7 changed files with 2 additions and 140 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,13 +0,0 @@
 keys:
  - &users:
    - &irl age1uhp600xemepn27l0vxnt7hmuvk53wmw5peh9d3wy4ma2apsympmqxm8jxq
  - &hosts:
    - &homeserver age1y9v37jc3kxuygw042qrsvseac5krhh3skp88ewlqlja00uslpyss62e4nd
 creation_rules:
  - path_regex: secrets.yaml$
    key_groups:
      - age:
        - *irl
        - *homeserver
--- a/flake.lock
+++ b/flake.lock
@ -110,22 +110,6 @@
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1744868846,
        "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nur": {
      "inputs": {
        "flake-parts": "flake-parts",
@ -154,26 +138,7 @@
        "flake-utils": "flake-utils",
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
-        "nur": "nur",
+        "nur": "nur"
        "sops-nix": "sops-nix"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1749592509,
        "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=",
        "owner": "mic92",
        "repo": "sops-nix",
        "rev": "50754dfaa0e24e313c626900d44ef431f3210138",
        "type": "github"
      },
      "original": {
        "owner": "mic92",
        "repo": "sops-nix",
        "type": "github"
      }
    },
    "systems": {
--- a/flake.nix
+++ b/flake.nix
@ -16,10 +16,6 @@
      url = "github:nix-community/NUR";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    sops-nix = {
      url = "github:mic92/sops-nix";
      inputs.nix.follows = "nixpkgs";
    };
  };
  outputs =
    {
@ -28,7 +24,6 @@
      flake-utils,
      home-manager,
      nur,
      sops-nix,
      ...
    }@inputs:
    let
--- a/home/irl.nix
+++ b/home/irl.nix
@ -17,7 +17,6 @@ in
      if lib.strings.hasSuffix "darwin" pkgs.system then "/Users/irl" else "/home/irl";
    home.stateVersion = "25.05";
    home.packages = with pkgs; [
      age
      fish
      neofetch
      rust-analyzer
--- a/nixos/common.nix
+++ b/nixos/common.nix
@ -1,30 +1,8 @@
-{
+{ pkgs, ... }:
  pkgs,
  config,
  sops-nix,
  ...
 }:
 {
  imports = [
    sops-nix.nixosModules.sops
  ];
  nix.settings.experimental-features = "nix-command flakes";
  sops = {
    defaultSopsFile = ../secrets.yaml;
    validateSopsFiles = false;
    age = {
      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
      keyFile = "/var/lib/sops-nix/key.txt";
      generateKey = true;
    };
    secrets.irl-password.neededForUsers = true;
  };
  time.timeZone = "Europe/London";
  i18n.defaultLocale = "en_GB.UTF-8";
@ -41,12 +19,9 @@
    LC_TIME = "en_GB.UTF-8";
  };
  users.mutableUsers = false;
  users.users.irl = {
    isNormalUser = true;
    description = "irl";
    hashedPasswordFile = config.sops.secrets.irl-password.path;
    extraGroups = [
      "networkmanager"
      "wheel"
--- a/nixos/hosts/homeserver/default.nix
+++ b/nixos/hosts/homeserver/default.nix
@ -18,42 +18,8 @@
  networking.hostName = "homeserver";
  networking.networkmanager.enable = true;
  users.groups.media = { };
  users.users.media = {
    group = "media";
    isNormalUser = true;
  };
  services.xserver.xkb.layout = "us";
  services.audiobookshelf = {
    enable = true;
    group = "media";
    host = "0.0.0.0";
    openFirewall = true;
    port = 8000;
    user = "media";
  };
  services.avahi = {
    enable = true;
    publish = {
      enable = true;
      addresses = true;
      workstation = true;
    };
  };
  services.calibre-server = {
    enable = true;
    extraFlags = [ "--enable-local-write" ];
    group = "media";
    libraries = [ "/srv/books" ];
    openFirewall = true;
    port = 8585;
    user = "media";
  };
  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
--- a/secrets.yaml
+++ b/secrets.yaml
@ -1,25 +0,0 @@
 irl-password: ENC[AES256_GCM,data:8DcPiZ9Ui40MaOaPJ5XmZI3M7XDqLtBqJKLEUnolMYuNoa6dDBF/IicokQO6zvNVw0G2DPVQwbKzgEaWtvnj+5rXm+QbyEVIKw==,iv:+qsf6VzsMzAj6A5B6TCQ/ZaYDt0EiZYwQ7gZg0sw2TM=,tag:3Xi5bSJ7rYEUUVIDuynHag==,type:str]
 sops:
    age:
        - recipient: age1uhp600xemepn27l0vxnt7hmuvk53wmw5peh9d3wy4ma2apsympmqxm8jxq
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZmJkMlpoN2RRUEVVUCtS
            cVl4T0grTit5TGtGUEM2MTlBRnQ2OWlWaEVrClErVm5uRzQySzNDM3J6dDFQY2U0
            cjlVS1NpTzdBQzgvSHJndmlxMWRmbUkKLS0tIHBtTkhSU1BTZHhMaXdZT0xiWWZD
            ZXlLNjAzSVkxZWtDRjlUMHV5bnJXK3MKNGKAW7iq/Qfo1dAt3Zxjzu+PsjdtaYPG
            a5Zvnazkm2dmuajldII/+xk4r/JewBZmeWdd37n2lUpbSisgcw0X5A==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1y9v37jc3kxuygw042qrsvseac5krhh3skp88ewlqlja00uslpyss62e4nd
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQTcxWkphbngrK3RMaEZF
            UHU4ZURiVmNZdDhoR1l5YWVDZ1YvdlZWbndJCnRZd0tmR2lXcnA0V0dRaDZzZkg5
            YitPd01mbFc1VHVyTDl3Sk9UTGptclEKLS0tIEtWb0VNZWFLUmNZRDh3S0N4WmN0
            SlVKUDZWVEp2YmR4V3ArRW1GR1lXeTAKRJoawuTKrgrz6qeOSTmYLXO6n66QNPLA
            C5UI4yB0WLeRxdqxU84a3rS2ZjgTh22RR0WwRe6siOaKOdS1G96DXw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-06-13T17:56:08Z"
    mac: ENC[AES256_GCM,data:YjTPJ69gNE3MOxUq8X1H4ucqiJxIwRFBBLz0pu6nJgx64XDKe96qeiy7NLAnyJuzOgXpZxb6bm+ecf4E288Bq5NyqpWyrICXC37mSMMXTIoi+HZMHk/GYOAezfCHCBzJBKlJjTZhmslF1zu/4jGtUf/VTOCm+WTPDTUjVkzvwJ8=,iv:vsiDWLir7b/DmOgJFs9iuNxJxJAipdriP/XSPbm4MKU=,tag:aBXeQdetTepLNj/kl45McQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.10.2