Prep for reinstall

Bits that require SOPS to be working have been pulled out into other
files. Once the install is complete, these will be included in the base
config.

modules/hosts/nixos/hetznix01/sops.nix

@@ -0,0 +1,20 @@
+{ username, ... }: {
+  sops = {
+    age.keyFile = /home/${username}/.config/sops/age/keys.txt;
+    defaultSopsFile = ./secrets.yaml;
+    secrets = {
+      local_git_config = {
+        owner = "${username}";
+        path = "/home/${username}/.gitconfig-local";
+      };
+      local_private_env = {
+        owner = "${username}";
+        path = "/home/${username}/.private-env";
+      };
+      tailscale_key = {
+        restartUnits = [ "tailscaled-autoconnect.service" ];
+      };
+    };
+  };
+}
+