sops: 配置多机器标准密钥流程

hosts/oparic-local-dev/configuration.nix

@@ -4,9 +4,9 @@
   imports =
     [
       ./hardware-configuration.nix
-      inputs.sops-nix.nixosModules.sops
       ../modules/nix-cache.nix
       ../modules/users/origami.nix
+      ../modules/sops.nix
     ];
 
   # BIOS + GRUB, 安装到 MBR
@@ -83,11 +83,11 @@
   users.users.origami.extraGroups = [ "wheel" ];
   security.sudo.wheelNeedsPassword = false;
 
-  sops.defaultSopsFile = ../../secrets/ssh-private.yaml;
-  sops.defaultSopsFormat = "yaml";
-  sops.age.keyFile = "/home/origami/.config/sops/age/keys.txt";
-
   services.openssh.enable = true;
 
+  # 密钥管理: 这是对外机器
+  sops.defaultSopsFile = ../../secrets/hosts/oparic-local-dev.yaml;
+  sops.age.keyFile = "/var/lib/sops/age/keys.txt";
+
   system.stateVersion = "23.11";
 }