plasma

homes/aarch64-linux/matt@pi5/default.nix

@@ -11,10 +11,9 @@ in
 
   home.username = "matt";
 
+  ${namespace}.sops.enable = true;
+
   sops = {
-    age.keyFile = "/home/matt/.config/sops/age/keys.txt";
-    defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
-    validateSopsFiles = false;
     secrets = {
       "ssh-keys-public/pi5" = {
         path = "/home/matt/.ssh/id_ed25519.pub";

homes/x86_64-linux/admin@jallen-nas/default.nix

@@ -9,9 +9,11 @@ let
   inherit (lib.${namespace}) enabled;
 in
 {
-  # steam-rom-manager HM module is needed for the steam-rom-manager program
-  # options.  On NixOS hosts it's provided via sharedModules; here we add it
-  # explicitly so the standalone homeConfiguration build also includes it.
+  # steam-rom-manager is also injected globally via modules/nixos/home/default.nix
+  # sharedModules for x86_64 NixOS builds.  This explicit import ensures it is
+  # also available for standalone `home-manager switch` runs (where sharedModules
+  # are not applied).  NixOS's module system deduplicates the import when both
+  # paths resolve to the same derivation.
   imports = [
     inputs.steam-rom-manager.homeManagerModules.default
   ];
@@ -35,40 +37,36 @@ in
   ${namespace} = {
     sops.enable = true;
     programs.opencode = enabled;
+    desktop.plasma = enabled;
   };
 
-  sops = {
-    age.keyFile = "/home/admin/.config/sops/age/keys.txt";
-    defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
-    validateSopsFiles = false;
-    secrets = {
-      "ssh-keys-public/jallen-nas" = {
-        path = "/home/admin/.ssh/id_ed25519.pub";
-        mode = "0644";
-      };
-      "ssh-keys-private/jallen-nas" = {
-        path = "/home/admin/.ssh/id_ed25519";
-        mode = "0600";
-      };
-      "ssh-keys-public/desktop-nixos" = {
-        path = "/home/admin/.ssh/authorized_keys";
-        mode = "0600";
-      };
+  sops.secrets = {
+    "ssh-keys-public/jallen-nas" = {
+      path = "/home/admin/.ssh/id_ed25519.pub";
+      mode = "0644";
+    };
+    "ssh-keys-private/jallen-nas" = {
+      path = "/home/admin/.ssh/id_ed25519";
+      mode = "0600";
+    };
+    "ssh-keys-public/desktop-nixos" = {
+      path = "/home/admin/.ssh/authorized_keys";
+      mode = "0600";
+    };
 
-      "ssh-keys-public/desktop-nixos-root" = {
-        path = "/home/admin/.ssh/authorized_keys2";
-        mode = "0600";
-      };
+    "ssh-keys-public/desktop-nixos-root" = {
+      path = "/home/admin/.ssh/authorized_keys2";
+      mode = "0600";
+    };
 
-      "ssh-keys-public/desktop-windows" = {
-        path = "/home/admin/.ssh/authorized_keys3";
-        mode = "0600";
-      };
+    "ssh-keys-public/desktop-windows" = {
+      path = "/home/admin/.ssh/authorized_keys3";
+      mode = "0600";
+    };
 
-      "ssh-keys-public/macbook-macos" = {
-        path = "/home/admin/.ssh/authorized_keys4";
-        mode = "0600";
-      };
+    "ssh-keys-public/macbook-macos" = {
+      path = "/home/admin/.ssh/authorized_keys4";
+      mode = "0600";
     };
   };
 

homes/x86_64-linux/matt@allyx/default.nix

@@ -10,21 +10,19 @@ in
 {
   home.username = "matt";
 
-  ${namespace}.desktop.gnome = enabled;
+  ${namespace} = {
+    desktop.gnome = enabled;
+    sops.enable = true;
+  };
 
-  sops = {
-    age.keyFile = "/home/matt/.config/sops/age/keys.txt";
-    defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
-    validateSopsFiles = false;
-    secrets = {
-      "ssh-keys-public/matt" = {
-        path = "/home/matt/.ssh/id_ed25519.pub";
-        mode = "0644";
-      };
-      "ssh-keys-private/matt" = {
-        path = "/home/matt/.ssh/id_ed25519";
-        mode = "0600";
-      };
+  sops.secrets = {
+    "ssh-keys-public/matt" = {
+      path = "/home/matt/.ssh/id_ed25519.pub";
+      mode = "0644";
+    };
+    "ssh-keys-private/matt" = {
+      path = "/home/matt/.ssh/id_ed25519";
+      mode = "0600";
     };
   };