added uv

.sops.yaml

@@ -0,0 +1,9 @@
+keys:
+  - &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
+  - &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
+creation_rules:
+  - path_regex: secrets.yaml$
+    key_groups:
+    - age:
+      - *john-p14s
+      - *john-pc

flake.nix

@@ -12,6 +12,10 @@
       url = "github:nix-community/nixGL";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = { self, nixpkgs, ... }@inputs:
@@ -30,7 +34,7 @@
       };
 
       mkhomeManagerModules = config: [
-        self.homeManagerModules.default
+        (self.homeManagerModules.default inputs)
         # { inherit (config) extraImports; }
         {
           user = config.user;
@@ -48,7 +52,9 @@
     {
       lib = { inherit mkhomeManagerModules; };
 
-      homeManagerModules.default = { ... }: { imports = [ ./homeManagerModules ]; };
+      homeManagerModules.default = inputs: { 
+        imports = [ ./homeManagerModules ]; 
+      };
 
       nixosModules.default = { config, ... }: {
         imports = [

homeManagerModules/default.nix

@@ -6,6 +6,7 @@
     ./ghostty.nix
     ./git.nix
     ./shell.nix
+    ./sops.nix
     ./ssh.nix
     ./vscode.nix
 
@@ -52,7 +53,7 @@
     lazygit
     btop
     yazi
-    sops
+    uv
     (writeShellScriptBin "nhmu" ''
       nix flake update --flake ~/.config/home-manager
       nix run home-manager -- switch --flake ~/.config/home-manager --impure

homeManagerModules/sops.nix

@@ -0,0 +1,24 @@
+{ inputs, config, pkgs, lib, ... }:
+let
+  sopsConfigPath = "${config.home.homeDirectory}/.config/home-manager/jsl-home/.sops.yaml";
+  sopsSecretsPath = "${config.home.homeDirectory}/.config/home-manager/jsl-home/keys/secrets.yaml";
+in
+{
+  imports = [
+    inputs.sops-nix.homeManagerModules.sops
+  ];
+  sops = {
+    # It's also possible to use a ssh key, but only when it has no password:
+    age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
+    defaultSopsFile = ../keys/secrets.yaml;
+    defaultSopsFormat = "yaml";
+  };
+  home.packages = with pkgs; [
+    (writeShellScriptBin "edit-secrets" ''
+      sops --config ${sopsConfigPath} ${sopsSecretsPath}
+    '')
+    sops
+    age
+  ];
+  programs.zsh.shellAliases.sops = lib.mkIf config.enableShell "sops --config ${sopsConfigPath}";
+}

keys/secrets.yaml

@@ -0,0 +1,34 @@
+hello: ENC[AES256_GCM,data:4uC3/Tig8jP77fzue3w/gevs7yj61h3hF8bEMLPBlJakpna3G8DVAFOlyqEjOg==,iv:3LCkLVdAdMdo9cD/1usIYu/akZ5anpMlqciHrVcwOLU=,tag:sOSoPPxoippFJAusbtIuVQ==,type:str]
+example_key: ENC[AES256_GCM,data:cLLYEiJbKg60ANK/h+kG,iv:1yrJt5JhbDP/9/Wb2l93fjwQF1hxERnxjPZ6qF4S/Bw=,tag:wbboaGylFJRSj4/TB+RCZg==,type:str]
+#ENC[AES256_GCM,data:c0Ay18GCW/gowNHmF67TMg==,iv:T+FN8xaVilVSETMQztl6lmpLqnGiyrXhJvWsO+dBdd0=,tag:1D6TkngB116dOeCAX85djg==,type:comment]
+example_array:
+    - ENC[AES256_GCM,data:yUJ7p5VfyQUANjbuz48=,iv:XTGb97tMV3mkPwNyKetSflLLlE31g9UgMPcelMPpNZ0=,tag:j5muB72Ogc/gtenvsWvpbQ==,type:str]
+    - ENC[AES256_GCM,data:8eQ2clCNBxPfdycPMOo=,iv:C9iT+wJH9ENJShNYo3IGceRwHyrlU6LUE7jpc+72KOw=,tag:YTbZqYJVMUoTRqD2ujTOvg==,type:str]
+example_number: ENC[AES256_GCM,data:LhABh/RtBsdKAg==,iv:JGYFnixDNZUIRKJcuaenvO8D60T+Jvx/R7SWxbIPXsM=,tag:+1b/aj3x1yfQZ2j4OM5dcg==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:pGnelw==,iv:KAayJZ8px4Qupv0NfapSQ6valrVKndEtCb3U4MTmK/U=,tag:lkl+zBgkEMbFQjNssxYQjg==,type:bool]
+    - ENC[AES256_GCM,data:Vqqfp2w=,iv:SC1DS7G9/lHYtA6PPRbVsi/ZhyNUYvRjXxHIqCxqEPA=,tag:9hv6F1rP7xSd08KCKkuiLQ==,type:bool]
+sops:
+    age:
+        - recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWkxDSnlNT2Vua1ZXWC8r
+            SU9UMnhaVXVEVlZGL3dtYTBJSzNGbHVaSTJNCm9ZTFM3RndpRktUcWhwZk1Fc2dk
+            ZGtoWXdoOWVyK1F0YStSS3dsMkg2R28KLS0tIFkrdVFZNlVxRjhPaWdMZXl2elV3
+            TVpyTzFsNFNmd3FNU0tlMnlTOHNTQWsKfKdN4epZokF74bCNr9+jxulZJFBQM83P
+            quMhl+H85My8jAsEeC9CW7y2jdNPJkfk9gHun4ozoW8U7o6y5RLfJg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSakZRUnkraWtId2h3eUhB
+            REpkUHhYMm1MSmtFU2pvd1BpQ0xRTTlCWkZJCkxrTm1sdDBqclJ3RHR6VkllOFpo
+            ZXRtS2lsazRDS2lyRnZmT3FTTjJ6WUUKLS0tIExxNlFoeDhHQ3l5a1VvUHNRWUdw
+            Mms2UEhFSU82UWR5Z1VvU25qenJUQm8KtQeZDIfJIczm1l8ql/WmVEf8KI9dg0vw
+            9rNSjtBkEttVd21zUSOziG4513abllE8NFTkAc1z3HacuXpHTBnd5A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-07-07T06:14:57Z"
+    mac: ENC[AES256_GCM,data:gqadQL2Qp31+3ATZa0r4LDVNv8txUBoRsj3nZnBdLXkyMXKUQD9kuPOS1j+/vF5bg1d6rVdQAWl8BKlcu7UyyhO95P3G4l7hxdNBQCuNbiyb0hxrR2G7O1ZpMGuKec7+cBRkpGtVMrPmvt/7Ymh27qXiV9Gx6j812iSlORolj3w=,iv:Fg23U8c5IRWLdy2KmLHK3O+O9P1P58JF1jqzKnM4wLY=,tag:n6mBBzxQ/hjh5yREwyVGkg==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2