From 94012aa44c37310e2627801322f8ec78273a01b8 Mon Sep 17 00:00:00 2001
From: sora-ext <sora.ext@helcel.net>
Date: Mon, 11 May 2026 17:42:23 +0200
Subject: [PATCH] Update modules/shared/sops/default.nix

---
 modules/shared/sops/default.nix | 39 ++++++++++++---------------------
 1 file changed, 14 insertions(+), 25 deletions(-)

diff --git a/modules/shared/sops/default.nix b/modules/shared/sops/default.nix
index b30caf6..f19bada 100755
--- a/modules/shared/sops/default.nix
+++ b/modules/shared/sops/default.nix
@@ -1,28 +1,17 @@
 { config, lib, pkgs, ... }:
 let
-  isCI = builtins.elem config.syscfg.hostname [ "ci" "sandbox" ];
-  keyFilePath = (if isCI then
-    "/var/lib/sops-nix/mock-key.txt"
-  else
-    "/var/lib/sops-nix/age-key.txt");
-  sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml);
-in {
-  environment.systemPackages = with pkgs; [ sops ];
-  environment.sessionVariables.SOPS_AGE_KEY_FILE = keyFilePath;
-
-  sops.defaultSopsFile = sopsFilePath;
-  sops.age.keyFile = keyFilePath;
-  sops.age.generateKey = true;
-
-  sops.secrets = lib.mkMerge [
-  {
-    wifi = { };
-    "${config.syscfg.hostname}_ssh_priv" = {
-      mode = "0400";
-      owner = config.users.users.${config.syscfg.defaultUser}.name;
-      group = config.users.users.${config.syscfg.defaultUser}.group;
-    };
-    "${config.syscfg.hostname}_wg_priv" = { };
-  }
-];
+  listNames = config.syscfg.server.db;
+  containerNames = lib.mapAttrsToList (name: cfg: name) 
+    (lib.filterAttrs (name: cfg: ((cfg.db or false) || (cfg.sops or false))) config.syscfg.server.containers);
+  allApps = lib.unique (listNames ++ containerNames);
+in{
+    sops.secrets = {
+      CUSTOM = { 
+        mode = "0444";
+        sopsFile = ./server.yaml; 
+      };
+    } // (lib.genAttrs (map (name: lib.toUpper name) allApps) (name: {
+      mode = "0444";
+      sopsFile = ./server.yaml;
+    }));
 }