From 4f3976a979a7f67e9c0232632925f9cd87c920c1 Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Sat, 14 Mar 2026 11:41:44 -0500
Subject: [PATCH] fixed sops-nix on host system

---
 .sops.yaml                 |  3 ++-
 keys/secrets.yaml          | 32 ++++++++++++++++----------------
 keys/work                  |  0
 modules/hosts/test-nix.nix | 22 ++++++++++++++++++----
 4 files changed, 36 insertions(+), 21 deletions(-)
 delete mode 100644 keys/work

diff --git a/.sops.yaml b/.sops.yaml
index 0aaac2a..445e484 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,7 +1,7 @@
 keys:
   - &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
   - &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
-  - &test-nix age1zru07t0jmfaqx2pnrvwahc70ujwxl2nhcscf90yfvdnd2thnwcwqn0ecqp
+  - &test-nix age1gvplss0ddmyf6vpjy363wu3n057vhm0j6n7tc94cxd8kadapypws5mtaj0
 creation_rules:
   - path_regex: \.yaml$
     key_groups:
@@ -14,3 +14,4 @@ creation_rules:
     - age:
       - *john-p14s
       - *john-pc
+      - *test-nix
diff --git a/keys/secrets.yaml b/keys/secrets.yaml
index ffb8310..749cb06 100644
--- a/keys/secrets.yaml
+++ b/keys/secrets.yaml
@@ -9,29 +9,29 @@ sops:
         - recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOQW5WSFBreEZMVUl1WTUv
-            Q01BWDlMNkJjMUtLaHhBTUxWL01ia2J6K0Y4Cld4amtlTlFXQSt1TnhPNnR6c1Jm
-            YlRFVExtd3B3ZkxMelJWTzE0V2ZjOEEKLS0tIHlrTi9jS2ZsSXduNlI4RXBmVjc1
-            ZVhlZkJhV1VkRkRtNXA5UGFUa2g2bjQKAsnOhicHwkTba8+uTunL6s3Kb2w6K40y
-            YxWarndl4EQ0g98cPMB5qoG/+FIbZKUg2IoQId+jLye/8iKBE1zd6g==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UEpja2kxdThZVWZhOGVP
+            S0NtSi84MjhnN0RORkh2NjZ4YlYvWS9kZDBNClFzYnVxWnhmQkpCRkRFVUx1RDdX
+            ZHFqYXRqYXM0cWJzcU5EeEtSR1BUVzAKLS0tIDdEY2pnVTJqWlNZVkZldXVYVmFH
+            dVNBRUVodU5sRnpVcG1GZ1RiZzhjTXMKefqBvvD/qZwcSHmFjUnleukVRLueG36Y
+            Q81KlwQweF2F8kHl7Bqsi+3hH1dZZbVm3vjuGpWFOoti7fowUV55Kw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4alRPTE8rUUJqMFFtbUs0
-            a3BXeXdiQTIzUERJb2FRUVF5SjhCOUVWbEZJCjhpalNhTnM4TGRCb2NUVW1FT1pQ
-            ZEJGRldiaGpLaUZDd09sSlQ1aHFGN0UKLS0tIDNBUHpyc2EwWmxvSFRhSTlVdGw3
-            ZTkzYmEyRVRoM1d3OGtCL0s3YUJIMFUK33cTycXX/jEFMJkEqcG9L7N80b9jwABO
-            JZw7+rwndm3JDzFsOanasuv2KPkYhU8puDS9Qo/Q51I+CAYcGl07DA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZFZxbDhVUWFEUGhPMlZI
+            SFdBYkpxSnAxTUZXbjVwQnlZQ3l1SWtuZGg0CmVBdnVHbTNUcmwvK01iMnZKZTJh
+            ajFla3kzYUl4ZWY3czA0WUdNM2lpVFUKLS0tIHo5Uk1pV296MXdnUTZGQ25haWZG
+            QWZDWGRaRDBhY1ZkZk5oTHY0ZVV2RXMKanv+WWRhf5nl+aw/T6QZFVQQmhV1DZfB
+            jkSzOAKOgPx7toYFmpq9E8fAH+zrMzDbxI2z2uyrOFI6v+QE0Ul/iQ==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1zru07t0jmfaqx2pnrvwahc70ujwxl2nhcscf90yfvdnd2thnwcwqn0ecqp
+        - recipient: age1gvplss0ddmyf6vpjy363wu3n057vhm0j6n7tc94cxd8kadapypws5mtaj0
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNmxpVXBITENjSU43ZEtz
-            K0xPcmlQNThCMjlkVWZqODBlZmhLSTNLcmowCmJCNGsraTNWQ1pNd0FCOTRYbk1C
-            by92OWgyN0ZFaEcyc1VMa3lTTm5GODAKLS0tIHovV0ZZakl3MFU4QXo0eFJDWHpC
-            Vk04Z3ZqS1hXOEo4ZUc1SW1OU3czYlkKx7HRRAQxFxfjPuXqz5Md3p75nK64DUs0
-            TTK4ykODj4Xe7uQCJWrDW8JT/KrKZTU0+zqUYKRijsXGRxwI4WCXUQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZcGtMNi9RSG5aTVV5cWdT
+            NittUXN0Qnpld1YvOU50OUh3Z3ZiSzhHOHdNCnc4TmdYbS9QQnBLbldHSytIdkJl
+            R0psQWxkZTgyZTRzckkrTGpyNCsvR2sKLS0tIEdLb05aT2I2S3BKcFRrVmtvTGw5
+            Z1orRCtkTDVXSktuck5pTmV4K05qZHMKZlHHu07q+GnyDDgdwW2Ic3P23PmoSPwn
+            WuNLZdlZQleROaRb+zpD+9P1HGGJ3mWAlNlnmjGrRk453k1PbBQ5Og==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2026-03-12T19:06:28Z"
     mac: ENC[AES256_GCM,data:lwBo9tL4AoJ1sllLM+HTgMdPlDKA4ebCo8c/z75H6TRthqR7HiVZRwxOAg423GU3IWp688qz96goouZtz0sD2PrGesCRYgTO2pWAk34vr1FlcVGbuFG+xUkwnroIs82ctsCohSw7GQuGwKp6vVK3cIV2t8VmKnFnqc0TbAQ6EMg=,iv:uO1Er43XMK/YVrBgUWBKGVgU5LWlms2uxZa7l0G9E8c=,tag:Y8WURiHVkRP93kPdVInH0w==,type:str]
diff --git a/keys/work b/keys/work
deleted file mode 100644
index e69de29..0000000
diff --git a/modules/hosts/test-nix.nix b/modules/hosts/test-nix.nix
index c194b0d..2421a65 100644
--- a/modules/hosts/test-nix.nix
+++ b/modules/hosts/test-nix.nix
@@ -12,10 +12,24 @@ in
       settings.PasswordAuthentication = false;
       settings.KbdInteractiveAuthentication = false;
     };
-  }; 
+
+    imports = with inputs.sops-nix.nixosModules; [
+      sops
+    ];
+
+    sops.defaultSopsFile = ../../keys/secrets.yaml;
+    sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    # sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+    sops.secrets."test-nix/ssh_host_key" = {
+      owner = "john";
+      path = "/home/john/.ssh/host_key";
+    };
+  };
 
   flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem {
     modules = with inputs.self.modules; [
+      nixos."${hostname}"
+      nixos.lxc
       inputs.home-manager.nixosModules.home-manager
       nixos."${username}"
       nixos.zsh
@@ -23,9 +37,9 @@ in
       nixos.step-client
       {
         home-manager.users."${username}" = {
-          # imports = with inputs.self.modules.homeManager; [
-          #   step-client
-          # ];
+          imports = with inputs.self.modules.homeManager; [
+            sops
+          ];
           shell.program = "zsh";
           docker.enable = true;
           ssh.matchSets = {