feat(nix): switch to sops env secrets

fish/config.fish

@@ -32,8 +32,8 @@ set -gx FISH_KUBECTL_COMPLETION_COMPLETE_CRDS 0
 #load_keys
 
 # Load env credentials
-if begin; test -f ~/.ssh/env-credentials;end
-  posix-source ~/.ssh/env-credentials
+if begin; test -f ~/.ssh/sops-env-credentials;end
+  posix-source ~/.ssh/sops-env-credentials
 end
 
 # git_prompt

nix/modules/home/security/sops/default.nix

@@ -38,11 +38,12 @@ in {
       };
 
       # Example secrets
-      # secrets = {
-      #   c11-kubeconfig = {
-      #     sopsFile = lib.snowfall.fs.get-file "secrets/mbp16@sab/default.yaml";
-      #     path = "${config.home.homeDirectory}/c11-test.yaml";
-      #   };
+      secrets = {
+        env_credentials = {
+          sopsFile = lib.snowfall.fs.get-file "secrets/sab/default.yaml";
+          path = "${config.home.homeDirectory}/.ssh/sops-env-credentials";
+        };
+      };
       #   exa_mbp16 = {
       #     sopsFile = lib.snowfall.fs.get-file "secrets/mbp16@sab/default.yaml";
       #     path = "${config.home.homeDirectory}/exa-test.yaml";

nix/secrets/sab/default.yaml

@@ -1,6 +1,7 @@
 example_key: ENC[AES256_GCM,data:db4wLhDMLwk7qrMdX24=,iv:tL8H78oNaQibOxiEBZpvVVJs58sgtApWrBdvyAEbMXs=,tag:u9/CJLZH5JvLVbXp1W5l2g==,type:str]
 nz_sab_ssh_key: ENC[AES256_GCM,data:avcGPKW3n3vI5KGYJB1jxuxMpA236L4UyXWl9JYlA4Y2cMAvqiyx4aWXKADEJIWwOvKZ5xR/kHB81MX3q2eK/pS39Y7u51QLR6VqBmCSUKfNKeakDwqANQsGza6axyJtSIqQKGVhWXw4uQjlz56KWjMM6BMaGDxfX5nb0AQBB0vVPoDwTQPuFv5IRv+hcls0vkjNrEFjSHLDjtXyHnOYxSFxuz2euLJhwe8BuSZjH8dHWd25TYnLFmC9ADt+QGjFEg2xAYUe47WS0wqVEOw5u19/X2Lep0tzyC/KOPVV4mfpnrL2XfHZMJmkqKVHFemksmGhOA6BE7tqOsazODxXjHenP/WsTBiMCCt33XFRsy8czUZx2awSkupNUQJMcXCxF8Ma93MEmWjtC+PbhwgUH46LCYr4TDjICtaDEmhPBGb+TJXVlKE7rbcjdUSJlp7ssV3n9VHt2470zVdczier1NScQWZ1QMmLOCAlieZOd+CRLYjbbVhWo6SMomavnsfCLowB46ddt16l/QgOHjWc04TpmVh/HSvF1lo=,iv:Ld8A1kf+K6hlOSawnjSw4yrYvKRB7X+nYh40Gmk4u9A=,tag:wBVb0axy58EU+RkdgqNj+Q==,type:str]
 atuin_key: ENC[AES256_GCM,data:tG7Nj9virYKiPuCnRotex2o/gW6Z0MhOPaSQ6bpehjOr40S4fmUMEjkhlb7K0D/kTO1Ktm5PgkIMnfcYgoHPVg==,iv:pNvTMM2U421tyjrZqAL7uPtGddeALPWhSYlI+XibtGs=,tag:+jFmITYcfP6SJ8ClFy5xhg==,type:str]
+env_credentials: ENC[AES256_GCM,data:x/aJwteXldpw/qnDM6CCYGoMfMQZMED9JeCvJIOT+1khIFmcVjvlIgX/rjLSZ8G21kp5wM6IhAw6jnF2xmTZiorhP1GM2IWEAyh1xFVEx6RvNKXPAYneT3vMK1V3hgoMS6GcshEsrcxuzTOMhAjgG668B4dLjY7Hw899nGoen8QDYucNyVqPEC9DbVpn4eBiaTiDKY9QQP7OLCe4v1a5WS7nuHWKGwqQtw+o1hqzf90sXFkX24Fp5Sx64wxanlkaxyA9njjWFA1BuladPE1IpzaQc3DJmd0Z2ZYMM4Hf85kskp57NyUKCUbIrR+0tFpo/cGwzgRCT1faA9SUcPG/pAh3UK70KL1GpCzty+HtdtiriDK674vULuKclldgi+xZuRwgXNKgeFDWQ8w1Z6PqAMMp27yLT7EOyVoPw+l6T3rUkxVbsXSeQXEjHMMz3G5UBcR7/osdiJ08CygnNIpi6KM1YDmEIN3IaO5+G+cAoKO4CTOCTkQa8ZOcHk6T9YzORxJaxoVIwciLFvsI/I3vjH6AvuQGiaVKDp5u5CUhkRxmbB21y8rDjeU0Wphq/eXVFWOx5960XDMxq+a3qfbGEyHSt89Nxl5fT7DhrDF+mw6mB3TBu6g+B4v+mhiFHF3p79WEzrqfa7DQaKfsUA==,iv:RWX+WKF7gkdG0dLp0+GCNSSGVyKxz6YNpAAfDzUq/o8=,tag:EVcrEb0dyz5nloG1rfftbA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -25,8 +26,8 @@ sops:
             VXRBZDl2QjhXNnFkRzVrL0JsajhkWkUKRiEBV+qHZO48XE8Ko7+7jgznaD6q9GTP
             LPNdGnNxAB5BrByfgRIq0deaU+C7M6zbqK1lj2FN/ZuNWhsYqpttKA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-02T07:39:07Z"
-    mac: ENC[AES256_GCM,data:Wz6ZaiJ/JZ9lJpfeL+/7fz7g3QMqE0BSN3dg97Ay/4TORcYXfLgd/b7S9DkOcrquROcUrTn+Bqv9k9VnBiDYsui5bqnThvLsnB55qd5SHuZDU3ByUXge1pJFv4as1QS6WQQAEZ2IY7Sp8qasEiPSSmf+DXK6o8EsZrkL0ltEWsY=,iv:fUUgIJ+rN+yEkoSJ6ZD7ONQFnWToCjvMWY9YKIP1M2E=,tag:3joTkRUOeK5s54zxIusw2Q==,type:str]
+    lastmodified: "2024-11-02T10:50:35Z"
+    mac: ENC[AES256_GCM,data:3E+kRD3JwNaz5NKGRU/Z+jLMc+6vGplzvRBEO7y/dF6wke8Tg0+049aQj+WMg50wwBW8yG+VlaBAJ2aEfLz4w6lo/EDGaA3q3nFyOTMs1M9x/WltSbBEFCZMhAVWkq1aGH760PNUqEIPHQ33byYDFHrDuSmDhRxGCnAaSDPIhdk=,iv:oz3nuXunu6uwMl8VKjL50NViQ47pLMHblVDrfhSvBcU=,tag:My7PloK0IrEvE0Mhy2ilog==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1