test iso

modules/features/remoteBuilds.nix

@@ -1,6 +1,6 @@
 { inputs, ... }: {
 
-    flake.nixosModules.remoteBuilds = { config, lib, ... }: {
+    flake.nixosModules.sops = { config, lib, ... }: {
 
         imports = [
             inputs.sops-nix.nixosModules.sops
@@ -23,9 +23,9 @@
                     sshKey = config.sops.secrets."remoteBuildKey".path;
                     supportedFeatures = [
                         "nixos-test"
-                            "benchmark"
-                            "big-parallel"
-                            "kvm"
+                        "benchmark"
+                        "big-parallel"
+                        "kvm"
                     ];
                     systems = [ "x86_64-linux" "aarch64-linux" ];
                 }
@@ -55,11 +55,6 @@
                 path = "/etc/ssh/authorized_keys.d/remote-builder";
                 owner = "remote-builder";
             };
-
-            sops = {
-                age.keyFile = "/var/lib/sops/age/keys.txt";
-                defaultSopsFormat = "yaml";
-            };
         };
     };
 }

modules/features/sops.nix

@@ -0,0 +1,21 @@
+{ inputs, ... }: {
+
+    flake.nixosModules.sops = { config, lib, ... }: {
+
+        imports = [
+            inputs.sops-nix.nixosModules.sops
+        ];
+
+        config = {
+
+            sops = {
+                age = {
+                    keyFile = "/var/lib/sops/age/keys.txt";
+                    generateKey = true;
+                };
+
+                defaultSopsFormat = "yaml";
+            };
+        };
+    };
+}

modules/users/nathan/home-manager/.sops.yaml

@@ -1,11 +0,0 @@
-keys:
-  - &homebox age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
-  - &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
-  - &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
-creation_rules:
-  - path_regex: ^secrets.yaml$
-    key_groups:
-    - age:
-      - *laptop
-      - *homebox
-      - *android

modules/users/nathan/home-manager/default.nix

@@ -1,11 +1,8 @@
-{ self, inputs, ... }: {
+{ self, ... }: {
 
     flake.homeModules.nathan = { config, lib, pkgs, ... }: {
 
         imports = with self.homeModules; [
-            inputs.sops-nix.homeManagerModules.sops
-
-
             nathan-terminal
             nathan-mpd
             nathan-nh
@@ -41,35 +38,8 @@
                 iconTheme.name = "rose-pine-moon";
             };
 
-            sops = {
-                age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
-                defaultSopsFile = ./secrets.yaml;
-                defaultSopsFormat = "yaml";
-
-#secrets."remoteBuildKey" = {};
-            };
-
             services.mpris-proxy.enable = true;
 
-            programs.ssh = {
-                enable = true;
-
-                matchBlocks = {
-                    "builder" = {
-                        hostname = "esotericbytes.com";
-                        user = "remote-builder";
-                        identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
-                        port = 22;
-                    };
-
-                    "remote" = {
-                        hostname = "esotericbytes.com";
-                        user = "nathan";
-                        identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
-                        port = 22;
-                    };
-                };
-            };
         };
     };
 }

modules/users/nathan/home-manager/features/git.nix

@@ -4,26 +4,9 @@
 
         config = {
 
-            sops = {
-                secrets = {
-                    "git/username" = {};
-                    "git/email" = {};
-                };
-
-                templates.gitconfig.content = ''
-                    [user]
-                    name = "${config.sops.placeholder."git/username"}"
-                    email = "${config.sops.placeholder."git/email"}"
-                '';
-            };
-
             programs.git = {
                 enable = true;
 
-                includes = [
-                { path = "${config.sops.templates.gitconfig.path}"; }
-                ];
-
                 settings = {
                     init = {
                         defaultBranch = "master";
@@ -38,6 +21,11 @@
                             ];
                         };
                     };
+
+                    user = {
+                        name = "Nathan";
+                        email = "nathanblunkall5@gmail.com";
+                    };
                 };
             };
         };

modules/users/nathan/home-manager/features/sops.nix

@@ -0,0 +1,23 @@
+{ inputs, ... }: {
+
+    flake.homeModules.nathan-sops = { config, lib, pkgs, ... }: {
+
+        imports = [
+            inputs.sops-nix.homeManagerModules.sops
+        ];
+
+        config = {
+
+            sops = {
+                age = {
+                    keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
+                    generateKey = true;
+                };
+                
+                defaultSopsFormat = "yaml";
+
+#secrets."remoteBuildKey" = {};
+            };
+        };
+    };
+}

modules/users/nathan/home-manager/features/ssh.nix

@@ -1,27 +1,41 @@
 { ... }: {
 
-    flake.homeModules.nathan-terminal = { ... }: {
+    flake.homeModules.nathan-terminal = { config, ... }: {
 
         programs.ssh = {
-
             enable = true;
 
-# defaults as of 25.11
-            matchBlocks."*" = {
-                forwardAgent = false;
-                addKeysToAgent = "no";
-                compression = false;
-                serverAliveInterval = 0;
-                serverAliveCountMax = 3;
-                hashKnownHosts = false;
-                userKnownHostsFile = "~/.ssh/known_hosts";
-                controlMaster = "no";
-                controlPath = "~/.ssh/master-%r@%n:%p";
-                controlPersist = "no";
-            };
             enableDefaultConfig = false;
 
+            matchBlocks = {
 
+                "*" = {
+                    forwardAgent = false;
+                    addKeysToAgent = "no";
+                    compression = false;
+                    serverAliveInterval = 0;
+                    serverAliveCountMax = 3;
+                    hashKnownHosts = false;
+                    userKnownHostsFile = "~/.ssh/known_hosts";
+                    controlMaster = "no";
+                    controlPath = "~/.ssh/master-%r@%n:%p";
+                    controlPersist = "no";
+                };
+
+                "builder" = {
+                    hostname = "esotericbytes.com";
+                    user = "remote-builder";
+                    identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
+                    port = 22;
+                };
+
+                "remote" = {
+                    hostname = "esotericbytes.com";
+                    user = "nathan";
+                    identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
+                    port = 22;
+                };
+            };
         };
     };
 }

modules/users/nathan/home-manager/secrets.yaml

@@ -1,36 +0,0 @@
-git:
-    username: ENC[AES256_GCM,data:418z4cCK,iv:tgPmynsW8fEJs6n+OGfm6IypOjNNhVdVaqFImeKXpC4=,tag:V5zI47vb9FnSO/OWurbJ+A==,type:str]
-    email: ENC[AES256_GCM,data:xp6HlIO1pTgvrXpGAOQwl0UvcnY4zrLrmw==,iv:LzGkluWeSe8MQqPXQMnNOv062UY+BkQE1fGjGqd/nCg=,tag:Y9nwo+Hjcg4ea2GxGKWApA==,type:str]
-sops:
-    age:
-        - recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMktJdFhxRjhaT0MyZ0N3
-            YVBMYlNkRnl1eU8zajZLWXRPajZzWDBGQWxVCkhMcEdsNlVKQ1VHR2hjZWdsR1gx
-            MkhCeVZGUDJwdkdDTiswRW40QjRRYWMKLS0tIENIN2pheisyR21YZkIzblVZZ1cw
-            bHpLWEdPdUc4d2ZSS1FjUDM0QWRQUWsKqvlH0oWHH/PhMDTYT5KhCTzaEffsf1jM
-            r0o60YUCe6pUFs0qPvOxEPM3bq+7MkUpH4eXVAw3tCov3nUkmwlVZg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5K3ovcmpPck1reGVPQ0lm
-            YTYvNGtaSk4vLzlYSW0rSkpHcjZWUnBMS2dBCmt3RU1PMkJ1VU5wNUc1NC9lbGFk
-            cjl6cXp6M292enFHckkyamwwaDRia2MKLS0tIGRUTzFGdDZFaS9LdkRjMW56U25B
-            emRDTncvNnlycHF3V2VJN3NlZTNVSjgK8RUx9qImdqjHBHisnwY+qRZ9vuafl3MN
-            jnJsIsKSdF51dWYskEMVnPYwn9HdOKkAh6amwSITcw3ZCcK7ftfT+g==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWXVTSVQvNEhsMkQ2QkRl
-            SlZLTWN2eUdMa3MwdTBHZE8vdENKTTRKYVF3Ck01N2VNQUJPeHBwVHZTNWYzbXR5
-            ZS9hUDQydy9nQnR0SVpiUHV6ejhPb0EKLS0tIEZKeXV5QnpZYzBCVDR3WjVSV2Vv
-            TmJkL3VUbTRLNGNISGhFaGpmaXJ1cDAKpiZ8Nfml0KFq46JRg+394BCyZmnpE4XC
-            zqxRrNlGH/EDp00q5/jN84vQA+bOhGHcScQpvRCDKMXehQn3H4jksw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-16T16:08:48Z"
-    mac: ENC[AES256_GCM,data:3/ztJNXhOIPqgQ47QxjM5KTeAJwXPpUuVtvI5/xJsMOOZhXYRt+uhL584F98rJiMHhnbsuGIZi+jGlYRiE6c+GJ9X7TKLj9yRqKvCMSCdWHGzY721GH5kMPcjD2YDYZ4tt+olIMePNJBPjC1XJgfhfOvs43o2HyDTCS95cEQzB4=,iv:qofZBAwxbTrc/hPyuSi8nxibJ0bGhoytZpUTZwwzbuI=,tag:z1SJXutJmlJ+j6RnV4u29Q==,type:str]
-    unencrypted_suffix: _unencrypted
-    version: 3.10.2

modules/users/nathan/nathan.nix

@@ -7,22 +7,15 @@
         useWith = x: y: (lib.mkIf (builtins.any (z: z == config.networking.hostName) x) y);
     in {
         
-        imports = [
-            inputs.sops-nix.nixosModules.sops
-        ];
-
         config = {
 
-            sops.secrets."nathan/pass" = {
-                neededForUsers = true;
-                sopsFile = ./secrets.yaml;
-            };
-
             users.users.nathan = {
                 shell = pkgs.zsh;
                 name = lib.mkDefault "nathan";
                 isNormalUser = lib.mkDefault true;
-                hashedPasswordFile = lib.mkDefault config.sops.secrets."nathan/pass".path;
+                hashedPassword = lib.mkIf 
+                    (config.users.users.nathan.hashedPasswordFile == null) 
+                    "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
                 extraGroups = [ "networkmanager" "docker" "libvirtd" "wheel" ];
                 openssh.authorizedKeys.keys = lib.mkMerge [
                     (useWith (homebox ++ iso) [
@@ -52,6 +45,7 @@
                 (useWith (laptop ++ iso) nathan-kitty)
                 (useWith (laptop ++ iso) nathan-scripts)
                 (useWith (laptop ++ iso) nathan-pywal)
+                (useWith (laptop ++ homebox) nathan-sops)
                 
                 (useWith laptop {
                     wayland.windowManager.hyprland.extraConfig = ''
@@ -64,9 +58,17 @@
         };
     };
 
-    flake.homeModules.nathan-standalone = { lib, ... }:
+    flake.homeModules.nathan-sops = { ... }: {
+        imports = [
+            inputs.sops-nix.homeManagerModules.sops
+        ];
         
-    {
+        config = {
+            sops.defaultSopsFile = ./secrets.yaml;
+        };
+    };
+
+    flake.homeModules.nathan-standalone = { ... }: {
 
         config = {                    
             

modules/users/nathan/sops.nix

@@ -0,0 +1,19 @@
+{ inputs, ... }: {
+
+    flake.nixosModules.sops = { config, lib, ... }: {
+        
+        imports = [
+            inputs.sops-nix.nixosModules.sops
+        ];
+
+        config = {
+            
+            sops.secrets."nathan/pass" = {
+                neededForUsers = true;
+                sopsFile = ./secrets.yaml;
+            };
+
+            users.users.nathan.hashedPasswordFile = lib.mkDefault config.sops.secrets."nathan/pass".path;
+        };
+    };
+}