From 62c440f78a092b434e7325a8236e2fbb5d9b801c Mon Sep 17 00:00:00 2001
From: Jermeiah S <owner@arouzing.xyz>
Date: Thu, 19 Jun 2025 15:06:00 -0400
Subject: [PATCH] fix: isolate secret

---
 configurations/nixos/tofu/default.nix | 8 ++++++++
 modules/nixos/common/sops.nix         | 8 +-------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/configurations/nixos/tofu/default.nix b/configurations/nixos/tofu/default.nix
index d915261..74ecfbd 100644
--- a/configurations/nixos/tofu/default.nix
+++ b/configurations/nixos/tofu/default.nix
@@ -16,6 +16,14 @@ in
     self.nixosModules.default
     "${modulesPath}/virtualisation/lxc-container.nix"
   ];
+  sops.secrets = {
+    otfenv = {
+      owner = "otf";
+      group = "otf";
+      mode = "0550";
+    };
+  };
+
   services = {
     tty-ips.enable = true;
     otf = {
diff --git a/modules/nixos/common/sops.nix b/modules/nixos/common/sops.nix
index b63d766..b55e309 100644
--- a/modules/nixos/common/sops.nix
+++ b/modules/nixos/common/sops.nix
@@ -11,12 +11,6 @@
   ];
   sops = {
     defaultSopsFile = ../../../secrets.yaml;
-    secrets = {
-      otfenv = {
-        owner = "otf";
-        group = "otf";
-        mode = "0550";
-      };
-    };
+
   };
 }