Further adaption on sops

.sops.yaml

@@ -1,2 +1,7 @@
 keys:
-  - &stefan_ellmauthaler 3B39 8B08 6C41 0264 A14F  B353 B1E6 F030 30A4 AEAA
+  - &stefan_ellmauthaler 3B39 8B08 6C41 0264 A14F  3B53 B1E6 F030 30A4 AEAA
+creation_rules:
+  - path_regex: secrets/[^/]+\.yaml$
+    key_groups:
+      - pgp:
+          - *stefan_ellmauthaler

flake.nix

@@ -7,7 +7,7 @@
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
 
     #nix = {
-      #      url = "github:NixOS/nix?ref=latest-release";
+    #      url = "github:NixOS/nix?ref=latest-release";
     #  url = "github:NixOS/nix";
     #  inputs.nixpkgs.follows = "nixpkgs";
     #};
@@ -97,9 +97,7 @@
           inputs.home-manager.nixosModules.home-manager
           inputs.sops-nix.nixosModules.sops
           inputs.dwarffs.nixosModules.dwarffs
-        ] ++ (map (name: ./modules + "/${name}") (moduleNames ./modules)) ++ [
-          ./secrets
-        ];
+        ] ++ (map (name: ./modules + "/${name}") (moduleNames ./modules));
         specialArgs = {
           nixos-hardware = inputs.nixos-hardware.nixosModules;
           inherit inputs;

modules/secrets.nix

@@ -8,8 +8,10 @@ with lib; {
     in
     mkIf cfg.enable {
       sops = {
-        defaultSopsFile = ./secrets.yaml;
-
+        defaultSopsFile = ../secrets/secrets.yaml;
+        age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+        age.keyFile = "/var/lib/sops-nix/key.txt";
+        age.generateKey = true;
       };
     };
 }

modules/ssh.nix

@@ -10,7 +10,7 @@ with lib; {
         services.openssh = {
           enable = true;
           passwordAuthentication = false;
-          permitRootLogin = false;
+          permitRootLogin = "no";
         };
       };
 }