sops: first secret integration (nix-settings)

.sops.yaml

@@ -6,7 +6,12 @@ keys:
   - &machine_framenix age1kx93vp8l8jd6kz0kvk379udr5z8a9t6946w0ff5t9a2esn47nqzqlfzvwe
 creation_rules:
   # per-host secrets for host specific ones, but for service modules we could store and manage them also per module scope
-  - path_regex: hosts/framenix/secrets/[^/]+\.(yaml|json|env|ini)$
+  - path_regex: hosts/framenix/secrets\.(yaml|json|env|ini)$
+    key_groups:
+      - age:
+        - *admins
+        - *machine_framenix
+  - path_regex: common/secrets\.(yaml|json|env|ini)$
     key_groups:
       - age:
         - *admins