First step with sops

.sops.yaml

@@ -0,0 +1,11 @@
+keys:
+  - &macintosh age1z7ysc378s6rymamdawzav4jg5scl0ufg0lfgx7zuyh234lsnfsrqw9s0cn
+  - &newton age162v5365xrnzm9tlxy4w3e6fqds7k3h029qezvl73z6rs5skcn9hs7vml45
+  - &lisa age14shnplzdf2uatzd7wkvnquqw00zjfly3404ak5lqevajanzdw5qqedjw0y
+creation_rules:
+  - path_regex: secrets/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *macintosh
+      - *newton
+      - *lisa

base.nix

@@ -1,10 +1,15 @@
-{ config, pkgs, ... }:
+{ config, pkgs, sops-nix, ... }:
 
 {
 
-  imports = [ ./users/julien.nix ];
+  imports = [ 
+    ./users/julien.nix 
+  ];
   luj.nix.enable = true;
 
+  sops.defaultSopsFile = ./secrets/secrets.yaml;
+  sops.age.sshKeyPaths = [ "/home/julien/.ssh/id_ed25519"];
+
   time.timeZone = "Europe/Paris";
     i18n.defaultLocale = "en_US.UTF-8";
     console = {

machines/macintosh/home-julien.nix

@@ -20,12 +20,14 @@
       neomutt
       htop
       evince
+      brightnessctl
       wireguard
       mosh
       signal-desktop
       flameshot
       ctags
       ungoogled-chromium
+      networkmanagerapplet
     ];
 
 

users/julien.nix

@@ -1,10 +1,15 @@
 { config, pkgs, lib, ... }: {
 
+
+  users.mutableUsers = false;
+  sops.secrets.user-julien-password.neededForUsers = true;
+
   users.users.julien = {
     isNormalUser = true;
     home = "/home/julien";
-    extraGroups = [ "wheel" ]; 
+    extraGroups = [ "wheel" "keys"]; 
     shell = pkgs.fish;
+    passwordFile = config.sops.secrets.user-julien-password.path;
     openssh.authorizedKeys.keyFiles = [
       (pkgs.fetchurl {
         url = "https://github.com/JulienMalka.keys";
@@ -13,5 +18,5 @@
     ];
   };
 
-  nix.allowedUsers = [ "julien" ];
+  nix.allowedUsers = [ "lol" "julien" ];
 }