From 731abd1d6f3b13d530908cc86997a9846a12e943 Mon Sep 17 00:00:00 2001
From: Tibo De Peuter <tibo.depeuter@ugent.be>
Date: Tue, 17 Mar 2026 19:40:59 +0100
Subject: [PATCH] feat(security): implement metadata redaction and sops-nix
 migration

Migrated authorized SSH keys and personal metadata (emails, tokens) to sops-nix to prevent infrastructure fingerprinting. Introduced centralized secrets module with placeholder fallbacks.
---
 flake.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/flake.nix b/flake.nix
index 5594599..b6ed513 100644
--- a/flake.nix
+++ b/flake.nix
@@ -35,6 +35,10 @@
         ./modules
         ./users
         sops-nix.nixosModules.sops
+        ({ self, ... }: {
+          sops.defaultSopsFile = "${self}/secrets/secrets.yaml";
+          sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+        })
       ];
 
       hosts = {