added cloudflare api token encrypted secrets

.sops.yaml

@@ -0,0 +1,7 @@
+keys:
+  - &host_key age102mctuw7xvs3fakft0mlfh740kc6rdaqqgmmwf400c4g3spefyjqrfmwct
+creation_rules:
+  - path_regex: (yaml|json)$
+    key_groups:
+      - age:
+        - *host_key

configuration.nix

@@ -1,10 +1,4 @@
-{
+{ pkgs, config, ... }: {
-  pkgs,
-  config,
-  systemSettings,
-  userSettings,
-  ...
-}: {
   config = {
     services.openssh.enable = true;
     services.avahi = { enable = true; nssmdns4 = true; };
@@ -15,7 +9,7 @@
       busybox
       git
       eza
-      vscode.fhs
+      sops
     ];
 
     security.sudo-rs = {

flake.nix

@@ -44,6 +44,7 @@
         args.home-manager.nixosModules.default
         args.sops-nix.nixosModules.sops
         args.vscode-server.nixosModules.default
+        ./configuration.nix
         ./nixosModules
         ./scripts
         ({ pkgs, systemSettings, ... }: {

nixosModules/users.nix

@@ -13,7 +13,7 @@
       "wheel"   # needed for sudo without password
       "docker"  # needed for docker without sudo
     ];
-    openssh.authorizedKeys.keyFiles = [ /root/.ssh/authorized_keys ];
+    openssh.authorizedKeys.keyFiles = [ ../secrets/authorized_keys ];
   };
 
   home-manager = {

secrets/authorized_keys

@@ -0,0 +1,3 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIaHS9CLiDc6T1tja0fBwwv5qc6iwuckWN6w8MNo5yiR8LPWyrfueowNJkL4HMqu6OEuggtdybGw1Do4sW5o+toHCyWfZf3khI1l15opPXuVpD4CWED+SpJiZ0wBgRaCaWhfxLI+s4JOhjOO2OjiClPX3HfxIHyTpRiR78lOMcIieHSnzrAV2MatYKf6lL2ckOsIPwxo/OVM+1ljjX+HLq9IxGUCpWOnF4nF1rq3gKL2JUh2KsrgrzE3NB7EFuqKm8F0tF2rG3JjSvlwox0h06drKD02lpZWXPOBRlcyFDpNXymmc2bpG0S2Bbj5g+pqNBB0jO0h3kzWvYYqrtU/ElObg1cXhyi0PFOhhptlbhbK0Ao8B+pAbSZ661nMT3jpRWLVbnJrRFnXXdjX08r5eseQ3k4CFpv+g64n7yg3IMo9f8gA9P/hOexR+qu5AQ1Ad/tvkp6pPXnR/zsUnbe4p2A9MaNJm4E1zxbs5VGlXynNikXwDL+spkrnjwdfUULTk= john@JOHN-PC
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFn5ilhqaeDsOWSk7y29se2NvxGm8djlfL3RGLokj0q6 john@john-p14s
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHh9SBuxU2dOJHnpGZAE4cwe0fXcTBBAx+JmRsmIX+Tk8zooeM32vbNxxSXiZNpBGH5wzHNb534dWexGGG3sOaONmcL7SCoPIvaAdnIn5VsiznerLrzppSbx3Qn8eyF97WAGCcOcIUNmTIDDx1m6zG762WQnoaUEy0Ul5IR7ET5GQxP3p5Qwx8yqfixKDwarvV421sUIxYt9gee31jS9jcI3MFd6EL57hWle95Z8BGpR/Q7sXDBTZQWMZauh5NPwLMZS7k3bHgxXZ7WNOw/J/yts1ckBbvIFJSRNnMuWD0oGnDTL6aivGi+Eiswp0fpKzYGzquB3/wr3VU4G1JcMM5 JuiceSSH

secrets/encrypted_secrets.yaml

@@ -0,0 +1,16 @@
+TUNNEL_TOKEN: ENC[AES256_GCM,data:vrA9MCZqVBOsSIPzVkP/87eoY4CBEiCtSRPKtXqxJrrlGmRrxvOI20m8Mrj8Y8u0apatNGGGy74L4DNAueTyvykCLEqtSrt8OG+a03wdD4m4skqWwyzULWlFYUokf0B29z62gZk3Y0ATTF6+nAczs5drKzn2CMlHpXZCzb6UwX3TGJvZLS3bGmG3EhoqdUsYi3TvA4LdN6MBQwpvW1Ga31gls+U71fHmdOrlszt6EojSv3uibRtKUA==,iv:45SDkBHa7DTohhoTI6QhP8p219EIDBiM6vozxI2uVK0=,tag:y3GGLdG9nQs6vREp6XirEw==,type:str]
+sops:
+    age:
+        - recipient: age102mctuw7xvs3fakft0mlfh740kc6rdaqqgmmwf400c4g3spefyjqrfmwct
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJSjV4NFo4eFRKck05NWpZ
+            ZmU4QlA2T3lKVzd0M1VhaHRhWXJXQ2U5OHpNCnVPaGtIYVF3MzJjek1iYUFGOFdz
+            bisrRTlOMFYxczI5VUhSWjk5c3MyUVUKLS0tIGpSOStsRTlQaUxkWlpZUUJEMVpK
+            ZnExa3NseGRrdXcrNTN4YkVSa2d6SDAKlzXHOUKAjNxY/okZJQurTpeaZUjjnyp/
+            OrvFMTxuMfK+EIIgj6WTm23ZKV4vmk0q0yboS4eXgDZTEB79tKxgyA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-05-27T05:10:38Z"
+    mac: ENC[AES256_GCM,data:N53rUCPtj2YnffCEeA83l2wiHzeAtB95WZf7IY0680NtAiVPwd8LwMRPX43GP/bt+WbuesWotXhlX+G640KZ+qrs5ziwzgSVp9d6t6N9xztveJxrFxcz/mzhR5dQiAda3FPRUSZ/umK+xyPcFMmB+AhuhU45sU4f7Hbb/lY9ug0=,iv:40oDpmeeyi4lpwyi/MABl8Tp9QwyitBWYKd3/3BXrfw=,tag:fB8RSJTn4X6rdviWj+o0aw==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2