✨ [shared] Sops nix for user passwords

shared/modules/security/default.nix

@@ -1,5 +1,6 @@
 {
   imports = [
+    ./sops.nix
     ./yubikey.nix
   ];
 

shared/modules/security/sops.nix

@@ -0,0 +1,20 @@
+{
+  inputs,
+  lib,
+  systemConfig,
+  ...
+}:
+
+{
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+    defaultSopsFile = lib.custom.relativeToRoot "shared/secrets/secrets.yaml";
+    defaultSopsFormat = "yaml";
+
+    age.keyFile = "/home/${systemConfig.user.name}/.config/sops/age/keys.txt";
+    secrets.password.neededForUsers = true;
+  };
+}