From 06467e4d877b77c488847a3ed15ab9895722a35e Mon Sep 17 00:00:00 2001
From: Superredstone <patrickcanal3@gmail.com>
Date: Fri, 13 Mar 2026 09:17:14 +0100
Subject: [PATCH] feat(secret): add bomba specific secrets

---
 .sops.yaml                 | 12 ++++++++----
 machines/bomba/default.nix |  1 +
 machines/bomba/secrets.nix |  6 ++++++
 secrets/bomba.sops.yaml    | 16 ++++++++++++++++
 4 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 machines/bomba/secrets.nix
 create mode 100644 secrets/bomba.sops.yaml

diff --git a/.sops.yaml b/.sops.yaml
index 3ecab51..ad0aeb5 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,8 +2,12 @@ keys:
   - &katana age18ujjw92tm6vpcpgqqky7dzg3yvzm9nytgzeptkfhtz5jhdskcdpsgmv0vs
   - &bomba age1ynu6zhhy84rr5xqce0flp25x5tnfgskesxfe39u7ewsk900fvagq9sq0lx
 creation_rules:
-  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+  - path_regex: secrets/default.sops.yaml
     key_groups:
-    - age:
-      - *katana
-      - *bomba
+      - age:
+        - *katana
+        - *bomba
+  - path_regex: secrets/bomba.sops.yaml
+    key_groups:
+      - age:
+        - *bomba
diff --git a/machines/bomba/default.nix b/machines/bomba/default.nix
index 55a20a9..ee3e196 100644
--- a/machines/bomba/default.nix
+++ b/machines/bomba/default.nix
@@ -4,6 +4,7 @@
     ./configuration.nix
     ./hardware.nix
     ./networking.nix
+    ./secrets.nix
     ./services
     ./virtualisation.nix
   ];
diff --git a/machines/bomba/secrets.nix b/machines/bomba/secrets.nix
new file mode 100644
index 0000000..796e418
--- /dev/null
+++ b/machines/bomba/secrets.nix
@@ -0,0 +1,6 @@
+{ ... }:
+{
+  sops.secrets = {
+    nextcloud_password.sopsFile = ../../secrets/bomba.sops.yaml;
+  };
+}
diff --git a/secrets/bomba.sops.yaml b/secrets/bomba.sops.yaml
new file mode 100644
index 0000000..de601d2
--- /dev/null
+++ b/secrets/bomba.sops.yaml
@@ -0,0 +1,16 @@
+nextcloud_password: ENC[AES256_GCM,data:lMavQvl4grki9c5AgaKE8Q==,iv:jJ0/Wka5/2TBD4C739HBeiVzxujWC4WL6FDLqov6FVA=,tag:1skCLwSr6VSzZWthtzaxwg==,type:str]
+sops:
+    age:
+        - recipient: age1ynu6zhhy84rr5xqce0flp25x5tnfgskesxfe39u7ewsk900fvagq9sq0lx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOC9xeExzN2VzT2NmZS9I
+            TEVxamNYOWZDWUJvYnpjL2JpMHJRbTlOV1Y4CmFGaXhEd0pRWU1tRTBMdDVPU2Fr
+            RVRrNkpCa3VNUWd0dzFDR004M005d1kKLS0tIDUxSUYzTkJLK3Y0dVNkVGNqTmxT
+            YjVvSDV1TGExYUJGUk00MTF4bXNFVTQKG/GueSmnuA23L42X6AvAWZgBbJuCGLw1
+            ZQ17gIIOjhKHlGx8Lo5t/PekzFyQKCKdijS7caq74dVib1vO3tk+uQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-03-13T07:59:07Z"
+    mac: ENC[AES256_GCM,data:xJWtKkpQuAPXcToLfWuEshInHIBG59uKoQAh3+SmKu/UAkvMDNywMZbBhrxn/cF/xo8TKkaPxd4luXsdw+Z0YvVezn43jKNyXsIrUNtd5hMlE4hbAuAf/ifb3t2AVg1s/R6GZWMZvc0rmSePTWyowHgceaxTqHPr6vvHEVHt0oM=,iv:UXYUS/sn1+TcUOAWAQC1y+TtDIayNez6ssYh+Qt5AmI=,tag:YgWujpGrzwtjnEsLoKm3ig==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.12.1