6 files changed, 101 insertions, 59 deletions

diff --git a/.sops.yaml b/.sops.yaml
index 78fdbd2..0e35530 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -15,6 +15,7 @@
 
 keys:
   - &arrakis age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de
+  - &caladan age1rpjhlmc9sf3kcagg2fq4850vcxnvhmrrfggs30jckffjxxr89smsukj0f3
   - &darkstar age1z6g6etwcer433v97lwjrruetdh9fswkgjh9w702wzdc2ydvy5q8ssrfy9r
   - &fangorn age15yqlem4d5h4mz808j72ccd8mrdu4p8hyal2k988jdcmtqrns23xq80896d
   - &ginaz age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh
@@ -27,6 +28,10 @@ creation_rules:
     key_groups:
     - age:
       - *nipsy
+  - path_regex: ^home/nipsy/secrets/caladan.yaml$
+    key_groups:
+    - age:
+      - *nipsy
   - path_regex: ^home/nipsy/secrets/ginaz.yaml$
     key_groups:
     - age:
@@ -36,6 +41,11 @@ creation_rules:
     - age:
       - *arrakis
       - *nipsy
+  - path_regex: ^hosts/secrets/caladan.yaml$
+    key_groups:
+    - age:
+      - *caladan
+      - *nipsy
   - path_regex: ^hosts/secrets/darkstar.yaml$
     key_groups:
     - age:
diff --git a/flake.nix b/flake.nix
index ff60eaa..e0cc70a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -120,11 +120,11 @@
           disko.nixosModules.disko
           ./hosts/caladan
           home-manager.nixosModules.home-manager {
-            #home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ];
+            home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ];
             home-manager.users.root = import ./home/root/caladan.nix;
             home-manager.users.nipsy = import ./home/nipsy/caladan.nix;
           }
-          #sops-nix.nixosModules.sops
+          sops-nix.nixosModules.sops
         ];
       };
 
diff --git a/home/nipsy/caladan.nix b/home/nipsy/caladan.nix
index 49f84a7..197c101 100644
--- a/home/nipsy/caladan.nix
+++ b/home/nipsy/caladan.nix
@@ -4,7 +4,7 @@
     common/core
     common/optional/desktops
     common/optional/desktops/services/xscreensaver.nix
-    #inputs.sops-nix.homeManagerModules.sops
+    inputs.sops-nix.homeManagerModules.sops
   ];
 
   home.file = {
@@ -33,19 +33,19 @@
     };
   };
 
-  #sops = {
-  #  age.keyFile = "/home/nipsy/.config/sops/age/keys.txt";
-  #  defaultSopsFile = ./secrets/arrakis.yaml;
+  sops = {
+    age.keyFile = "/home/nipsy/.config/sops/age/keys.txt";
+    defaultSopsFile = ./secrets/caladan.yaml;
 
-  #  secrets = {
-  #    "reaper_license" = {
-  #      path = "/home/nipsy/.config/REAPER/reaper-license.rk";
-  #    };
-  #    "ssh_config" = {
-  #      path = "/home/nipsy/.ssh/config";
-  #    };
-  #  };
-  #};
+    secrets = {
+      "reaper_license" = {
+        path = "/home/nipsy/.config/REAPER/reaper-license.rk";
+      };
+      "ssh_config" = {
+        path = "/home/nipsy/.ssh/config";
+      };
+    };
+  };
 
   xsession = {
     initExtra = ''
diff --git a/home/nipsy/secrets/caladan.yaml b/home/nipsy/secrets/caladan.yaml
new file mode 100644
index 0000000..deb3445
--- /dev/null
+++ b/home/nipsy/secrets/caladan.yaml
@@ -0,0 +1,17 @@
+reaper_license: ENC[AES256_GCM,data:r+s9lH3dvz3+Y1G0c0MKGimwjXnPf1lMT/E+39MHmyRzQaeK1Wvq2aLMKdqpJgfns5x3jA7vE1zV+dhZMMkc9nks6eskY31R66Zcn0SgwoSx+0tIRJ5U/Df8bvbHk1Xt5YO0vSpoaWvKg2KwIrQFmGoWBEogMG+mvmTahBogZOiTUIHrJZMQu6fBrcaNASKFNTVfHLdmjfFr5qWEOIhydXMKprFDPII/orfr3rL0oUzXsT3hRgGpp0fQm1i2cYIenYh0XGntxYjwJkYsWRV4hbzdHpft6q0nFatknwaKX0kmdQAuBs328xo4c3tPqp6QpEUD3NCGO9F/i7ljQSbsYP/EyQSTH5RGkGBQ7WqYtdJn3Jnz8okFntrq9Fpcw5rOJoCuINa328pDKvu2pbOIoAM2oSZIJVZlz6MFa/MlaiuyKvoLgxceLugG82auEWry9tPIpyIKA8TOqbaDjyRsFuIC8uEPgHAMipRcwnFt4kCQupMi2GiHvCZ3sP0utBEhCb+bHiYL/ylI3TJoNSpCPl86QEvCNXIdUUBG7FdYtX0UkE/A6MKo1whV6RTGmrHQuaa8IQdJbXMZKraY4nNarVWM0VTB22jRJ0RIE47Ax+kjIme8Y82i6gV6Y488rJiGDIo+JrHNN47nn74SOt9TQQUcG4vOYhmX9A==,iv:RT0XBkthKkM9MapVvGi+FdxXrEtwEU4V0WXJb7EP9Uw=,tag:esy7aQXzUtrdTkYYVGCDmg==,type:str]
+ssh_config: ENC[AES256_GCM,data:yWX8s+S9dFGdVB847MAj3XgVHU8Q4+sOCkl1NZRiJFoJFrK1IVlDCUFtJDhQtddO+Y741OwMdJBTKwioeC5HRB1+DX4K8zOFK8kg+yPOUOnARQtr45lJaCuBJX9lo08vFtUW9FmUBi537XyBzaONNGmKvjXrc9lSzIc4euEwMqXQSzvZ0hjxajYuRBWuI0DdnOMRVm8hTjmbKNE6svioEXj2ohfegDT8zLbiyRPFcbQRuHMHrh7v7RyHTQt8MjxKINrfrVMgnOMAHlxXHMvpBRVm7Ln/lpgtgMJUnP7xTK6UM4+dLHaSY+D7/rMmAG2VqDbw4jYV/DLBvwgF8bqZ4i4NtW+OFOHIjM7SOCDWm8NiN010RdDjCofjX07tPmcBcm7XLKXAlkagg95ddqqHcpyYo1BN4r/h6t3AWyiD4yb2vKcYF45JgIJUS2Og3EXvgIr9W9oWG3O/RSVc+YAfxk9Pf2SA0jcGqg9k52U3WRIAoXWbr5/PqsHPBbsPVDiIbePyXgb82cTgJgQ7EcyIRrcGIJy3WfPaepJiwt6+XL0RSkHNF+UicnKw2qBy9i9G6VgUyitBEDgevz4LgkQGqOIQXn2e+12p5ErM59FgK8EI0UqU3FxONNMWBkazTtHPocLdvd/+zKhz7PpCsUn//QEdkQJvz7Pwo4UnwSp6whimu49IlhiQPqxm/mOlwxIpPJei4enzTJaoAfWBnZmuk9dHnTwctefoSx1icUnF2IiVw40iJeqrykHvFyojTiKSnnqVtUfpDO8dV2Nq4YqmNdzkLWM4zZU6+Ia6XMQ2JPke3SJpPTYQ7XR7spd2HiMh5Jy/ZKCyG8aBJly7edCSf5y0nm4LORf2Gul3vcD2wbPJLNpCZqzozSqn995jzDAgMZcXlVHGWRJ8YA46W93d2B02j0vb0UtkLazoVMs6mRauC129mhePzMoKV8QI9D4q9c06zj0bHIJ9OaHjT4KhYUKwiiLkwsya/cY7XbWYBqjDynPupT19BnNvnzxulRGZdW5twegUf6YLgxaqXuACXt50jaP4Po5c7unj1aXavvCWpBAwCp5X8JgsJeWljtoN9oV/hL1pL0+A/3KdBYQ7UGfXMJNSw06zL4pBOsYqG8mcJAc3fcz5bUHPIDBGodsfKGW6Sa6MDsL8gABzGMoApIt/Md8j4ObWRhS/9PbFlv6PrG4N82fe98DjlJohvQcGaesoUv5ZBKfapvsf11+l56Yks2riGtfPbJyLDUhcXaYKi65CC+0JCAEVvH8ORZ0naJWoAfHOXM0s+LCl50NQVHaMGJL4QqaOoCKWyL9CzifwSAnJYKqOf5p3w4CT0HA5Y+AN9yUtET0NyGnsMvDLjbwLtq4FJz5r0bTC1BbqiVcH+MtTyeQ7yW4r+j56q6Ap24xIYv2ynIeoyK88ZFUed/kEhdkFN+8zzL0MyMNA4VjlSmGXx3mGLGC7AN6h5Q7Z7Q5Jp6Xm5K3E4vQvHWNQErElwuLubZge57W6cagIMCTIQsHloBmFnIRTd7IrRYDijjKdoUUDmhr9BE+BZcSHBB7CInxJNiyXzFZtvv74k/X5r3IUbaB9vdTnQcBYhboAAbbnQysWH39JX1DfXtS2Q/UmiRnS6dlM9g5c8dhE/uyOl0+xTS1SCkDKxIPvdgWLiNo21EHvKGjhPbc8KWYJBARcRYoiKtk7uIlP,iv:mUkJJm7LZGsf5DIBOK1cdLSfjd02VVW6awDVfIw5TJA=,tag:JOexwcYAa4hOF9hpw38F8Q==,type:str]
+sops:
+    age:
+        - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkSUJOMDlTem5jNXVkRnIy
+            TlorQmQ0ajQyRnFYQXdueVhvNloyaFVabUFVCndDOHZDSGVyWUNQRkd5ekEwbDdz
+            S054ck9IbDh2UGRjVlVaV3N5dDVjTzgKLS0tIHNjaXgvL0R1MmY2cGt4NFZ5M2J5
+            dnVlaUtXRkJOYllweUpjRXpreUI0bjQKdeI5T4qxmRk3goiHMfxQPxYyfauY69ea
+            ipFJuEzDTg6XdQvpwmmBs9N+QM2diNUkuxTOd4RDN5/EAN0h3fEhZg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-06-03T04:36:31Z"
+    mac: ENC[AES256_GCM,data:6xa476vY7eVU0TKcvdG+IDnvdCm6YICb32Q/kFF0wiOvQlj3Qedwv/id/RlV038qe7TQQUgcvAD12ZWmFhJJs4dFN16TAKk7N3+h1ABXkvPmSBn6HIwPhVsbi3lYGJMi6KvqzNf9JTGKgO4IbZzZc1G5XL4BK0Y+gu+Myx81FP0=,iv:RuByQXwFxPbNiVYfStNPjvrL+8RJLu99AW4oMtIDtEM=,tag:fixE9HFLw0cNFQygd1NDlw==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2
diff --git a/hosts/caladan/default.nix b/hosts/caladan/default.nix
index f203d46..84fe060 100644
--- a/hosts/caladan/default.nix
+++ b/hosts/caladan/default.nix
@@ -77,32 +77,32 @@
   ];
 
   networking = {
-  #  defaultGateway = {
-  #    address = "192.168.1.1";
-  #    interface = "wlp15s0";
-  #  };
+    defaultGateway = {
+      address = "192.168.1.1";
+      interface = "wlp15s0";
+    };
     domain = "bitgnome.net";
     hostId = "8981d1e5";
     hostName = "caladan";
-  #  interfaces = {
-  #    wlp15s0 = {
-  #      ipv4.addresses = [
-  #        { address = "192.168.1.3"; prefixLength = 24; }
-  #      ];
-  #    };
-  #  };
-  #  nameservers = [ "192.168.1.1" ];
-  #  nftables.enable = true;
-  #  useDHCP = false;
-  #  wireless = {
-  #    enable = true;
-  #    networks = {
-  #      "Crystal Palace" = {
-  #        pskRaw = "ext:psk_crystal_palace";
-  #      };
-  #    };
-  #    secretsFile = "${config.sops.secrets."wpa_supplicant".path}";
-  #  };
+    interfaces = {
+      wlp15s0 = {
+        ipv4.addresses = [
+          { address = "192.168.1.3"; prefixLength = 24; }
+        ];
+      };
+    };
+    nameservers = [ "192.168.1.1" ];
+    nftables.enable = true;
+    useDHCP = false;
+    wireless = {
+      enable = true;
+      networks = {
+        "Crystal Palace" = {
+          pskRaw = "ext:psk_crystal_palace";
+        };
+      };
+      secretsFile = "${config.sops.secrets."wpa_supplicant".path}";
+    };
   };
 
   nixpkgs = {
@@ -123,28 +123,16 @@
   services.openssh.settings.X11Forwarding = true;
   services.xserver.videoDrivers = [ "amdgpu" ];
 
-  #sops = {
-  #  age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-  #  defaultSopsFile = ../secrets/arrakis.yaml;
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    defaultSopsFile = ../secrets/caladan.yaml;
 
-  #  secrets = {
-  #    "nftables/ssh" = {};
-  #    "nix-access-token-github" = {};
-  #    "ssh_config".path = "/root/.ssh/config";
-  #    "wireguard/arrakis_key" = {};
-  #    "wireguard/black-sheep_psk" = {};
-  #    "wireguard/fangorn_psk" = {};
-  #    "wireguard/ginaz_psk" = {};
-  #    "wireguard/homer_psk" = {};
-  #    "wireguard/lilnasx_psk" = {};
-  #    "wireguard/lolli_psk" = {};
-  #    "wireguard/ramped_psk" = {};
-  #    "wireguard/timetrad_psk" = {};
-  #    "wireguard/treebeard_psk" = {};
-  #    "wireguard/wg1_conf" = {};
-  #    "wpa_supplicant" = {};
-  #  };
-  #};
+    secrets = {
+      "nix-access-token-github" = {};
+      "ssh_config".path = "/root/.ssh/config";
+      "wpa_supplicant" = {};
+    };
+  };
 
   system.stateVersion = "23.11";
 }
diff --git a/hosts/secrets/caladan.yaml b/hosts/secrets/caladan.yaml
new file mode 100644
index 0000000..b806f0a
--- /dev/null
+++ b/hosts/secrets/caladan.yaml
@@ -0,0 +1,27 @@
+nix-access-token-github: ENC[AES256_GCM,data:9+Yal5PsrtrQmpEmYp48dUs8i6U+ZBl2fm3WMz0ElKbFm8HvWaANgpxNoVUChj/GejqRtmJVkUR11m75Gh/Y4RhRa40=,iv:xffltN4QMFPCIUdVBA+ZzZJwMV1aiR+ZalGEUM6zxb4=,tag:nmM4RpKfFonvGgOMVeT9rg==,type:str]
+ssh_config: ENC[AES256_GCM,data:qMDJjyV6RD8ABY1Rf5+4m+MAk6yfHk0zctr7eCJf/aSjZWWUZmGxl1BpwA6LTaCz+K0y7oWm1RGt9zUpmNEgWOI878a3qf///kdfi7ef4X11N1lZx3r3JhYYMnkbesfQumOdcYXJXS4jzPS3d5HcNZ4VtHazYnZFUWgxj6jFIGLEsJ00iWWf1tyFbAKYT1prDwRICtv9PptYv5siiFGtsEwXV3IQqzgnpU4aPCJfkZO3SUiAxzlne3ttz4rk9oIRBzG5kCxnTwHHBO3w2SU6DoBiBv16yThPrHLw0dIXKRWiF8pzGRvIRuJkmNJBfOFrqKnFlykfkyl4k9AB2lCZT6sft7PjyO8FPSzemW0hqTXM7l43VsnGh4lB6d507bHorXvb61cr/vUWbKeuJ8aX/xCB6xdrqWxBWwxQyQurHn9QgFGErIUQPkbdbOIzi4J4jHk8uEiJNGToRLdmm2qISaKe18M/me/VO7Wwih0pCJsh7l1vtYwGUYCiOJPJ7+8qJcSirLzi3wCh4K1JCXLESCVpfDtr+p9v7gXyYznEflSfTNNDtfRONXU8O1/xoC/aaPkY51cAjV/zbIkQM7SX,iv:R70efny9S1uXZ0NT/zMPmQyT5M6dYLGQF/G5bH4L7Oo=,tag:B0BrKfQR0uCHKRJRdrltUg==,type:str]
+wpa_supplicant: ENC[AES256_GCM,data:UtDgnfUMvMyDeYLhOTvLYRj6Wm7uX9rm6Iuxg5o=,iv:lidCvrXwm3gCg7eTCLtOyyooDF+9eZ3bYdmK7cx9NAM=,tag:VpLfKf5onTg087n5ZeuWqA==,type:str]
+sops:
+    age:
+        - recipient: age1rpjhlmc9sf3kcagg2fq4850vcxnvhmrrfggs30jckffjxxr89smsukj0f3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRWR2MUxlYmlXaFpsN2c4
+            dU51ajY0czg5QmtDOU40YnByV0VWbUpzb2xRCnUwK3Zra0NrWWRybC9TNmt3cVVD
+            ejhza3Mvay8zNUlPVUJjSkUxQzAzd00KLS0tIEtqNCsvKzR2eXNIVTRvRWZVT0g4
+            a3NMZC9xYlRlc2RxU1h6Q3VCUi80TkEKSCs6Y4l0McbmNmN1JX/B4xlk3kCpzUxH
+            vXCmtdm6ab6xYjPfRXvci9Z3Pxibi+s4hchiUi9EMRJk1YfXrOzbwg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwdVNLSkNXQUNpeXVMVkhY
+            RHlMOVlSb2xnOFJnUTYwTHg4aVlEb3VDRWdBCkIrSXZGZHdYUVhlTU40Z29ROUd0
+            ZVhCMzAwNVZ6UDVvOWU5RXYyaW9kVFUKLS0tIFZhcG90VzI1TnFEY0Q3ejB6SUJH
+            enMwY2xGMkRBNU1jenp5MWhBY1NmSkEKK8cpEKoyOQLEyA3TUqaRprTxbJH7lhur
+            E2V8leAbO4FLR7Qp3+9ymK1HIO/lcynktLlBHZtJLc+IrmyUguxqeA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-06-03T04:29:07Z"
+    mac: ENC[AES256_GCM,data:xR0AEzqixABtn31SLVLYCh86cqrEXyNRh6f7ATY1LzOtU4vF/ympcnSYDCAWFVwAS8KeeeHhb+ahClBE+KEI9lmjSmGNpZ5FWnKdo1issfKC9Xs83X2+kTHOiVlscpUF1aHI7qctKDsN/XHU6shT8SWZBeOc4jROfhkDXuR/6Wc=,iv:dSPtH8cDcbYwmWj41wufbcuyBp3uV7Ioly7roTT/ZGo=,tag:KIPSev+kZTG55c7YmeRtmw==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2