From 1b4b3fbd6a954a2f79814aadeb4281fe22a4e9fa Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Tue, 24 Mar 2026 23:01:19 -0500
Subject: [PATCH] moved restic password secret

---
 modules/hosts/john-pc/john-pc-ubuntu.nix |  6 ++++-
 modules/hosts/john-pc/secrets.yaml       | 34 ++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 modules/hosts/john-pc/secrets.yaml

diff --git a/modules/hosts/john-pc/john-pc-ubuntu.nix b/modules/hosts/john-pc/john-pc-ubuntu.nix
index 568f97f..3aed449 100644
--- a/modules/hosts/john-pc/john-pc-ubuntu.nix
+++ b/modules/hosts/john-pc/john-pc-ubuntu.nix
@@ -68,9 +68,13 @@ in
     # This provides the keys at build time and will be included in the nix store
     sops.defaultSopsFile = ../../../keys/secrets.yaml;
 
-    sops.secrets."restic_password/john_ubuntu" = {
+    # This will provide the edit-secrets script targeting this file
+    mysops.hostSecretFile = "${config.xdg.configHome}/home-manager/jsl-dendritic/keys/secrets.yaml";
+
+    sops.secrets."restic_password" = {
       path = resticPasswordFile;
       mode = "0400";
+      sopsFile = ./secrets.yaml;
     };
     restic = {
       passwordFile = resticPasswordFile;
diff --git a/modules/hosts/john-pc/secrets.yaml b/modules/hosts/john-pc/secrets.yaml
new file mode 100644
index 0000000..8cb56ad
--- /dev/null
+++ b/modules/hosts/john-pc/secrets.yaml
@@ -0,0 +1,34 @@
+restic_password: ENC[AES256_GCM,data:BVP4do8UgSX48ovwDH3D2Px6p3lr859F43TTO6pr/fIo78kI0btLDtP+BKbIauawHdvOR7g3dIRrJIvUqDBUnKIH8NE9VxyUrK+U9UzwX17m7T96h/gf3FJ55BEKKVecbJdLrVriq9fVQwUT0Dg2cCZQLctfhwaPNa5Jhkb2oqSKbJ6OmM10eS9KqprE+bVXnCd5vZtRWMKAKiGn3kfKieC79kUcFZla7M739+BMiYa7KvPkhmPOBYwSsWIBQrBFr9X+IDxP0EuEMHrOItnAv/TzG773PM+T+h5rgv6xY+fd1i1cBl5XIijtOGmyJDvrOQLVLTjeoY9LHzYyy31N102mP0SLoz1F4bINMzn1ykvUZCbgSdbyfbBUSS2WJmpbKGrE+KYGxLybFr+4kVYrrONK7Bg7NTWDPcTwdpgDL+Fk8KCiP2jg7sAjpaWRAkwrXpbCwhHPmjmJ7P5tlsxmGy46dZVKmZ3BhPWZlZfQDJ+8NRGn3U56MjGBACLMn1ZvSYXxyWc0SzLRPe2F106XCx3c08jzBaFVP76fLMAY0TXJ6VpvHrEsQKMGLw0pfciisfjRpKmNIPczz5N9wqgJIOrYBTlc/ipugXfJ5HunoLegzc6P/Z2Xjr38Ug0pz86+KhRviLVLvtDtouzpeejOve7FGIiOrd5dNVUsZ2QG+YI5Pbm6tiO/NgTLAWLmlsti1TKN9pen6nvi7NhDPiFMRqQi9FRF2HFxhhvW8uE3Ax8G98xlKcqtmzNidqiZJndAP5EJcJKe0WQUCLnybWNi8nmneFx8iMPEMFpxx9PeYNte4Wdv51P7NYNZmju+4NNaSuWW1sqmi4VJqw0HvhPHJ/8R+AKG8h6BWk00Nsawbn4OHGnz5+jWczUq+hsxeNDutUQf3FWRQIXNE/XGsXXEXBguk1AOScVj2GtdMa5L/Abamq1kx3osXMf2P1HqPHyzQK2a6olZPSVeERr9vk7V5/a0ZYgaIUPq3X8gieo1Fv6gSKiilQ33oAJ3dt0nDvrtzTHtyEuPn4xfG2JKvsFAKQIFbjSObsO6Lb/bVZWjFYc1Wt7I3Jcu6atHxpaFqv+riI4gbdgZ4NcsoruDvm5pGoNfVPoEylstsWXRQ3FptohQ74qr+Z8rAUGwVOXg+HFtFQqETGxy8QPWk0hLupNotxt2uIKpBal/z/6IYvHtP/KwiTaY/tlQmQ9l5qGQJLm1LfhdPCJJNvGUFEDZnrCYl34STIATcFIYmy2AzBQPABH7CFk/4MLeu8aiDRC8LV9zwm5PqYJ8DR0gFk6OJIciJ9rnPomMhyI5svpDQN+q8JpXWkUDl2Hi6sAx/jevk4+RyQaD1z2rusZjO5FJ/zVI2sT//yBdcgg7sNb3UfrIU4RjFP4Ep9iu04Mn3gOpt9RBGt7ITyzqXIvV7Qfy/1C4Uk9Fgj9T+ANPIRtdImTuDB01yP14FBeV02KbdqJCnwpUvArJ85/JDtVZniDm9EwilWJuAMlehDqam7jZEGVJjbnM2PyTci3DOGHAtfxsYX6R6RMD43+ScVY26sLjqNWFJq0FTGqf+yqBlG3XrS0l4P985iy6wL53R+MHvwel2a4mqAW1BNMQT/pCGyBrwuAF1M4Zgz7WAyPU8xCT7dMrq0ZQtsLGgs3qeq5rRVOw61F9zlIgFq72whlQcm0YJ3gAXl+5w742/O2MMpZoixB84Ao34uwkAn3WzGNZvpD+UK0UlpnisiXSVKUxFWZZcssVWUFuFzOSxftvmJ4CWgZu7Waj1oyV6E1Emu/a+uaIhaThdtFdJFmtUQlOjRWQ3e6dGv4FOIIl3ndR,iv:cJZBim2+pQ7o+nhfsgfbWF6PlVizvcUnoc1liLKyxLw=,tag:QPlckxNJslHT5lJ0osHVgA==,type:str]
+sops:
+    age:
+        - recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvbE1nQXlwZkFBckg5RWNF
+            UFpGdVpXZG5xajFmQ0hoOGxGQVRoMlJDVXhFCjVYclNURmp1QTl6TXVsRFB6NWpm
+            L1pLcnVPT0lydUpWUTdPbkJiZVlPRDQKLS0tIENkY2JlSGRsUXdsUW9PVlNleUVG
+            OGgrQy84UmhHNVhqQkZneSt0cVdGUjAKOfsZOE3pyHdzE5c59HPJ5cw2NibWm6kK
+            bDElCvACeJ2j/zU1iVsdTJ8DNnDV3L9Y78lNobd+AVRjQ6y5AZMTzg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2a3NnNXo3dTVlcjB6TlFq
+            aGIvWG9xU1o1VVlKdUpCaFhTWm03cWROWFRjCmZkb3Npa3htS0JOeWltT0tYVkRw
+            RE5LMkVicHdsT216UVZDOW11SWtQT0EKLS0tIGFmTlhOVHhJTXhZWkpYdzU3SS9y
+            YSt4VTJoQ2IyM0JNY0JSWGdSbzI2RjgK9vOoUC/tPCI27W1Ma5GZ0qlb+hx9cWhX
+            9fxGAqyeGz6sQgdtfw5j0pGbPCASUb5E89UrFsnVdMAOIbuHX2LtAQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1gvplss0ddmyf6vpjy363wu3n057vhm0j6n7tc94cxd8kadapypws5mtaj0
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUU2Sjh0UFBKOGJiWkFu
+            MFZDQjJoc3l2eUNEeTlIMTRCQnkrVm04aXpnCjhUTTh2ZDg2V3BSYWl3RS9wSkVk
+            dSsrQythWDFPYzJJYTBuWWxTWUFXdUEKLS0tIFZqUnBnNlBNQUxoS1cvV0ZDR24w
+            SGY1K1dvTXdXemNrVE1zakJrN3FyS2cKk7KtnuffHkInCYw4t+WPPiYoBN1t2bu3
+            f/ECS1NnY06m+s3cB0TlphZoLQyKqx3zuOyAmm2i38KhkdOMFSc6IA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-03-25T03:59:38Z"
+    mac: ENC[AES256_GCM,data:6K7fXOkKbpvpvkuBR/INlAPFfvXAW2xwpdn0evB4OaF7NueZvtg9tDJVDtGAxmo78vAOLBEZX8x4h0ezuuWpkDW5LFP6N7O70h4ExlCEH01zcESgk3gjyXLu9gRTM2/7+bvlGLKq2TQYHOF4LYDhcs5/RzWgarFKYljh6m1KbSQ=,iv:Rlh1r588ymZF5BXf5S+gKLH77+kuaC19Ctvhctfu4EQ=,tag:b55Bx+dRwQPx10zdizUMeg==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.12.1