added sops for all three systems

systems/game-laptop/default.nix

@@ -1,6 +1,7 @@
 inputs: {
   pkgs,
   settings,
+  config,
   ...
 }: {
   imports = [
@@ -38,6 +39,8 @@ inputs: {
     hostName = "game-laptop";
     networkmanager.enable = true;
   };
+  #user managment
+  sops.secrets.root.neededForUsers = true;
   users = {
     mutableUsers = false;
     users = {
@@ -56,7 +59,7 @@ inputs: {
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop"
         ];
-        initialHashedPassword = "$6$hgiDFHEMVEA39Snj$Huxf2a/yd/gSO2ZwntxI5Z65c1kCf35lvbkA61knP5i5NLPuIy4cybBBv9lnd24LVR9sfi9Tss96VQdsGCQhq1";
+        passwordFile = config.sops.secrets.root.path;
       };
     };
   };

systems/game-laptop/secrets.yaml

@@ -0,0 +1,30 @@
+root: ENC[AES256_GCM,data:gfCCoKcYfjb1tLUSlvzpEwEvteSaW+Jn71Tox6iLZ/EO0Dyka7pCAQO6zZyiPOSxSsb8aPd3EcRdQntLkIO1SMI1CpNcmXGoDg==,iv:FuEj+M4A0YUS7CXV92HjdZ+DIeRUQQvBpSm2ZkG0d7A=,tag:03vDVAQaBhzBa2ft0Kik+g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ysqxltx69j4u7u0ur7qutnm24t5t23g5h6nxersytvfvk6dz2saqr6u5j2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWWYyVUtxaFFCWVNtdkhY
+            aitLQ21jd2tnK0dPVVlnKzRVMWw4aHN2cERvCllxSCs1Q25LZXF6OHdkSkJ1NXhE
+            MU8xdUh1dnAvanQ3b0pRV3VyZTNvNjgKLS0tIHhITlNzd3M0aGZxdVFJZDdUbnRL
+            SWJweXRzRWlRUGhERDQxbk9NZUtSOVkKjkO/WqgWXqZs8mgj/jpAon0xiVpCMJoN
+            NIFTMuuA998BwiAgCBxv9FojKPdQVj6GMT9Y4Er2azvBY2Q2opbdVg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1xghz0ea7dap38fukk053nmse5gd0jhdn8gvsfpvs6sfmgg33m4gs606nx9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZitENjgyZjhoTm56ZnVO
+            YTFLcjZud2o1ZzF6ZjVlemREUEhPMjczaFE4CnJ1Wi9nWUxnVVc0WUY4dFI1ZVQr
+            RWlvUWVPYkVNSVFiMEtGKzF4WVlvWmMKLS0tICtteUd1M2x1YzRVVDFrc2hhY29l
+            aEp6b0d4aDBiVVpJZVZuNjRzSHgyZEEKNi3jHZBXSm9pKc3yj8IEsqv/8D1porFD
+            q1kDWJPVz4193oE9e1SckpTCfMA562ryIK6jQIPMe8KnrOTsCiKRLg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-03-07T23:17:17Z"
+    mac: ENC[AES256_GCM,data:ESfsr7BftDPSEa+WRiX2bpH6AvFcAfWAVMSAODzjPxj5Z3ABxLxeSs8YMg0rdmgrAX+LCLigZ6iiYSQWIFlh4PSW/lBqgin+NUvacn6iYv8bC5AQBPv1S+qV2+jyzRM9kJex8kWvmUhxNxFqGsS9IK5xUijEOnNRGfgiuOkqzjc=,iv:afoaBSy81f1h849nVYZG4pNJXxSvLu0uIdfXEfP0HYw=,tag:HrHgbAbtYX4YwR7HGD2i5w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

systems/gerg-desktop/default.nix

@@ -2,6 +2,7 @@ inputs: {
   pkgs,
   settings,
   self,
+  config,
   ...
 }: {
   imports = [
@@ -13,8 +14,8 @@ inputs: {
     (import ./zfs inputs)
     (import ./minecraft.nix inputs)
   ];
-  system.stateVersion = "23.05";
 
+  system.stateVersion = "23.05";
   localModules = {
     X11Programs = {
       sxhkd.enable = true;
@@ -80,6 +81,10 @@ inputs: {
     firewall.enable = true;
   };
   #user managment
+  sops.secrets = {
+    root.neededForUsers = true;
+    gerg.neededForUsers = true;
+  };
   users = {
     mutableUsers = false;
     users = {
@@ -92,7 +97,7 @@ inputs: {
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
         ];
-        initialHashedPassword = "$6$hgiDFHEMVEA39Snj$Huxf2a/yd/gSO2ZwntxI5Z65c1kCf35lvbkA61knP5i5NLPuIy4cybBBv9lnd24LVR9sfi9Tss96VQdsGCQhq1";
+        passwordFile = config.sops.secrets.gerg.path;
       };
       "root" = {
         uid = 0;
@@ -101,7 +106,7 @@ inputs: {
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
         ];
-        initialHashedPassword = "$6$KV00qSRKyx1hpZjX$kwzWN4UuQxHSFwA4vYtRTcYecQyR.Qelvvcr90ZfZ4y.LISUcx2PDHH9/7REwsoAHD./KlAnwlsm1hxeLoGpl/";
+        passwordFile = config.sops.secrets.root.path;
       };
     };
   };

systems/gerg-desktop/minecraft.nix

@@ -4,9 +4,9 @@ _: {...}: {
     hostBridge = "bridge0";
     localAddress = "192.168.1.10/24";
     localAddress6 = "2605:59c8:252e:500:200:ff:fe00:10/64";
-    bindMounts."/mnt/minecraft" = {
+    bindMounts."/persist/minecraft" = {
       mountPoint = "/minecraft";
-      hostPath = "/mnt/minecraft";
+      hostPath = "/persist/minecraft";
       isReadOnly = false;
     };
     config = {pkgs, ...}: let

systems/gerg-desktop/parrot.nix

@@ -1,6 +1,6 @@
 _: {
   pkgs,
-  settings,
+  config,
   ...
 }: {
   #discord bot stuff
@@ -12,9 +12,10 @@ _: {
     after = ["NetworkManager-wait-online.service"];
     script = "parrot";
     serviceConfig = {
-      EnvironmentFile = "/home/${settings.username}/saveme/.env";
+      EnvironmentFile = config.sops.secrets.discordenv.path;
       Restart = "on-failure";
       RestartSec = "30s";
     };
   };
+  sops.secrets.discordenv = {};
 }

systems/gerg-desktop/secrets.yaml

@@ -0,0 +1,23 @@
+discordenv: ENC[AES256_GCM,data:2p39yDXSVpNlCpoffnG6HxHsRoBjPsC0r3QwCisKHbxXFi94poLEF1i4H56NNhRkIZdsJlOFFHgmQd6GGLilTzdGSbnDwFV1vbqKhG2XYuei0ES4W1juvuigycfnPLsk3ZQnq/+TL09WSyQk+tyLCcILUgqL8B75J34=,iv:4ClckaNwsLig1rt9WeagJDixD54SReLCfG4SHyAjs+I=,tag:xPhyzl9Q5kobuhSMAfkIcg==,type:str]
+root: ENC[AES256_GCM,data:3gGH5gjXBvZwkGyDA+AoqBwIQtWNkfreH/42xvkZlB8wM9g/lpJCeQ6EG2dkJTUv10h6Ym9m8AeRB5dreCmUo4HG6wS8+A7HLg==,iv:sKVcxn3DpIuv2qEwIedGFLlatr1tMTRC0L+fr//0T0c=,tag:wDJz3jYLTN3L2o7ZHWepJg==,type:str]
+gerg: ENC[AES256_GCM,data:0d+dAgbvaJ2X1QDSMteElbhJMy2lYcpOv0av+BBnIX7rrL8qZ/eGG9rrd9QXmEDIPxKyKwOcBbhYUaBsYHfwRRVP6LXH50V2eA==,iv:JzUNNL9m4hBrvFzSN6iQW/gmAiwvUbxOA73Q6TGPDb0=,tag:BclDA30EUFjpceopRN+nUg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1xghz0ea7dap38fukk053nmse5gd0jhdn8gvsfpvs6sfmgg33m4gs606nx9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSGc4emRNTlYvb293cUQw
+            ajRaNmg5U0xuWHkwR0ZVQ2YzNFZ1UXlVWHg4ClZEam12cUVMZ0pabWgxcUlmUHdw
+            TVlXOGlWcmZJSDdRQ3RtVnFMWWovZE0KLS0tIEExY3lISy92ODJ1TlNpUlNWbnRZ
+            aDhTUE96bUJHRUZ3N1NaWkhtbDhRVFEKYDGFkjPtHefXdAOxwUQjsoPXDIG/0uxL
+            lpTayh67qFmVsmWE8it6sPKgjNF1+UnP3aelAOOoa+53CePPrER5lw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-03-07T22:30:32Z"
+    mac: ENC[AES256_GCM,data:6MV0ATHKAcgm6jRZ7KiGQo8Y4xlTWMoyROqyLTy+a895o9H/K+x+X1eGdFFdcBxTvN90njz0Bh3/MjkzM36UKyYLSeXMSpDFKwVKgT6qK+rWyn3s+fIIZA3tiR//tRLqA04H0JaieMjVqK/ns7UQx92NU7bC3KTo0dKy26mWfWQ=,iv:XhSNXgmPV1bOXL8ZtppJ/nipIYOUElYbVuZ32/hsAIA=,tag:V3XM3sP9FtwKWZuYdoAmEQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

systems/moms-laptop/default.nix

@@ -1,6 +1,7 @@
 inputs: {
   pkgs,
   settings,
+  config,
   ...
 }: {
   imports = [
@@ -34,6 +35,7 @@ inputs: {
     networkmanager.enable = true;
   };
   boot.kernelPackages = pkgs.linuxPackages_latest;
+  sops.secrets.root.neededForUsers = true;
   users = {
     mutableUsers = false;
     users = {
@@ -52,7 +54,7 @@ inputs: {
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop"
         ];
-        initialHashedPassword = "$6$hgiDFHEMVEA39Snj$Huxf2a/yd/gSO2ZwntxI5Z65c1kCf35lvbkA61knP5i5NLPuIy4cybBBv9lnd24LVR9sfi9Tss96VQdsGCQhq1";
+        passwordFile = config.sops.secrets.root.path;
       };
     };
   };

systems/moms-laptop/secrets.yaml

@@ -0,0 +1,30 @@
+root: ENC[AES256_GCM,data:t/txu0G+jfcPAizbs/HuRYCXwGxa9z6F+zx0L/44Gw/8bdjJgNdD3LW3Mz9rezFPSUCK+IWLsqoeSUSsBZ2kMNn7V1sXcDduDw==,iv:ltGLcryejPNVq4eyl9ai6Se2Jhe+fRoC1s9lQCXPuk8=,tag:tArHrkX87TAV/3DzaJp8Tg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ttk7swzzjed2sxpvwywazlhdmxnn4cc6d6fjw89fd7va447l6ypqlk6c70
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOGhsSHNqejZqUXg5bEl4
+            b2c2aWpDRUJ4cEpnYVNJV1l2U2IvTUp1L0NzCk9JZGVZN1RxZDUyOHIyakhxWVJQ
+            eml1anIzT0NwWEY4eHNFYnpCdHVxVjQKLS0tIEhQRW55bGZUeXc0eU11Lzg1eC9m
+            TDljQ25aSkg3cDFKRXZGcU9QUW91TVkKAepZUfIRS9oRqZRUIa+ylcgw1+JIQPkn
+            OfG/KsLYCEXw+IU+ICV6UbqppPlsXQHTxBsPOTIhlSxfUo4TfTJwFg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1xghz0ea7dap38fukk053nmse5gd0jhdn8gvsfpvs6sfmgg33m4gs606nx9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1dTRTTVY1RUR4ZU80SXZJ
+            S2tWdm9odHAvaTFFSk82T1AyWUM5b3gybFJvClVyYzFjSEM3WEltanZpYTJCVEN0
+            ZEUvbkhVU0NuMHA4a3FHdUhrSTA3MjAKLS0tIGc0ZkdrckpaSUdJMnk0Y3hWU3VU
+            MFRPWW5KUDNLeFVjNVNlOWY4Vk4xYkUK7z19g5H4ZvLoCme/gkNjQL2dRoHevDc3
+            jS8zxW7a/c5UrE7FHbzt/zLkvaukosq9/wvuCUfliq6VTUvu3cEICg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-03-07T23:18:13Z"
+    mac: ENC[AES256_GCM,data:dX16i5ec8YDP6j6l0FWlvywTwtKAymC6g1P5c+ScudgSSY8+yiF9y7PdG6jfB99UIp3H8P9syJCO2B01QMwCYlMqFcKpbMgFxnDDdN7J/abbKFJrROdBs7aTRWT2973vl+qqPX7f739t6o/81Dq4R764egnUPrG52PfnB+7ly3k=,iv:U4YCEKI9MDhS3DH4Zv68ru+uElDNhWfoodZfIBhHEFU=,tag:P7lzkGTsqGkoZlZoJbTE7w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3