Update sops config

modules/nixos/sops/default.nix

@@ -24,23 +24,34 @@ let
   cfg = config.modules.sops;
 in
 {
-  imports = [ inputs.sops-nix.nixosModules.sops ];
-
   options.modules.sops = { };
 
   config = {
-    #sops.defaultSopsFile = ../../../secrets/secrets.yaml;
-    #sops.defaultSopsFormat = "yaml";
-    #sops.age.keyFile = "/home/julian/.config/sops/age/keys.txt";
+    sops.defaultSopsFile = ../../../secrets/secrets.yaml;
+    sops.defaultSopsFormat = "yaml";
+
+    # Automatically generate age key from ssh key
+    sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    # This is using an age key that is expected to already be in the filesystem
+    sops.age.keyFile = "/home/julian/.config/sops/age/keys.txt";
+    # Generate key if none of the above worked. With this, building will still work, just without secrets
+    sops.age.generateKey = true;
 
     # List of defined secrets
-    #sops.secrets."aspi/password" = {
-    #  neededForUsers = true;
-    #};
+    # They all become files linked inside the "/run/secrets/" directory
+    sops.secrets."wifi/pianonix" = { };
+
+    sops.secrets."password/aspi" = {
+      neededForUsers = true; # necessary for setting password
+    };
+    sops.secrets."password/pianonix" = {
+      neededForUsers = true; # necessary for setting password
+    };
+
+    sops.secrets."syncthing/pianonix/key" = { };
+    sops.secrets."syncthing/pianonix/cert" = { };
+    sops.secrets."syncthing/public-keys/aspi-nix" = { };
+    sops.secrets."syncthing/public-keys/pianonix" = { };
 
-    # sops.secrets."aspi/syncthing/key" = {
-    #   neededForUsers = true;
-    # };
-    # sops.secrets."ngrok/terraria" = { };
   };
 }