asdffasdfa

.sops.yml

@@ -1,8 +1,57 @@
 keys:
-  - &primary age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
+  - home:
+    - &chris age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x
+  - system:
+    - &aule age
+    - &mandos age
+    - &manwe age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
+    - &melkor age
+    - &orome age
+    - &tulkas age
+    - &varda age
+    - &yavanna age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x
 
 creation_rules:
-  - path_regex: secrets/secrets.yml$
+  #===================================================================
+  # HOSTS
+  #===================================================================
+  - path_regex: systems/x86_64-linux/aule/secrets.yaml$
+    age: *aule
+
+  - path_regex: systems/x86_64-linux/mandos/secrets.yaml$
+    age: *mandos
+
+  - path_regex: systems/x86_64-linux/manwe/secrets.yaml$
     key_groups:
-      - age:
-          - *primary
+      - age: 
+        - *manwe
+        - *yavanna
+
+  - path_regex: systems/x86_64-linux/melkor/secrets.yaml$
+    age: *melkor
+
+  - path_regex: systems/x86_64-linux/orome/secrets.yaml$
+    age: *orome
+
+  - path_regex: systems/x86_64-linux/tulkas/secrets.yaml$
+    age: *tulkas
+
+  - path_regex: systems/x86_64-linux/varda/secrets.yaml$
+    age: *varda
+
+  - path_regex: systems/x86_64-linux/yavanna/secrets.yaml$
+    age: *yavanna
+
+  #===================================================================
+  # USERS
+  #===================================================================
+  - path_regex: homes/x86_64-linux/chris@\w+/secrets.yaml$
+    age: *chris
+          
+          
+          
+          
+          
+          
+          
+          

README.md

@@ -18,4 +18,5 @@ nix build .#install-isoConfigurations.minimal
 
 - [dafitt/dotfiles](https://github.com/dafitt/dotfiles/)
 - [khaneliman/khanelinix](https://github.com/khaneliman/khanelinix)
+- [alex007sirois/nix-config](https://github.com/alex007sirois/nix-config) (justfile)
 - [hmajid2301/nixicle](https://gitlab.com/hmajid2301/nixicle) (the GOAT, he did what I am aiming for!)

_secrets/secrets.yaml

@@ -1,30 +0,0 @@
-#ENC[AES256_GCM,data:jozDiJTPaF427kVL4MDV8VOVhft52sOS9YIfj0n8WUJmQzVoiNY=,iv:8kyaDw0l82KZfYKkfKDj0wvcIkY6zas5e8puubEr1mA=,tag:LvuVGvU195BihU8TbPN1xg==,type:comment]
-example_key: ENC[AES256_GCM,data:9jefDfjJLP8Ha135Lg==,iv:9SUpjO1t65gA3LiwYN6nMj7icwInxTCQz7JsNEfQ2XA=,tag:Y8BBSLwUQem8wSXAlvnEXg==,type:str]
-#ENC[AES256_GCM,data:IU1T4k/+44s8qFnjnreDMihjQRmMd5qSTtfA/ung5/1f1JmBXGP7EwYJBFF9BSBkBqBfv24A9Ok=,iv:tHzL3pW/qsNdWGT3c+ni0uTlkBMWOu/SsraymCuAkqs=,tag:nWZgWdPNiKQ0j/t9Z/5l5g==,type:comment]
-#ENC[AES256_GCM,data:BhUTbsJB5voz4m1w8u1Y/MI8kR5lpRW8RpZO65IyGg232uNSoBLXB2QSl1GseyTC8bZHPiCF2gnttPD+76kqVlfzhhDu4EKU,iv:Ic8ZpR2QBBGhF2++S/TR/DRutkTghpMiby+yvNy0CSE=,tag:Z1JEtowycGDNWuznlkId8A==,type:comment]
-example:
-    my_subdir:
-        my_secret: ENC[AES256_GCM,data:hccfc6uU4tGT,iv:HYjmo9kAVCcXSpDKWGku3vaJVvZHzYB3l079xXw5OEQ=,tag:c2b8BSqlL1LTcDf1nSPfVA==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeHZXWkZ2andYSytmYWpR
-            ckttNVJZaWxDK2ZwME1iY2wrWFNwR0hzWUNFCjVSaWpmTHkzdHpPNjhueTQ5ZUEz
-            YW1BcnIwU1hsb2lodk1QcHJvTUdrVVUKLS0tIFNpWlBqb2pOWDVLV0FvU1FUODJB
-            dTg0QXZuSkJXV3ZRSUlKcktDNElia28KKZ62gTVpeiz1CfK7awURrPZ7zAYx9vfR
-            Ajxk0cw1gleE6EU2iIlLOWtmyZbcNk1X32a+otXijlH8fDGtoxA97Q==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-09T11:37:49Z"
-    mac: ENC[AES256_GCM,data:ZEqJc6slPb3YMR9kn/jFImjkQQIT3KyUK3qE3JMty+IAAr9GT8r+rHOwku4TOwL6YzON6L5vkUQFFKnOz9GiJuGkStc6AbML4SfOlRDsaFU4kwO+27UvDBYRqi6iHtJ2pu/uD4wELVhdbElxHvFlCjtgqBWaWmlXw3ATjkiZnik=,iv:zJNM/TqNfBO/mr8ZK/I/FfXwknyn9YpJ0eo4EpHSJvQ=,tag:G4FLx/Hwknq5hYEb8SWQLg==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.9.4
-
-zitadel:
-  masterKey: thisWillBeAnEncryptedValueInTheFuture

flake.lock

@@ -67,6 +67,26 @@
         "type": "github"
       }
     },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1753140376,
+        "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
     "erosanix": {
       "inputs": {
         "flake-compat": "flake-compat",
@@ -94,11 +114,11 @@
         "rust-analyzer-src": "rust-analyzer-src"
       },
       "locked": {
-        "lastModified": 1753944209,
-        "narHash": "sha256-dcGdqxhRRGoA/S38BsWOrwIiLYEBOqXKauHdFwKR310=",
+        "lastModified": 1754290399,
+        "narHash": "sha256-KwYm1/FeLqP9uE4Sbw+j2nI2/ErNbc9Mn+LPcrEOpX0=",
         "owner": "nix-community",
         "repo": "fenix",
-        "rev": "5ef8607d6e8a08cfb3946aaacaa0494792adf4ae",
+        "rev": "f53ddf7518d85d59b58df6e9955b25b0ac25f569",
         "type": "github"
       },
       "original": {
@@ -114,11 +134,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1753960679,
-        "narHash": "sha256-q82/pjksNMev2AJqK1v38BcK29kB2f7yB2GTEsrlR2M=",
+        "lastModified": 1754311269,
+        "narHash": "sha256-y84Q8qS5acSxl3QsLLGs4DboPhM/AYUMiTsJJZwmQxY=",
         "owner": "nix-community",
         "repo": "flake-firefox-nightly",
-        "rev": "c709bb72ee604949ff54df9519dc6cb0c6040007",
+        "rev": "5a6856f353975206aec02373c18e8cea3fa6bb75",
         "type": "github"
       },
       "original": {
@@ -432,11 +452,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753902883,
-        "narHash": "sha256-F7IUdBe//PDtcztUdu3XYxzJuKbYip6TwIRWLdrftO0=",
+        "lastModified": 1754075821,
+        "narHash": "sha256-ihlkNqYsNgJPCDOE2LPpUl/ww3LBKfsxeWs2sivhb10=",
         "owner": "himmelblau-idm",
         "repo": "himmelblau",
-        "rev": "d01709bf0100183045927c03b90db78fb8e40bda",
+        "rev": "f77821437959ecd67f2fb2b1266e5a644a46d149",
         "type": "github"
       },
       "original": {
@@ -452,11 +472,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753943136,
-        "narHash": "sha256-eiEE5SabVcIlGSTRcRyBjmJMaYAV95SJnjy8YSsVeW4=",
+        "lastModified": 1754263839,
+        "narHash": "sha256-ck7lILfCNuunsLvExPI4Pw9OOCJksxXwozum24W8b+8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bd82507edd860c453471c46957cbbe3c9fd01b5c",
+        "rev": "1d7abbd5454db97e0af51416f4960b3fb64a4773",
         "type": "github"
       },
       "original": {
@@ -473,11 +493,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753938227,
-        "narHash": "sha256-KzjI9khMC2tOL5FClh3sHq8Gax1O5Rw0bH1hvJ3FU3E=",
+        "lastModified": 1754110197,
+        "narHash": "sha256-N7GWK2084EsNdwzwg6FCIgMrSau1WwzxGSNdPHx5Tak=",
         "owner": "Jovian-Experiments",
         "repo": "Jovian-NixOS",
-        "rev": "8d1f0004594e0eddc00159ad7666e669a6bcb711",
+        "rev": "04ce5c103eb621220d69102bc0ee27c3abd89204",
         "type": "github"
       },
       "original": {
@@ -492,11 +512,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1753618592,
-        "narHash": "sha256-9sDACkrSbZOA1srKWQzvbkBFHZeXvHW8EYpWrVZPxDg=",
+        "lastModified": 1754223384,
+        "narHash": "sha256-pewBF80b4slivTMSeONyOPceyzUUlBLpVOxlGf0hFEY=",
         "owner": "nix-community",
         "repo": "lib-aggregate",
-        "rev": "81b2f78680ca3864bfdc0d4cbc3444af3e1ff271",
+        "rev": "2d6fee65844e851060a6817984248bcf8358c6b0",
         "type": "github"
       },
       "original": {
@@ -549,11 +569,11 @@
         "nixpkgs": "nixpkgs_5"
       },
       "locked": {
-        "lastModified": 1753928630,
-        "narHash": "sha256-ASqyvmJ2EEUCyDJGMHRQ1ZqWnCd4SiVd7hi7dGBuSvw=",
+        "lastModified": 1754274768,
+        "narHash": "sha256-bI+Z15bpec7VEnxkrqOG+JX0bFa9CnVeg/uiaf8iiS0=",
         "owner": "Infinidoge",
         "repo": "nix-minecraft",
-        "rev": "30af81148ee29a4a13c938c25d3e68877b1b27fb",
+        "rev": "b54894d44fbe4d29c081ade695ffdb07bb21b322",
         "type": "github"
       },
       "original": {
@@ -621,11 +641,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753704990,
-        "narHash": "sha256-5E14xuNWy2Un1nFR55k68hgbnD8U2x/rE5DXJtYKusw=",
+        "lastModified": 1754260137,
+        "narHash": "sha256-IViMH6Fwj8nwO1nuYCqOTpjm9OK9rQ0w8nmoOwPlo98=",
         "owner": "nix-community",
         "repo": "nixos-wsl",
-        "rev": "58c814cc6d4a789191f9c12e18277107144b0c91",
+        "rev": "57ba096649fa4e12dc564e8e3c529255baf89b35",
         "type": "github"
       },
       "original": {
@@ -652,11 +672,11 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1753579242,
-        "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
+        "lastModified": 1754184128,
+        "narHash": "sha256-AjhoyBL4eSyXf01Bmc6DiuaMrJRNdWopmdnMY0Pa/M0=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
+        "rev": "02e72200e6d56494f4a7c0da8118760736e41b60",
         "type": "github"
       },
       "original": {
@@ -683,11 +703,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1753948617,
-        "narHash": "sha256-68ounbeMLJTO/Igq0rEqjldNReb/r2gR9zgLU2qiH7A=",
+        "lastModified": 1754284898,
+        "narHash": "sha256-wzM6HN0xxyooekXfl7p5P4Bn0LieOKOfsLg4DqY7XLk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "4f1a1d0af135001efc1a58c8f31ede7bb1045874",
+        "rev": "114484ca7213ac06fa7907e58dd8ef9d801d39f0",
         "type": "github"
       },
       "original": {
@@ -715,11 +735,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1753965693,
-        "narHash": "sha256-ks84bo0xIjUdRJGqLHQTyXR5OGb+8zUQg+XarbSEtrw=",
+        "lastModified": 1754315431,
+        "narHash": "sha256-fnVgd+mIJeR/fsaJB11KcTFjoJzLZNglLjVRtAzwcUI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "113bb8d5ca48dc31c62835b5fafed82092d87a91",
+        "rev": "66023e4de2495a69792a2b72bd131358b824d2e3",
         "type": "github"
       },
       "original": {
@@ -747,11 +767,11 @@
     },
     "nixpkgs_6": {
       "locked": {
-        "lastModified": 1753694789,
-        "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
+        "lastModified": 1754214453,
+        "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
+        "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376",
         "type": "github"
       },
       "original": {
@@ -843,11 +863,11 @@
         "systems": "systems_4"
       },
       "locked": {
-        "lastModified": 1753878721,
-        "narHash": "sha256-Y+Kr6FTHggnZ31nhaiOhIboIi+dhnLmQ9p0xf0wwnDc=",
+        "lastModified": 1754137146,
+        "narHash": "sha256-V2AE32tLNvtYVBuc8ZRbkGjAZGsJchFbNVd6v5JXvg8=",
         "owner": "notashelf",
         "repo": "nvf",
-        "rev": "e35a74c44a35b28fd09f136dd3c0dbe9f300258f",
+        "rev": "16d396f039ffefabf93b7b3261e2a17e2f84439b",
         "type": "github"
       },
       "original": {
@@ -866,11 +886,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1748196248,
-        "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=",
+        "lastModified": 1754241118,
+        "narHash": "sha256-nsBBqbAFB7lUYIh6S6l7fQ/ALDhCckp7+rqbY2767uE=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "b7697abe89967839b273a863a3805345ea54ab56",
+        "rev": "968109159b4bbe4386ac281272ddcebeef09ebfc",
         "type": "github"
       },
       "original": {
@@ -881,6 +901,7 @@
     },
     "root": {
       "inputs": {
+        "disko": "disko",
         "erosanix": "erosanix",
         "fenix": "fenix",
         "firefox": "firefox",
@@ -905,11 +926,11 @@
     "rust-analyzer-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1753838657,
-        "narHash": "sha256-4FA7NTmrAqW5yt4A3hhzgDmAFD0LbGRMGKhb1LBSItI=",
+        "lastModified": 1754218780,
+        "narHash": "sha256-M+bLCsYRYA7iudlZkeOf+Azm/1TUvihIq51OKia6KJ8=",
         "owner": "rust-lang",
         "repo": "rust-analyzer",
-        "rev": "8611b714597c89b092f3d4874f14acd3f72f44fd",
+        "rev": "8d75311400a108d7ffe17dc9c38182c566952e6e",
         "type": "github"
       },
       "original": {
@@ -978,11 +999,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1753919664,
-        "narHash": "sha256-U7Ts8VbVD4Z6n67gFx00dkpQJu27fMu173IUopX3pNI=",
+        "lastModified": 1754264048,
+        "narHash": "sha256-Yg1W0sFhBpnglfhWGlFmxzSmte1F157luHAADp5Hguk=",
         "owner": "nix-community",
         "repo": "stylix",
-        "rev": "30f5022236cf8dd257941cb0f910e198e7e464c7",
+        "rev": "1b5e1c5642cf96e07daf14ae4c5ddd23d7ed5623",
         "type": "github"
       },
       "original": {

flake.nix

@@ -9,6 +9,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -24,14 +29,14 @@
       url = "github:nix-community/nixos-generators";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-
-    # neovim
-    nvf.url = "github:notashelf/nvf";
-
-    # plymouth theme
-    nixos-boot.url = "github:Melkor333/nixos-boot";
-
-    firefox.url = "github:nix-community/flake-firefox-nightly";
+    
+    nixos-wsl = {
+      url = "github:nix-community/nixos-wsl";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        flake-compat.follows = "";
+      };
+    };
 
     stylix.url = "github:nix-community/stylix";
 
@@ -41,6 +46,12 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    # neovim
+    nvf.url = "github:notashelf/nvf";
+
+    # plymouth theme
+    nixos-boot.url = "github:Melkor333/nixos-boot";
+
     zen-browser.url = "github:MarceColl/zen-browser-flake";
 
     nix-minecraft.url = "github:Infinidoge/nix-minecraft";
@@ -67,14 +78,6 @@
     grub2-themes = {
       url = "github:vinceliuice/grub2-themes";
     };
-    
-    nixos-wsl = {
-      url = "github:nix-community/nixos-wsl";
-      inputs = {
-        nixpkgs.follows = "nixpkgs";
-        flake-compat.follows = "";
-      };
-    };
   };
 
   outputs = inputs: inputs.snowfall-lib.mkFlake {
@@ -103,7 +106,7 @@
       nix-minecraft.overlay
       flux.overlays.default
     ];
-
+    
     homes.modules = with inputs; [
       stylix.homeModules.stylix
       plasma-manager.homeManagerModules.plasma-manager

homes/x86_64-linux/chris@manwe/secrets.yaml

@@ -0,0 +1,21 @@
+user_level_secrets: ENC[AES256_GCM,data:TNT+via+r4bpgROz,iv:cVO6/r4Aovr5uJFhU87mE5XwRJ518y4OJdHo4m92ahM=,tag:jYInD+euh7k1zSnMRppI5Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYVRQTEVSMWM3WXY3eTdW
+            ZkUwSnNidlJwWGVETURpNUJRRUllYXo4WjNvCmxmN21qVzNFV3N4UVR6WEV1am1W
+            eW1KTk9HVDluek1BUnBmSGI3Y2ZqaDQKLS0tIHlMYldYMTVORVNWbEgrWlBSanRM
+            bUZiMHlOU3pxYUhQSTREb0l4TmFlOEkKiasV2H481aJzAvEAvyeWqGYDOW+WKRFX
+            yyocZDo0o1lHz/gNXoC0/ujU+O3rSXdsy6Qdz6Rm+xeFUfe4KoD4bg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-08-11T13:21:38Z"
+    mac: ENC[AES256_GCM,data:kfMcZuYuQqxxfqtyfH7DltSkq8YNz+vroB+ZQKTIpCNC/W6vJP1o23/xLRzdnEgnnH5GfgZQFAK8Am00/bUD2BgEPyXxXNf1lG70ocFbRM9htii92BFfHgfi25zlEqCO7yrudm1HEJyYrFbZnT63H6u1OgWSC38CzEZTBsCE0kU=,iv:feWGBau48s2GSvZjnKPfP2z46SBuHbh//4zzcLv+MTY=,tag:D86akwawLxobhEu2AvBFKg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4

justfile

@@ -0,0 +1,24 @@
+[private]
+default: 
+    @just -l
+
+[doc('Update flake dependencies')]
+update:
+    nix flake update
+
+[doc('install nixos on a system (uses nix-anywhere)
+> profile: Which profile to use
+> host: How to reach the target system in the standard format of `user@host`
+')]
+install profile host:
+    nix run nixpkgs#nixos-anywhere -- \
+    --flake .#{{profile}} \
+    --generate-hardware-config nixos-generate-config ./hardware-configuration.nix \
+    {{host}}
+
+[doc('builds the configuration for the host')]
+build host:
+    nh os build . -H {{host}}
+
+edit-secrets target:
+    sops --config "{{justfile_directory()}}/.sops.yml" edit "{{justfile_directory()}}/{{ if target =~ ".+@.+" { "homes" } else { "systems" } }}/x86_64-linux/{{target}}/secrets.yaml"

modules/nixos/nix/default.nix

@@ -15,10 +15,10 @@ in
     nix = {
       package = pkgs.nixVersions.latest;
 
-      extraOptions = "experimental-features = nix-command flakes";
+      extraOptions = "experimental-features = nix-command flakes pipe-operators";
 
       settings = {
-        experimental-features = [ "nix-command" "flakes" ];
+        experimental-features = [ "nix-command" "flakes" "pipe-operators" ];
         allowed-users = [ "@wheel" ];
         trusted-users = [ "@wheel" ];
 

modules/nixos/system/security/sops/default.nix

@@ -13,10 +13,10 @@ in
     environment.systemPackages = with pkgs; [ sops ];
 
     sops = {
-      defaultSopsFile = ../../../../secrets/secrets.yaml;
-      defaultSopsFormat = "yaml";
+      age.keyFile = "/home/.sops-key.age";
 
-      age.keyFile = "/home/";
+      defaultSopsFile = ../../../../systems/x86_64-linux/${config.networking.hostName}/secrets.yaml;
+      defaultSopsFormat = "yaml";
     };
   };
 }

systems/x86_64-linux/manwe/README.md

@@ -1,8 +1,3 @@
 # Description
 
-<<<<<<< HEAD
 My steambox.
-=======
-My desktop, reasoning for the name being the following chain of thought:  
-**Manwe -> the king of the valar -> leader -> desktop is main machine**
->>>>>>> 72b0f6f8fad97a4ade1b54dfada26828a170febf

systems/x86_64-linux/manwe/disks.nix

@@ -1,34 +1,59 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, pkgs, modulesPath, inputs, ... }:
 let
   inherit (lib.modules) mkDefault;
 in
 {
-  # TODO :: Implement disko at some point
+  imports = [
+    inputs.disko.nixosModules.disko
+  ];
 
-  swapDevices = [];
+  config = {
+    swapDevices = [];
 
-  boot.supportedFilesystems = [ "nfs" ];
-  
-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-label/nixos";
-      fsType = "ext4";
+    boot.supportedFilesystems = [ "nfs" ];
+
+    disko.devices = {
+      disk = {
+        main = {
+          device = "/dev/nvme0";
+          type = "disk";
+          content = {
+            type = "gpt";
+            partitions = {
+              ESP = {
+                size = "100M";
+                type = "EF00";
+                content = {
+                  type = "filesystem";
+                  format = "vfat";
+                  mountpoint = "/boot";
+                  mountOptions = [ "umask=0077" ];
+                };
+              };
+              root = {
+                size = "100%";
+                content = {
+                  type = "filesystem";
+                  format = "ext4";
+                  mountpoint = "/";
+                };
+              };
+            };
+          };
+        };
+      };
     };
+    
+    fileSystems = {
+      "/home/chris/media" = {
+        device = "ulmo:/";
+        fsType = "nfs";
+      };
 
-    "/boot" = {
-      device = "/dev/disk/by-label/boot";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-    "/home/chris/media" = {
-      device = "ulmo:/";
-      fsType = "nfs";
-    };
-
-    "/home/chris/mandos" = {
-      device = "mandos:/";
-      fsType = "nfs";
+      "/home/chris/mandos" = {
+        device = "mandos:/";
+        fsType = "nfs";
+      };
     };
   };
 }

systems/x86_64-linux/manwe/secrets.yaml

@@ -0,0 +1,31 @@
+zitadel:
+    masterKey: ENC[AES256_GCM,data:iSeZOloWLrdP8S+ac7ubIcv9TF3Sm8Ni,iv:8v3/ratFQ5vq2rbZOUMKfPhVTA9uQY2eFQU4IR8s3VU=,tag:9y90aDQ2PfFT//X2i2YvvA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4R0UyWmx5L3hCbGhQVXI0
+            NmpkMThPVlgrRHZZMnFrNTAwbzVTY1F6NEVVCjJaRHdhbHV6R1RJM2JIQzc3dkNu
+            a01FYlM3b1dXbmxGN2tWU3FMdXMveG8KLS0tIG1SSjNXdXZNN2ZyQ2UyZ0pIZXJJ
+            NmpMS2oySFE1S1RER3J1RGl4MlRQK00Ks+PcxcHmygYz+a+d0ZrzrdUpTQ50NYkA
+            aDFbtRtukn9e7i3bGUyD4nisSvs4YjfoQxR/pC8hs4k3f5V2jwDh2w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwaTN4clFoWDNwU2lpaHBn
+            M2pVeU5oM0JRNmp6NEJjQ3BHeWlzeSs3bTI0CnBocngvbzZQUXBsMG9Oc2J6dlBT
+            MjdtaFdmOHg5ZmZmSkViWGJFYThQYXcKLS0tIFRNd2JiVlFTREtDMTdzR2V0SlVo
+            Q0d5ZDVDM05LdFp4UnB4dFRPUm5vU0UKR/MAONEWaT6XXyPB1IrSIKqW5PZNIbuB
+            n7QX3DJIzlajtmq+82/wPFPTBkLvSSjV5FKL5ErMwTDndcIn+NlOhQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-08-11T13:11:00Z"
+    mac: ENC[AES256_GCM,data:P34YsR/Rvc3q4Os5n9hxonJLCXwifMRnKOCM59h5MRMT/aqjl+QlBX+oUADsqDSrhUscQb3N/UlpFeOT6qg+FmJbT/mYMH6v1xK16VD0M7VWydXpmjDu5If+O89lgDHsiEOGDgeR04jkiaY0yzT9U8l9CND5fMvF3I9o5Z1SZQk=,iv:NgUD8gB2bQa5vh0nb0Ngqp5dn0yqskHudWo8xoVjM4Q=,tag:5oTcnailDCHeMvMLz63e1w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4