edRbvhL5J9G4=,iv:EbzcCdHnBvdW5CEapb/yGBE6lIi80BEp8HB2tMCM9oU=,tag:L5WthzTT5vNZim6n3DNOnQ==,type:str]
-sops:
-    age:
-        - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzK0gvNnVtdUZjdWtZZ0Nq
-            M3lsbUEzQnl1NGNWQjJxaVlhU3VFRzEzdFdrCnpTSks3V3lxck12MnR4anlUOWpu
-            eGpFWVJ2WHhqQXlKNEZvU1RqS2VGUlUKLS0tIEZaTktZZWpPbmdaSDg2cGk5b2FS
-            MVpCNWpoUG9TdHBLUk9YZW05WXlCWm8K0he5wgWY21Csk1LlVbEVIe5x2hmYjUAb
-            5JpaydRfVjGZ9JBkn3GTEPhZwnK6tkZ9S7LWHL3/di3w0Js2DJ2OvQ==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-26T18:22:44Z"
-    mac: ENC[AES256_GCM,data:j8X6Q0SrCGRHZkNqZpEB5AMbjK1FLFH7/6/teYcQ+qwRNyeUkN4KZmQk2Xb/wZe9oFYpBqIKE+RxSf6E26WFVpLlUV9yEB4RnEapGRIXQz23hqRyiLvLtXcc0APJhF87tQw6VCghXv0j4x7c7EuOQm+wkfgI4p0OXwmTTazNero=,iv:inWHL4wEO4UXHDWkiFaTdzf8Uky2P2fJYaRXUURBrAA=,tag:3qgo38OYqE/d8OpzxUM2ww==,type:str]
-    unencrypted_suffix: _unencrypted
-    version: 3.10.2