From 5f57fb269a81673db78961005539a9d21b46675d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= <lelgenio@disroot.org>
Date: Sun, 15 Feb 2026 03:41:31 -0300
Subject: [PATCH] factorio: move secret to sops

---
 hosts/monolith/default.nix         |   2 ++
 hosts/monolith/factorio-server.nix |   5 ++---
 secrets/factorio-settings.age      | Bin 847 -> 0 bytes
 secrets/monolith/default.yaml      |   6 ++++--
 secrets/secrets.nix                |   1 -
 system/monolith-forgejo-runner.nix |   2 ++
 system/nix-serve.nix               |   2 ++
 7 files changed, 12 insertions(+), 6 deletions(-)
 delete mode 100644 secrets/factorio-settings.age

diff --git a/hosts/monolith/default.nix b/hosts/monolith/default.nix
index bf0e98e..0ce3b79 100644
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@@ -43,6 +43,8 @@ in
     package = pkgs.unstable.opentabletdriver;
   };
 
+  sops.defaultSopsFile = lib.mkForce ../../secrets/monolith/default.yaml;
+
   my.gaming.enable = true;
   my.nix-ld.enable = true;
 
diff --git a/hosts/monolith/factorio-server.nix b/hosts/monolith/factorio-server.nix
index debbc1e..0db1e3a 100644
--- a/hosts/monolith/factorio-server.nix
+++ b/hosts/monolith/factorio-server.nix
@@ -12,7 +12,7 @@
     lan = true;
     openFirewall = true;
     admins = [ "lelgenio" ];
-    extraSettingsFile = config.age.secrets.factorio-settings.path;
+    extraSettingsFile = config.sops.secrets."factorio/server-config.json".path;
   };
 
   systemd.services.factorio = {
@@ -43,8 +43,7 @@
     wantedBy = [ "timers.target" ];
   };
 
-  age.secrets.factorio-settings = {
-    file = ../../secrets/factorio-settings.age;
+  sops.secrets."factorio/server-config.json" = {
     mode = "777";
   };
 }
diff --git a/secrets/factorio-settings.age b/secrets/factorio-settings.age
deleted file mode 100644
index 77eb8bddbb17ce598bbd018de5232c281bc213e4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 847
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!*`Do#{zDlf0_NaqSEF>&$JcCGNy
z&n$2X3P?#TaH<N*&(13|DJsk~G|RWB@~JZSEO4tdi7+cH$u9HH_43Nj^DYi9C@FO-
z&QIkk2raZQtSZfpO!G?(bqlD<&4|o2O$znW&+tk%i3s)yPc<@0&kaj)sVMOeGL3Xh
z%<(BGtt_wf3i5TzchfiLGA|CU%F7NlNzAKED)#qJ@o~#B*AA&l%JtVTbxHFw&-Kgp
zNOjB2C=05H@-NHCO9`(uG4V6BaLp|WGpca*=c+2pFwhP!Opfq1uq+BFED3TkbE?YC
zb~JYOGDtEh$O?B2NHfUt@zE|d$nnd|@(uQKN)PkMGc+m7$~G;^_u?vaiYO}5PjN}~
z^sOxQjqtM!vnVi#D9S63D)%<X$~7pphzJM|G79!ibFZp$HOi_;)Q-w1G;uO8sIYJ?
zG*0A7%nd8eDo)NYNDQk=cFXjuG%ZLk369G02+y$$DK^Th@Jcsu(a$aP%nUBgcgoH%
z4NeSk$}7+>v&_x14AR!;GS5lX&&YHSb@UDjFD(nJbT4<!&dBtx@Qn=94os>rFs-Qc
zHFe4e&eYCKb20Xf^7J*!FR#=tOtVM~wlEJU<1+QNFf?>_O)f6?Eceed@=Pl%$%^nu
zNzeAvcQG(`b*ZY12uvxdFfTB0^3e7U$ck{*Hcu-EDNe0O_l*jQu;k*>)zww7^zigc
zcC7T$cTF@*cJy{BD)I7-Fe&p5@pIEpstgMB%<u~=4y#BHGdAJc@`uND*^XtoR#u<c
zBNmCvW|jP1*^%&`PvP5pmyd=aH=Z#|_}ECEXn&G%_I=O0(Caz87e6b#emG-Zmhsa<
zhp)fSNzC1}p3SN&F)*q0M3Lr=KkKiyz4c4JaIG&^Ykf^>&n*71%&$Rn^tA#L&$4QB
zy@}&2VLov>){?RLtkr#Ufk$lnK8sIc6V1M{wPuU!T7Hj;EQXI6`}bL={+TJ3XQ#=P
z?R#&@*Py@LvCa9NYlAn`efAQT-eux>d;<e}@TDIdud`fqzDnKbZoOu7<qgNicjs4`
jyFHm6&%5aV^A#6;pB!19a!|u%{*L8~3+8qB9V-I>V!}e-

diff --git a/secrets/monolith/default.yaml b/secrets/monolith/default.yaml
index 61f00ce..afa1c8f 100644
--- a/secrets/monolith/default.yaml
+++ b/secrets/monolith/default.yaml
@@ -15,6 +15,8 @@ minio:
     root-credentials: ENC[AES256_GCM,data:izDiis6BgAubbe91EUcuwMKrSrYEDQFQbaEGzpdjj3Wlt8Z8gzgvGmYCryAK8GBUMbzQvy0do26xMGMl3LxLWz9bgixixPVFTTg5GhfUJw==,iv:hkrkGz+EpVwkWEMQWBrm2u4Jti7azsDtsTmyouDREug=,tag:mDnOKKBwgKOmsxegKcRhpQ==,type:str]
 nix-serve:
     private-key: ENC[AES256_GCM,data:xSHNHiLKs5QG92cSR0gNlusRhGjRUcelSvBt/f3+LdLjTtPaYMmiEiUsl43FyaigGkGq4nGDWAgPVJ+bFNpman0F4KwYqoSp5zH07IC9KaXouvudRLMZc8MkpwKKptKebKDlxKfsLt44n3qnV7OPYzSgzA==,iv:yUM/4yCIJqTt04HyXBVe+EMN4NnFkVnVhsUvUlKv2QM=,tag:qAr0UIjWzXH1eEzGCrK5Vg==,type:str]
+factorio:
+    server-config.json: ENC[AES256_GCM,data:qpLNcNjKrlH5IjGsq7ukCPR7G5dfOfN9joM2KZUdKZetZ/mA8ikBSbuBtRxwBQUSB6PcFxDftus704vlOkLcDcc4PT9rnpEiedLng9NkJPZZo2exfozut3N7dhij28c6Jy2uvad1pzAfW78iHI0kJNkDQDD2oW9xoFAZrPDRh5oNLpNn1/iIFoIflyYFctUbcpsDvs+8xHGGM5PQQo0QnZcxfSPY2iT4At1i5WP/Uedonvlw9fNcoOtzP7BhOECuMWUC5W2v2hP2/vcp7M8=,iv:Ln+/4AudJfdJYdkq0xLVF8dyrObzLwhANpTo3WgjUF4=,tag:Rgw4/J016Geiv6FwF5ZaMQ==,type:str]
 sops:
     age:
         - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
@@ -35,8 +37,8 @@ sops:
             aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h
             jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-02-15T06:31:14Z"
-    mac: ENC[AES256_GCM,data:FPf6xhBN/D0zfeMcpcT1u+94oWpO6XApn11CtiA36MmPMaD/8kIpT7WxX2uV9OVnAfE1ab4vhaIPflLNt+iIOVJRxT0d2kjGqnWrJlRsu0C7gandbUjx/QnDobb82V0KFZ/E5wgZEdd2bl33l+BWdMHeUj32yFzSyP5d98GloJE=,iv:uQ9F4b2OGF+dGp7B7tl+qXB16cGdCLeTw7vQ2h2JjWc=,tag:UpCKj7CaRI5MralcT4oJQw==,type:str]
+    lastmodified: "2026-02-15T06:33:37Z"
+    mac: ENC[AES256_GCM,data:lYnwpoQuDSRpcPdIoSX3aGssc34UPqj6aZaliXl9XKMu1FMEgKwYXvNGOgs4tV2hBUQvTB4ZhiPT62awEHxzO1CmVdi6eiR9LTP2KetVubvKp8Ps/xoWKl51pG9ubJj+H3rfwAhfbGVZmAb6PKQgY6mnpyutlt/ojCMoKJ4BVwM=,iv:O0MoP+Nb1+nrowX3yfhIY/pjtSbLPV6qHOhDiEfdpzw=,tag:qSA02qKepxJ8p1qpZYN+UQ==,type:str]
     pgp:
         - created_at: "2025-03-07T22:49:16Z"
           enc: |-
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 3d6a466..0a7abf8 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,7 +2,6 @@ let
   main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15";
 in
 {
-  "factorio-settings.age".publicKeys = [ main_ssh_public_key ];
   "phantom-nextcloud.age".publicKeys = [ main_ssh_public_key ];
   "phantom-writefreely.age".publicKeys = [ main_ssh_public_key ];
   "phantom-renawiki.age".publicKeys = [ main_ssh_public_key ];
diff --git a/system/monolith-forgejo-runner.nix b/system/monolith-forgejo-runner.nix
index 345f861..5d7a98f 100644
--- a/system/monolith-forgejo-runner.nix
+++ b/system/monolith-forgejo-runner.nix
@@ -17,4 +17,6 @@
       ];
     };
   };
+
+  sops.secrets."forgejo-runners/git.lelgenio.com-default" = { };
 }
diff --git a/system/nix-serve.nix b/system/nix-serve.nix
index 7cd7377..9bf9814 100644
--- a/system/nix-serve.nix
+++ b/system/nix-serve.nix
@@ -9,4 +9,6 @@
     enable = true;
     secretKeyFile = config.sops.secrets."nix-serve/private-key".path;
   };
+
+  sops.secrets."nix-serve/private-key" = { };
 }