started soteria-specific secrets

modules/hosts/soteria/secrets.yaml

@@ -0,0 +1,26 @@
+janus:
+    admin_password: ENC[AES256_GCM,data:4pnSq0f1iTNFWn/Qcw+J7LWIXXd/j5v3WwFSzXfqgKA=,iv:/usSHYST8zv7AMvDNuW/fFLL+40IrderjL6bUWzBNd4=,tag:V/q1+SjIcYsZ0+PC/Q7c1A==,type:str]
+sops:
+    age:
+        - recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0V1JsVDhnMHpaNHRQRCtw
+            V3JMQm1SREZSYUpaYmZNQ1FEVmN0VFZRSlQ0Ck9wQlpqZFBrRUJENWVBbTd5cVVo
+            ZlhYZnhGamk1ZlQ0N001ZWcrQ1Evb3cKLS0tIHpuTWhRTU1QeWFRUytiU21CMW94
+            eFc0ankvcWhqK3Q4MjRCVC9nTlJteU0K1tJvYM2M1XmlsCTpadHyf6EGE2Lg+XBL
+            TGTjMPSWqClWYB9HFZ4nCurEK/JidBanmGkc0Y9eFz9XYKl7rtyXUw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1h0prahyukq4l564yqwgcpg3g6gdrjflk0suklussjjrjstxd9uesws8633
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRzFlWTNxSGpaNU85QTFj
+            SnlRZkpZQTZQVjNqWFhLMHhKVm5ZVXB4Rms0CmZQclFzYkpWLzlqT2xNUTJMd2dJ
+            Wm5PQXNabjRwV1hVRXFGVmxteGk2emMKLS0tIG5kcm5KamxNZmpKVGt5bUo1dVg5
+            dFN2RGdqM29mM3hadXpBakY4QThxZnMKI9RbfXJHIHvYHy/2corfwDq+OHRPrmkA
+            tWLH/KWqwGt0hvc5j8bUfRECgjdXmbC9kpAgDs8PhJF+X1ijVFrIYg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-03-23T22:27:45Z"
+    mac: ENC[AES256_GCM,data:tQ8EMXWqw7wd/QZqUPn/sAczk0G4jSUR96AF83cmJGYuoZkMkOzsMFt448IkWxNWOJHPmIc0vs+c3ngQxHyx6Uf9jVWzMkvfdzMYj82QuLsmXQ9e4/IAE9h+52uagbwgoOJwPCF+AQetSHez/jWPPIQPN5DLfz0edg4xYReX7DA=,iv:GsvotFkehIz5L4I9j0oQ89oM5XjZQAr6vrVd79tqFes=,tag:wLi4sXz8JqvaoUaYjEj/vA==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.12.1

modules/hosts/soteria/soteria.nix

@@ -27,6 +27,10 @@ in
           hostname = hostname;
           caURL = caURL;
         };
+        sops.defaultSopsFile = ./secrets.yaml;
+        sops.secrets."janus/admin_password" = {
+          owner = "${hostname}";
+        };
         # mtls = {
         #   enable = true;
         #   subject = hostname;
@@ -61,33 +65,34 @@ in
         # };
 
         home-manager.users."${username}" = {
-          imports = with inputs.self.modules.homeManager; [
-            sops
-            step-ssh-user
+          imports = with inputs.self.modules; [
+            homeManager.sops
+            homeManager.step-ssh-user
+            homeManager"${hostname}"
           ];
-          shell.program = "zsh";
         };
       }
     ];
   };
 
+  flake.modules.homeManager."${hostname}" = { config, ... }: {
+    imports = with inputs.self.modules.homeManager; [
+      rebuild
+      sops
+      mtls
+    ];
+
+    homeManagerFlakeDir = "${config.xdg.configHome}/home-manager";
+    home.username = "${username}";
+    home.homeDirectory = "/home/${username}";
+    shell.program = "zsh";
+  };
+
   flake.homeConfigurations."${hostname}" = inputs.home-manager.lib.homeManagerConfiguration {
     pkgs = import inputs.nixpkgs { system = "x86_64-linux"; };
     modules = with inputs.self.modules; [
       homeManager."${username}"
-      {
-        imports = with inputs.self.modules.homeManager; [
-          rebuild
-          # sops
-          # step-ssh-user
-          # mtls
-          # restic
-        ];
-
-        home.username = "${username}";
-        home.homeDirectory = "/home/${username}";
-        shell.program = "zsh";
-      }
+      homeManager."${hostname}"
     ];
   };
 }