arrayofone · arrayofone · Sep 7, 2025 · Jan 14, 2026 · Jan 15, 2026 · Jan 15, 2026
diff --git a/.sops.yaml b/.sops.yaml
@@ -1,11 +1,32 @@
 keys:
-  - &baradur age1fe2alznmwldqrnlx09n4e7hfc3kflm2h9lmgem54kcadze5kp53qjuyrqy
   - &arrayofone age19r87m08mt03zg8ustzlx733s4m4wph6vvkd0qxlequfje5k0mawsy68vp2
-  - &db age1smv5elusy6hpywadnyfvcf0gph8yqpjyeqcf7spvfgrghd3u55qq6lc9aw
+  - &baradur age1fe2alznmwldqrnlx09n4e7hfc3kflm2h9lmgem54kcadze5kp53qjuyrqy
+  - &db age19r87m08mt03zg8ustzlx733s4m4wph6vvkd0qxlequfje5k0mawsy68vp2
+  - &dbook age126t4jjumls89dfl83cx3lvukhwad5nte38zeq5uue4m39ex9kfeqtw4r2v
+  - &mingabook age14ejy4tppggtacyzxfhtnagqhtr60zyf6l6euh5vxlf8uh9vcef3s2clada
+  - &darrenbangsund age1fyndjw4ucc39hh2kyuxth2pyevl2h5zh9lmfq7v9h8neq9csnc9qrcm4zq
 creation_rules:
-  - path_regex: secrets/fellowship.yaml$
+  - path_regex: secrets/arrayofone.yaml$
     key_groups:
       - age:
-          - *baradur
           - *arrayofone
+  - path_regex: secrets/baradur.yaml$
+    key_groups:
+      - age:
+          - *baradur
+  - path_regex: secrets/db.yaml$
+    key_groups:
+      - age:
           - *db
+  - path_regex: secrets/dbook.yaml$
+    key_groups:
+      - age:
+          - *dbook
+  - path_regex: secrets/mingabook.yaml$
+    key_groups:
+      - age:
+          - *mingabook
+  - path_regex: secrets/darrenbangsund.yaml$
+    key_groups:
+      - age:
+          - *darrenbangsund
diff --git a/Taskfile.yml b/Taskfile.yml
@@ -47,11 +47,11 @@ tasks:
     cmds:
       - sudo nixos-rebuild dry-run --flake {{.FLAKE_DIR}}#{{.NIXOS_HOST}}
 
-  vm:nixos:
-    desc: "Build and run NixOS configuration in VM"
-    cmds:
-      - sudo nixos-rebuild build-vm --flake {{.FLAKE_DIR}}#{{.NIXOS_HOST}}
-      - echo "VM built! Run: ./result/bin/run-{{.NIXOS_HOST}}-vm"
+  # vm:nixos:
+  #   desc: "Build and run NixOS configuration in VM"
+  #   cmds:
+  #     - sudo nixos-rebuild build-vm --flake {{.FLAKE_DIR}}#{{.NIXOS_HOST}}
+  #     - echo "VM built! Run: ./result/bin/run-{{.NIXOS_HOST}}-vm"
 
   # =============================================================================
   # HOME MANAGER OPERATIONS
@@ -154,28 +154,40 @@ tasks:
   # SECRETS MANAGEMENT
   # =============================================================================
 
-  secrets:edit:
-    desc: "Edit secrets file with SOPS"
+  secrets:init:
+    desc: "Initialize secrets keys and files for the current host and user"
+    cmds:
+      - scripts/init-secrets.sh
+
+  secrets:edit:system:
+    desc: "Edit system secrets (secrets/$(hostname).yaml)"
+    cmds:
+      - scripts/manage-secrets.sh edit system
+
+  secrets:edit:user:
+    desc: "Edit user secrets (secrets/$(whoami).yaml)"
+    cmds:
+      - scripts/manage-secrets.sh edit user
+
+  secrets:encrypt:system:
+    desc: "Re-encrypt system secrets"
     cmds:
-      - sops {{.FLAKE_DIR}}/secrets/fellowship.yaml
+      - scripts/manage-secrets.sh encrypt system
 
-  secrets:decrypt:
-    desc: "Decrypt and show secrets"
+  secrets:encrypt:user:
+    desc: "Re-encrypt user secrets"
     cmds:
-      - sops -d {{.FLAKE_DIR}}/secrets/fellowship.yaml
+      - scripts/manage-secrets.sh encrypt user
 
-  secrets:encrypt:
-    desc: "Re-encrypt secrets with current keys"
+  secrets:decrypt:system:
+    desc: "Decrypt and show system secrets"
     cmds:
-      - sops updatekeys {{.FLAKE_DIR}}/secrets/fellowship.yaml
+      - scripts/manage-secrets.sh decrypt system
 
-  age:keygen:
-    desc: "Generate new age key"
+  secrets:decrypt:user:
+    desc: "Decrypt and show user secrets"
     cmds:
-      - mkdir -p ~/.config/age
-      - age-keygen -o ~/.config/age/keys.txt
-      - echo "Public key:"
-      - age-keygen -y ~/.config/age/keys.txt
+      - scripts/manage-secrets.sh decrypt user
 
   # =============================================================================
   # MAINTENANCE & CLEANUP