From 455d1973f746022a1174151e1c8dca9f543b9135 Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Fri, 7 Feb 2025 17:03:52 -0500
Subject: [PATCH] working on provisioning secrets for hosts

---
 flake.lock                     |  8 ++++----
 flake.nix                      |  6 ++++--
 modules/users/crow/default.nix |  1 +
 modules/users/crow/secrets.nix | 35 ++++++++++++++++++++++++++++++++++
 4 files changed, 44 insertions(+), 6 deletions(-)
 create mode 100644 modules/users/crow/secrets.nix

diff --git a/flake.lock b/flake.lock
index 1c90203..7f7be1f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -150,11 +150,11 @@
     },
     "nix-secrets": {
       "locked": {
-        "lastModified": 1738963104,
-        "narHash": "sha256-bdSb4LkBr7RKFvnnBzc7ORSD63ZFwH+BvwxbipAvOMw=",
+        "lastModified": 1738965110,
+        "narHash": "sha256-5fym44pj7haqIOfoTMjrZQnwhgNfvK7dNwu6e6sK2mk=",
         "ref": "refs/heads/master",
-        "rev": "f0f2b3488781a6428629aadb4d56644301dd5862",
-        "revCount": 34,
+        "rev": "ed1492e5a7b6c66c5e03f7c465914d44cb736abc",
+        "revCount": 36,
         "type": "git",
         "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets"
       },
diff --git a/flake.nix b/flake.nix
index 90efde6..87e50d4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,8 +3,10 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    home-manager.url = "github:nix-community/home-manager";
-    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     nvix.url = "github:TheWanderingCrow/nvix";
     sops-nix.url = "github:Mic92/sops-nix";
     nix-secrets.url = "git+ssh://git@github.com/TheWanderingCrow/nix-secrets";
diff --git a/modules/users/crow/default.nix b/modules/users/crow/default.nix
index bc8c704..e340d8c 100644
--- a/modules/users/crow/default.nix
+++ b/modules/users/crow/default.nix
@@ -5,5 +5,6 @@
 }: {
   imports = [
     ./user.nix
+    ./secrets.nix
   ];
 }
diff --git a/modules/users/crow/secrets.nix b/modules/users/crow/secrets.nix
new file mode 100644
index 0000000..5b07330
--- /dev/null
+++ b/modules/users/crow/secrets.nix
@@ -0,0 +1,35 @@
+{
+  lib,
+  inputs,
+  config,
+  ...
+}:
+lib.mkIf config.user.crow.enable {
+  sops = {
+    defaultSopsFile = inputs.nix-secrets.secrets.parzival;
+    age.keyFile = "/var/lib/sops-nix/key.txt";
+    age.generateKey = true;
+  };
+
+  #######
+  # AWS #
+  #######
+
+  sops.secrets."aws/wce/access_key" = {};
+  sops.secrets."aws/wce/secret_key" = {};
+  sops.secrets."aws/work/access_key" = {};
+  sops.secrets."aws/work/secret_key" = {};
+
+  sops.templates."aws_shared_config" = {
+    owner = config.users.users.crow.name;
+    content = ''
+      [default]
+      aws_access_key_id=${config.sops.placeholder."aws/work/access_key"}
+      aws_secret_access_key=${config.sops.placeholder."aws/work/secret_key"}
+
+      [wce]
+      aws_access_key_id=${config.sops.placeholder."aws/wce/access_key"}
+      aws_secret_access_key=${config.sops.placeholder."aws/wce/secret_key"}
+    '';
+  };
+}