Add sops-nix

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

hosts/common/default.nix

@@ -3,6 +3,7 @@
 {
   imports = [
     inputs.impermanence.nixosModules.impermanence
+    inputs.sops-nix.nixosModules.sops
     ./configs/zsh.nix
     ./configs/neovim.nix
     ./configs/tmux.nix
@@ -37,7 +38,7 @@
         "/var/lib/systemd/coredump"
       ];
       files = [
-        "/var/lib/sops-nix/key.txt"
+        "/etc/ssh/ssh_host_ed25519_key"
         "/etc/machine-id"
         "/root/.zsh_history"
       ];
@@ -55,20 +56,31 @@
 
   networking.networkmanager.enable = true;
   i18n.defaultLocale = "en_US.UTF-8";
-  users.defaultUserShell = pkgs.zsh;
+
+  users = {
+    mutableUsers = false;
+    defaultUserShell = pkgs.zsh;
+  };
 
   programs = {
     nix-ld = {
       enable = true;
       libraries = [ ];
     };
+    ssh.knownHosts = {
+      eirene-vm.publicKeyFile = ../eirene/vm/secrets/ssh_host_ed25519_key.pub;
+    };
   };
 
   security.sudo.extraConfig = ''
     Defaults lecture = never
   '';
 
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  sops.age = {
+    generateKey = true;
+    sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
+    keyFile = "/var/lib/sops-nix/key.txt";
+  };
 
   system = {
     autoUpgrade = {
@@ -84,4 +96,6 @@
 
     stateVersion = "24.05";
   };
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 }