From 85478b2f6cf82256ed4950d6cec89215565c64b4 Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Tue, 3 Feb 2026 11:24:31 -0500
Subject: [PATCH] HandlerOne updates

---
 flake.lock                                 | 8 ++++----
 modules/services/auth-provider/default.nix | 7 +++++++
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/flake.lock b/flake.lock
index f69c9ec..dd08936 100644
--- a/flake.lock
+++ b/flake.lock
@@ -311,11 +311,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770051012,
-        "narHash": "sha256-ySNBSDAO/9AFdQfIJLV7eJsHM9CefkKbPObVgNVBiIk=",
+        "lastModified": 1770136482,
+        "narHash": "sha256-fb/Ss7A4bJ1qUMJqZS4H0+0glhat3XfOA+d79R74yvk=",
         "ref": "refs/heads/prod",
-        "rev": "d990703c0decfa6d3b14b4bd07eec705ecab5755",
-        "revCount": 188,
+        "rev": "c49388b85342d81286c80459ab699d892301e10d",
+        "revCount": 189,
         "type": "git",
         "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets"
       },
diff --git a/modules/services/auth-provider/default.nix b/modules/services/auth-provider/default.nix
index 523108a..118e913 100644
--- a/modules/services/auth-provider/default.nix
+++ b/modules/services/auth-provider/default.nix
@@ -8,6 +8,10 @@ let
   sopsFolder = builtins.toString inputs.nix-secrets + "/sops";
 in
 {
+  sops.secrets."pocket-id/encryption_key" = {
+    sopsFile = "${sopsFolder}/services.yaml";
+  };
+
   disabledModules = [
     "${inputs.nixpkgs}/nixos/modules/services/security/pocket-id.nix"
   ];
@@ -30,5 +34,8 @@ in
       APP_URL = "https://auth.wanderingcrow.net";
       TRUST_PROXY = true;
     };
+    credentials = {
+      ENCRYPTION_KEY = config.sops.secrets."pocket-id/encryption_key".path;
+    };
   };
 }