🔒️ Manage GPG key using sops

.sops.yaml

@@ -1,6 +1,6 @@
 keys:
   - &user_mahtaran age1k9lqlzmpumn2x5ravmyrtnu44nhwzqanu8s0wv57amccvtlsud0qc2wenc
-  - &host_feanor age1m3fvful26zmrymxpv69ms2jj7cr4yksk65s2yg54sn5ehr9gp52s64tzcz
+  - &host_feanor age100vsh92w94np56zyf7umay3pv39593rjldy5mxvluslla0c9ufvq55cppt
 creation_rules:
   - path_regex: secret/user/mahtaran/[^/]+\.yaml$
     key_groups:

flake.nix

@@ -42,11 +42,13 @@
 
   outputs = inputs @ {...}:
     let
+      onInstallMedia = builtins.pathExists /home/nixos;
       mkSystem = { entry, arch, extraModules, users, ... }:
         inputs.nixpkgs.lib.nixosSystem {
           system = arch;
           specialArgs = {
             inherit inputs;
+            inherit onInstallMedia;
           };
 
           modules = [
@@ -62,10 +64,14 @@
               home-manager = {
                 extraSpecialArgs = {
                   inherit inputs;
+                  inherit onInstallMedia;
                 };
                 useGlobalPkgs = true;
                 useUserPackages = true;
-                sharedModules = [inputs.nur.hmModules.nur];
+                sharedModules = [
+                  inputs.sops-nix.homeManagerModules.sops
+                  inputs.nur.hmModules.nur
+                ];
 
                 users = users;
               };

host/feanor/default.nix

@@ -3,11 +3,9 @@
   lib,
   pkgs,
   inputs,
+  onInstallMedia,
   ...
-}: 
-let
-  onInstallMedia = builtins.pathExists /home/nixos;
-in {
+}: {
   imports = [
     ./hardware.nix
 
@@ -138,6 +136,10 @@ in {
         "Music"
         "Pictures"
         "Videos"
+        {
+          directory = ".config/sops/age";
+          mode = "u=rwx,g=,o=";
+        }
         {
           directory = ".gnupg";
           mode = "u=rwx,g=,o=";
@@ -306,7 +308,7 @@ in {
   };
 
   # List services that you want to enable:
-
+  
   # Enable the OpenSSH daemon.
   services.openssh = {
     enable = true;