From 2651f44be81f46c7fb5dc991cb4edcc30a02a317 Mon Sep 17 00:00:00 2001
From: Gerg-L <GregLeyda@proton.me>
Date: Sat, 11 Mar 2023 15:06:20 -0500
Subject: [PATCH] updated sops keys from user keys to host keys

---
 .sops.yaml                        |  6 +++---
 modules/sops.nix                  |  3 ++-
 systems/game-laptop/secrets.yaml  | 30 +++++++++++++++---------------
 systems/gerg-desktop/secrets.yaml | 22 +++++++++++-----------
 systems/moms-laptop/secrets.yaml  | 30 +++++++++++++++---------------
 5 files changed, 46 insertions(+), 45 deletions(-)

diff --git a/.sops.yaml b/.sops.yaml
index 01aa814..dbc470d 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,7 +1,7 @@
 keys:
-  - &gerg-desktop age1xghz0ea7dap38fukk053nmse5gd0jhdn8gvsfpvs6sfmgg33m4gs606nx9
-  - &moms-laptop age1ttk7swzzjed2sxpvwywazlhdmxnn4cc6d6fjw89fd7va447l6ypqlk6c70
-  - &game-laptop age1ysqxltx69j4u7u0ur7qutnm24t5t23g5h6nxersytvfvk6dz2saqr6u5j2
+  - &gerg-desktop age180y8kdtdlqelayyz9mq2c7xv248rh4gdfr3amjzvdcjrz6wdaqmsj762pp
+  - &moms-laptop age1vxx3qdsucv2v2slag67c4f0kwd8jtta4tue6m8d9xfl4ryrqvyusxgwl68
+  - &game-laptop age1egxes320renph0uevtmnsz4d5aw0z794c5nwrk2z6249wv2yevgqx9cf90
 creation_rules:
   - path_regex: systems/gerg-desktop/secrets.yaml$
     key_groups:
diff --git a/modules/sops.nix b/modules/sops.nix
index e401d54..b583293 100644
--- a/modules/sops.nix
+++ b/modules/sops.nix
@@ -2,6 +2,7 @@
   pkgs,
   self,
   config,
+  lib,
   ...
 }: {
   imports = [
@@ -12,6 +13,6 @@
   ];
   sops = {
     defaultSopsFile = "${self}/systems/${config.networking.hostName}/secrets.yaml";
-    age.keyFile = "/persist/sops/age/keys.txt";
+    age.sshKeyPaths = lib.mkForce ["/etc/ssh/ssh_host_ed25519_key"];
   };
 }
diff --git a/systems/game-laptop/secrets.yaml b/systems/game-laptop/secrets.yaml
index 44a2c94..f060070 100644
--- a/systems/game-laptop/secrets.yaml
+++ b/systems/game-laptop/secrets.yaml
@@ -1,30 +1,30 @@
-root: ENC[AES256_GCM,data:gfCCoKcYfjb1tLUSlvzpEwEvteSaW+Jn71Tox6iLZ/EO0Dyka7pCAQO6zZyiPOSxSsb8aPd3EcRdQntLkIO1SMI1CpNcmXGoDg==,iv:FuEj+M4A0YUS7CXV92HjdZ+DIeRUQQvBpSm2ZkG0d7A=,tag:03vDVAQaBhzBa2ft0Kik+g==,type:str]
+root: ENC[AES256_GCM,data:ZHWgqJt4zMWuN/8rkmOQngBvw85MRCXsbLpgKj4Hzd8cDvvr6HIwsECiZZHh8Yp5FDL5t2IokIEf4KT8mqvm1bhakvWyMtP3tw==,iv:RTNPLxCDm+bsu70EbasUfxCtgp1+86aW+aFQECZTAPU=,tag:uDbUE3vw0kc30WsKLOtVbw==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age1ysqxltx69j4u7u0ur7qutnm24t5t23g5h6nxersytvfvk6dz2saqr6u5j2
+        - recipient: age1egxes320renph0uevtmnsz4d5aw0z794c5nwrk2z6249wv2yevgqx9cf90
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWWYyVUtxaFFCWVNtdkhY
-            aitLQ21jd2tnK0dPVVlnKzRVMWw4aHN2cERvCllxSCs1Q25LZXF6OHdkSkJ1NXhE
-            MU8xdUh1dnAvanQ3b0pRV3VyZTNvNjgKLS0tIHhITlNzd3M0aGZxdVFJZDdUbnRL
-            SWJweXRzRWlRUGhERDQxbk9NZUtSOVkKjkO/WqgWXqZs8mgj/jpAon0xiVpCMJoN
-            NIFTMuuA998BwiAgCBxv9FojKPdQVj6GMT9Y4Er2azvBY2Q2opbdVg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpU2NMRHVkRDV1ekpvZUJz
+            WDlFWjh5SU1EY3FOSFpNUmhLd3Z2N0VtdjM4Ck1RMWFkenZvV3NESnhSNnF4MnBL
+            dmwvdU4rbmRxTnI3R1lRWUw4NkFTZFEKLS0tIHBLWVMzTmhsbU5ORkVld2VBR0hD
+            SlZBR1ZmRENXRVVaVXlEVnNvOEN1YkUKrIvpZHRRxYBj83kchgGWVNPsrGnmnWEh
+            80avkBy/6iCYmGEJ7PA4qxAea6jTOfaX+WbVm/jbmXpBEmE/NjPL5w==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1xghz0ea7dap38fukk053nmse5gd0jhdn8gvsfpvs6sfmgg33m4gs606nx9
+        - recipient: age180y8kdtdlqelayyz9mq2c7xv248rh4gdfr3amjzvdcjrz6wdaqmsj762pp
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZitENjgyZjhoTm56ZnVO
-            YTFLcjZud2o1ZzF6ZjVlemREUEhPMjczaFE4CnJ1Wi9nWUxnVVc0WUY4dFI1ZVQr
-            RWlvUWVPYkVNSVFiMEtGKzF4WVlvWmMKLS0tICtteUd1M2x1YzRVVDFrc2hhY29l
-            aEp6b0d4aDBiVVpJZVZuNjRzSHgyZEEKNi3jHZBXSm9pKc3yj8IEsqv/8D1porFD
-            q1kDWJPVz4193oE9e1SckpTCfMA562ryIK6jQIPMe8KnrOTsCiKRLg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRXMySTF5VGRkK0N6NTZt
+            Sml4N3hjNXVLcXpmME1KSm1yTDZNVzdscEZNClk0TlZEUmNLN09PM0tMOHc1ZkJH
+            OTdzdVBSVkVpeHN5UVZvMTV1MW80RXMKLS0tIDR6SVcwWmtnWkV2UTRnb2lmZEdU
+            OHNBcUxydUJpMVdON21rMHBiNFRRRk0KokksVnVDldZvC7tqjjDVsU7z3Uh0ytQ3
+            tLdO8k+HxRYfFqhgfq2z7vTzHOVcZRvgiihYV4kLR9lnivpL6uOB+A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-03-07T23:17:17Z"
-    mac: ENC[AES256_GCM,data:ESfsr7BftDPSEa+WRiX2bpH6AvFcAfWAVMSAODzjPxj5Z3ABxLxeSs8YMg0rdmgrAX+LCLigZ6iiYSQWIFlh4PSW/lBqgin+NUvacn6iYv8bC5AQBPv1S+qV2+jyzRM9kJex8kWvmUhxNxFqGsS9IK5xUijEOnNRGfgiuOkqzjc=,iv:afoaBSy81f1h849nVYZG4pNJXxSvLu0uIdfXEfP0HYw=,tag:HrHgbAbtYX4YwR7HGD2i5w==,type:str]
+    lastmodified: "2023-03-11T20:03:05Z"
+    mac: ENC[AES256_GCM,data:buZBqAIO8IAHUu2tXzvUcMcvBL0r/Y5cCSrVvFHlAaUyNCkXktW0ZvW6n3mdEhKx8GzVYlvW5p9iDEkeyrD6YwcFVqXyW2tI0at1TevJwFc17AFXOPYRF7V2QrPX6lvLoZtxBcKeqXfn8mO+2QSyhYIheuln99YilHVYtLzujfk=,iv:v+E18iYaExTx66OGyJUCn5ygVNCDx54PekgrQo98V8U=,tag:+Ktm/mAHwq8h+IZ8eMnIhA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3
diff --git a/systems/gerg-desktop/secrets.yaml b/systems/gerg-desktop/secrets.yaml
index e15f33f..f5f4f8d 100644
--- a/systems/gerg-desktop/secrets.yaml
+++ b/systems/gerg-desktop/secrets.yaml
@@ -1,23 +1,23 @@
-discordenv: ENC[AES256_GCM,data:2p39yDXSVpNlCpoffnG6HxHsRoBjPsC0r3QwCisKHbxXFi94poLEF1i4H56NNhRkIZdsJlOFFHgmQd6GGLilTzdGSbnDwFV1vbqKhG2XYuei0ES4W1juvuigycfnPLsk3ZQnq/+TL09WSyQk+tyLCcILUgqL8B75J34=,iv:4ClckaNwsLig1rt9WeagJDixD54SReLCfG4SHyAjs+I=,tag:xPhyzl9Q5kobuhSMAfkIcg==,type:str]
-root: ENC[AES256_GCM,data:3gGH5gjXBvZwkGyDA+AoqBwIQtWNkfreH/42xvkZlB8wM9g/lpJCeQ6EG2dkJTUv10h6Ym9m8AeRB5dreCmUo4HG6wS8+A7HLg==,iv:sKVcxn3DpIuv2qEwIedGFLlatr1tMTRC0L+fr//0T0c=,tag:wDJz3jYLTN3L2o7ZHWepJg==,type:str]
-gerg: ENC[AES256_GCM,data:0d+dAgbvaJ2X1QDSMteElbhJMy2lYcpOv0av+BBnIX7rrL8qZ/eGG9rrd9QXmEDIPxKyKwOcBbhYUaBsYHfwRRVP6LXH50V2eA==,iv:JzUNNL9m4hBrvFzSN6iQW/gmAiwvUbxOA73Q6TGPDb0=,tag:BclDA30EUFjpceopRN+nUg==,type:str]
+discordenv: ENC[AES256_GCM,data:/A46urPOiqH2ejKmmzCIpR/g2hU6n/AUTNQPikAxvp1PikWgX8JX+NPrGSGgxpn82B70JlwGK9T+9Fe9gaFgswhMrUj19TQ1kERW8HWLJ1LptvJTOsX57rKihJZUwD0v7g/Xof75U68dKPzdSlH7z16r0iOVA6ET4/w=,iv:0HK+0eBMf3awgQrbwXAEsBniTsxqj+izmftoB/UEp64=,tag:EajyB09aJPnHpss3Jv5SaQ==,type:str]
+root: ENC[AES256_GCM,data:9rmkBNILB1vvfaXtnU8mXqTIkoyI5R3FJKkh941Jhszrdj0FsmO8u3IFGAaCoe3TLVFOcRCS3QQWOZeZOvhUDvebZyYpVP/3ow==,iv:y8jvSxfrONSYqJ+xoxecN712EGiyawN1Q3VFjAMZO+g=,tag:jCCTZHTs01hioNKMlTd7Rw==,type:str]
+gerg: ENC[AES256_GCM,data:7xH/9DgMFzGPXCSv+r/KisRjQYB7ZR+Lr1nSdtbbXk8hc4UseubX8jAHGs0lrqxkOeXweXviU3J5ap3uHcNl5AWtGGTopSM9Tg==,iv:mAb9Th/Mm9SSrqqj4cdaxMdIiGGBEXKBZqU8ItmEsOE=,tag:ZgaUyw+ZT8+RQv2ngPL4xA==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age1xghz0ea7dap38fukk053nmse5gd0jhdn8gvsfpvs6sfmgg33m4gs606nx9
+        - recipient: age180y8kdtdlqelayyz9mq2c7xv248rh4gdfr3amjzvdcjrz6wdaqmsj762pp
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSGc4emRNTlYvb293cUQw
-            ajRaNmg5U0xuWHkwR0ZVQ2YzNFZ1UXlVWHg4ClZEam12cUVMZ0pabWgxcUlmUHdw
-            TVlXOGlWcmZJSDdRQ3RtVnFMWWovZE0KLS0tIEExY3lISy92ODJ1TlNpUlNWbnRZ
-            aDhTUE96bUJHRUZ3N1NaWkhtbDhRVFEKYDGFkjPtHefXdAOxwUQjsoPXDIG/0uxL
-            lpTayh67qFmVsmWE8it6sPKgjNF1+UnP3aelAOOoa+53CePPrER5lw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NWRPckFGSDlWZHpFSFFo
+            bHMxbHNhRmdEVUJjdnpjeEIwYXFJWUtuYVdBCm13bHVudzBKaXFwVW0xRzErYW9J
+            ZUN2QnhjZndVQUUxSTFJZWF6KzFzNkEKLS0tIDVmcnd0WGtLK2dFR3lqWktDd1hG
+            dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy
+            MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-03-07T22:30:32Z"
-    mac: ENC[AES256_GCM,data:6MV0ATHKAcgm6jRZ7KiGQo8Y4xlTWMoyROqyLTy+a895o9H/K+x+X1eGdFFdcBxTvN90njz0Bh3/MjkzM36UKyYLSeXMSpDFKwVKgT6qK+rWyn3s+fIIZA3tiR//tRLqA04H0JaieMjVqK/ns7UQx92NU7bC3KTo0dKy26mWfWQ=,iv:XhSNXgmPV1bOXL8ZtppJ/nipIYOUElYbVuZ32/hsAIA=,tag:V3XM3sP9FtwKWZuYdoAmEQ==,type:str]
+    lastmodified: "2023-03-11T20:00:46Z"
+    mac: ENC[AES256_GCM,data:t51wrngspR7OY5CYBj5k9UhnTfuy51+MzC6viKgfR0dKxzLRNlyUAUAIz7S6TF6FBCm9o7CP7N1E/Uzz9yF+pz8F1MUQNynvtRs/79vQxLKj4Ek+sXHPzQxmexUo6ipCajnzp29n2fEkzmEgymyS1oMbU8a3sKY6r5Kvlz2yv7M=,iv:2PxKWz70zdrjqRhM7L5CjR6tN04TfAf2FU5lGMswOZo=,tag:LlYEY6vpRenBEbEOX+EWPQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3
diff --git a/systems/moms-laptop/secrets.yaml b/systems/moms-laptop/secrets.yaml
index 13eedbe..2df221f 100644
--- a/systems/moms-laptop/secrets.yaml
+++ b/systems/moms-laptop/secrets.yaml
@@ -1,30 +1,30 @@
-root: ENC[AES256_GCM,data:t/txu0G+jfcPAizbs/HuRYCXwGxa9z6F+zx0L/44Gw/8bdjJgNdD3LW3Mz9rezFPSUCK+IWLsqoeSUSsBZ2kMNn7V1sXcDduDw==,iv:ltGLcryejPNVq4eyl9ai6Se2Jhe+fRoC1s9lQCXPuk8=,tag:tArHrkX87TAV/3DzaJp8Tg==,type:str]
+root: ENC[AES256_GCM,data:tQMtWAjqHcuny+6R3M0BFyEaFiaAr0eU04xhLiMdZ9KuqeQoV2aasJ9I6yVWNeaNE/K2DEWEXIv3fhLVp11/CMBjd9Yi1An9Jg==,iv:cx1jHEioCRaL7u2zwp8NfDxnHr5zzWTOh8/gJgUKN+0=,tag:JVex88fYnSmfwhortUi0Xw==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age1ttk7swzzjed2sxpvwywazlhdmxnn4cc6d6fjw89fd7va447l6ypqlk6c70
+        - recipient: age1vxx3qdsucv2v2slag67c4f0kwd8jtta4tue6m8d9xfl4ryrqvyusxgwl68
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOGhsSHNqejZqUXg5bEl4
-            b2c2aWpDRUJ4cEpnYVNJV1l2U2IvTUp1L0NzCk9JZGVZN1RxZDUyOHIyakhxWVJQ
-            eml1anIzT0NwWEY4eHNFYnpCdHVxVjQKLS0tIEhQRW55bGZUeXc0eU11Lzg1eC9m
-            TDljQ25aSkg3cDFKRXZGcU9QUW91TVkKAepZUfIRS9oRqZRUIa+ylcgw1+JIQPkn
-            OfG/KsLYCEXw+IU+ICV6UbqppPlsXQHTxBsPOTIhlSxfUo4TfTJwFg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwU3doYWlIdWEwTmVOUGRY
+            aGJPMy9ac1RoUS9LdUcvbkxSU1N2MVpIeFRjCmV6QTlhMUhoVmdUOGdFdmVMNW5h
+            cVI4YlBwaEZFbC8xZWYrMFZQOFVaQzgKLS0tIHMzN081UmowTXYzc1hhNk5FOWdu
+            Vmh5WGFXT2M0dUttQjMxMXA5TUJFTkEKvI3cbR9A9vK6oiEc6Qaj9j84FxVekQvl
+            ZfQhT6nLrh7IjR+uJ1ZqwJioSsGKLCDmBropjTWei469fJkma7p8BQ==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1xghz0ea7dap38fukk053nmse5gd0jhdn8gvsfpvs6sfmgg33m4gs606nx9
+        - recipient: age180y8kdtdlqelayyz9mq2c7xv248rh4gdfr3amjzvdcjrz6wdaqmsj762pp
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1dTRTTVY1RUR4ZU80SXZJ
-            S2tWdm9odHAvaTFFSk82T1AyWUM5b3gybFJvClVyYzFjSEM3WEltanZpYTJCVEN0
-            ZEUvbkhVU0NuMHA4a3FHdUhrSTA3MjAKLS0tIGc0ZkdrckpaSUdJMnk0Y3hWU3VU
-            MFRPWW5KUDNLeFVjNVNlOWY4Vk4xYkUK7z19g5H4ZvLoCme/gkNjQL2dRoHevDc3
-            jS8zxW7a/c5UrE7FHbzt/zLkvaukosq9/wvuCUfliq6VTUvu3cEICg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZk1ScGpmT1Fjd1p3MFFw
+            dE1mRjUyQkN4N05VMThUZnNHL2pQbjVQem5nCjVsejY0L0piTHMzOVo4d2xHL2Fq
+            aVp0WXpMbUlEMGFoS080N1BITXhDa1EKLS0tIHRTSTAybUFUZFFNL1NOWHduWmE3
+            SVJpZmRIcjJZWjNGZFllTGU4L0NLZG8K/J87ETorELtOxABopOvEcRPiY8qubzou
+            Ogs1d+4CqPx/PC4tW06tkp8Fp8DWcr8/XxxsPJ9DBfVT7wCRb/RqCw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-03-07T23:18:13Z"
-    mac: ENC[AES256_GCM,data:dX16i5ec8YDP6j6l0FWlvywTwtKAymC6g1P5c+ScudgSSY8+yiF9y7PdG6jfB99UIp3H8P9syJCO2B01QMwCYlMqFcKpbMgFxnDDdN7J/abbKFJrROdBs7aTRWT2973vl+qqPX7f739t6o/81Dq4R764egnUPrG52PfnB+7ly3k=,iv:U4YCEKI9MDhS3DH4Zv68ru+uElDNhWfoodZfIBhHEFU=,tag:P7lzkGTsqGkoZlZoJbTE7w==,type:str]
+    lastmodified: "2023-03-11T20:02:40Z"
+    mac: ENC[AES256_GCM,data:XK10hpfe5zKQvP4Lf0lXTgmSULsqC446CYR7B57R6G99BJgpkdYOK9Zi1IHF3g1mwjplxY3LSi8mW+ETV7DgnhOhpTiGJQzFKmLVQCogImM63aWR6/SYRAoI3wvgb4TMv/cZvaqRHmU+HzjTN5ZCGWDfKyQvFVjOWps8FvK4kNM=,iv:cK5ARa1+Qtw/LHHNUZVFa1k79LuDIW40jhS9AyEBUCQ=,tag:b621ftO1UVE1/4G3KVsIOQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3