other decrypt yaml file thing

.sops.yaml

@@ -22,6 +22,7 @@ keys:
   - &host_lupine-5 age199zkqq4jp4yc3d0hx2q0ksxdtp42xhmjsqwyngh8tswuck34ke3smrfyqu
   - &host_skrott age1lpkju2e053aaddpgsr4ef83epclf4c9tp4m98d35ft2fswr8p4tq2ua0mf
   - &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8
+  - &host_skrot age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr
 
 creation_rules:
   # Global secrets
@@ -147,3 +148,15 @@ creation_rules:
       - *user_vegardbm
       pgp:
       - *user_oysteikt
+  - path_regex: secrets/skrot/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *host_skrot
+      - *user_danio
+      - *user_felixalb
+      - *user_pederbs_sopp
+      - *user_pederbs_nord
+      - *user_pederbs_bjarte
+      - *user_vegardbm
+      pgp:
+      - *user_oysteikt

flake.nix

@@ -187,7 +187,9 @@
       skrot = stableNixosConfig "skrot" {
         modules = [
           inputs.disko.nixosModules.disko
+          inputs.dibbler.nixosModules.default
         ];
+        overlays = [inputs.dibbler.overlays.default];
       };
       shark = stableNixosConfig "shark" { };
       wenche = stableNixosConfig "wenche" { };

hosts/skrot/configuration.nix

@@ -1,7 +1,9 @@
 {
   fp,
   lib,
+  config,
   values,
+  pkgs,
   ...
 }:
 
@@ -13,6 +15,8 @@
     (fp /base)
   ];
 
+  sops.defaultSopsFile = fp /secrets/skrot/skrot.yaml;
+
   systemd.network.networks."enp2s0" = values.defaultNetworkConfig // {
     matchConfig.Name = "enp2s0";
     address = with values.hosts.skrot; [
@@ -21,5 +25,32 @@
     ];
   };
 
-  system.stateVersion = "26.05"; # Did you read the comment?
+  sops.secrets = {
+    "dibbler/postgresql/password" = {
+      owner = "dibbler";
+      group = "dibbler";
+    };
+  };
+
+  services.dibbler = {
+    enable = true;
+    kioskMode = false;
+    limitScreenWidth = 80;
+    limitScreenHeight = 42;
+
+    settings = {
+      general.quit_allowed = false;
+      database = {
+        type = "postgresql";
+        postgresql = {
+          username = "pvv_vv";
+          dbname = "pvv_vv";
+          host = "postgres.pvv.ntnu.no";
+          password = config.sops.secrets."dibbler/postgresql/password".path;
+        };
+      };
+    };
+  };
+
+  system.stateVersion = "25.11"; # Did you read the comment? Nah bro
 }

secrets/skrot/skrot.yaml

@@ -0,0 +1,93 @@
+dibbler:
+    postgresql:
+        password: ENC[AES256_GCM,data:3X9A3jOpFVRuBg0gRiCEsZVKfLI=,iv:XC7LBNUhALk9IEhItV8fO5p/m7VKL0REBY1W2IZt7G4=,tag:l18R7EhbOlucZHFQiEvpHw==,type:str]
+sops:
+    age:
+        - recipient: age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTk5YU3Z2Yy9HS1R4ME5I
+            UU1PRWVncHJYcXY5RlFpOWVQUWZsdy93ZDFBCnlxWkpaL1g5WmNSckNYd202WE40
+            RkwwSEM1YUNNZmozejlrdW8yY1JiekkKLS0tIHVWY0JKZm9CNWhzVGl4cG82UXZs
+            ZnllQzJiK1ZkRmFndmtYdW9IclFWY1EK82f1iGt3nt8dJnEQlMujNqConf6Qq6GX
+            hqoqPoc2EM4kun28Bbpq4pAY7eEPRrWFqOkjYVvgIRoS88D7xT3LWg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WTJIOUcxRlBuNmRrNUZo
+            MXFxeVJBTEhDK00yTUw1U2dHckNFYWZKWkhNCnYxYmtrUEVvd1RaYUI5WTRTRW16
+            S2NhbDdpdDZhSkVWeUhjZDhKd3ZpTmcKLS0tIFovWm5lOXBzcnN3Zm5GQlBhNmlp
+            eTB4WldMNW9GNUwwaEUzRThsemxRVzQKGpa0J2PBzDRdHijm0e3nFAaxQCHUjz+L
+            KataXJEMCijJ6k+7vpb5QMxe2jB1J2PMxNGFp0bWAy2Al3p/Ez2Kww==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZaW1ZSXhVeFVTQW9WYzVh
+            WkVUM2JkOU5VNU9oQXE2Y2pvcFlOWTdvbnpJClduS0RHL2xja291a2doQ0wzbzhQ
+            NmJOSGVvQUdxM3IvaS8zRW1VbVhvYmsKLS0tIHoyOUdvT0xXWXo3SWcyQ1lqTmJS
+            ZUdnS2RvOXI1dGNYQTl6ZHE1cUdMWHMK4ycAJQLyKCgJIzjQ02bPjz4Ct9eO6ivw
+            kfWhyMaoWwM9PhFcwSak0cLpX0C/IOzSzO78pf3WhG16pV7aXapdog==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqaml0OVlhcUJSU1hSY3lP
+            bkM0cUV4Z2ZLeERHZ3BUNExuYS9KSU5CekQ4CmQ3SE1vdDBtdFJ6czZYR3U5Tk1X
+            SFJmTVlERjBzV0hFalFLMmVLQzNNdXMKLS0tIDdJLzZveFdnYTI0azk1UXJZLzZF
+            Sy9XbjhwOFR6SFpaNHZLd3ZxdmxOVUEKBBbGmdVVlKHxO+/iODznLP3+dJGppybW
+            +1k9uenVHzie+pDKcrQpSyX2WDnmgg7hUAUiXPuz1eEWmwbRJnU/5w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXK01vOVV5YlhsZ2ljYS91
+            OUVEaEpTbXFKOHVNVDVoMTlrS05wRmsyM2dvCjZHOXlCUGowd0J4UlQzSzM5dWJ0
+            eU50SHdtZ2ZyUE1JVHdvODFxWDYvRWsKLS0tIDhlRVQ0Mm5Ua0J2aExqMzRyUGlP
+            RUR6Yi9SUDFCUkZmRk5hYTVFeGloZXcKY/XtaSoW8Pu2wS4oistLSc0T5JvMnt+w
+            s3yfe/zx9/1K6OtbeljF9FZVOB/dOamvk+Qlfl0T5qush7/WgGzErA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOM0pFb2tRTURtWmp6elRN
+            M0xtajlzMTNPMnppcGhJMVlsNHdwWmNGbFVFCnlxM1JQTkR2elAvdytKUEJ3djBS
+            UnlhL0tLLzY3Z05RU3phNDZIOGtTMFEKLS0tIEpOZDUxU1JQVXJTbmVFQlVkOUcy
+            eWlyWGhaS1JCNitUSVVScFk2WGEvOG8K2rpYPGx5jhyyRK4UkeJR96wDFr4Frzsr
+            QWz7fYZRWKWf0H0qn+bm9IfVJiBAlS5i16D1FnipZVmdWefFaZSEPg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVFV0WVZrK0wzbnhkcmcz
+            c2lIdVlKcFpoYjZIWlNPN0M5N2g2WG9YdlRJCjg5YlNoSzQ5YW5yRUVSeTEzRThY
+            WklKQzlzRXdrUUlFNzF4M1BFZCtPT28KLS0tIDlUOTVIQVZJNFJwTnQxN0Z1ZlQx
+            MmxPMWNPYzJiOFRqY2VYczhvRm5IR3cKpUVV+zsMolsHI2YK9YqC6ecNT6QXv0TV
+            d1SpXRAexZBeWCCHBjSdvQBl8AT4EwrAIP2M2o++6i5DaGoGiEIWZQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-02-10T20:02:28Z"
+    mac: ENC[AES256_GCM,data:i8CjVxoD7zdkLNJlI9DCo/tDV5DUI7JdpozLtYZzI7Cu51GayaE2Y3Wg4de6P0L7C3FER04WfRe/h+G9PLZICX/CfSipQysyrEq3Pjt9IKsjytDhP9VYJ36QFGF0PuHUQAMSLts/tAoAvLue6MP+V82l5js9ghvyBrzyBGxoyJw=,iv:QFNxvCYxrSkwy7iT+2BEacNPftDXju1cibprVPDjic0=,tag:496E+oCy/VwTylyaWhQD+A==,type:str]
+    pgp:
+        - created_at: "2026-02-10T20:01:32Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA0av/duuklWYARAAnSjSeI8BybEl1PwNt3KTGcUjpCI+XZPWgNWuvjIymVBv
+            ZgNESNktJB4loNvd/+TIADE7TqGFQK9ev6IPRoDHHkSMdmJ9Bc/lu2HPO+rJa1yD
+            vLXbjf8vRa+GkBDV8DTrPPFvSrHY+jv9vQIzY3nQPKMlyV58E85N262q/2gJUfm9
+            cy/dYE2BUWMQC1DfiGbBRC4xGHhp94XccOMBkIpchP+BL90ZVpocnxeSrSjBsSLE
+            wuhMQPRQSI4PFm8ZYajf6tF001HDa5zaqF1lqkTxtxypDDUr8BVb9n/ObaD8omDI
+            QHQUiPmVgpDs7w2Ph5UgJxK1c+dOcG+mXsl1CHOLldA29sNzDBuh94PKfRl1B3cY
+            KPoPIqntdn59zzRDbuVJxWeJal7Ffynwsrx4h7w7muIR/FYeaFphsokE5Q6gqwTO
+            ZqWY2tuQ0CFRtMl7HB7ZVdSsKv6D5DlesXPXdrhQBKRrNylBpSBmcZH8KRAuHGNj
+            4GFZRN++GFuq54d7wB689kn+F7+pbNom7CDILXiCrz8+9DjFw0maDRoas8OaUyW6
+            kfyJe/YnK94EyCPitkJWYc9uvA2t9y25Rm9uUSvh7WnTFAEK9mJLOal4VgHbqCtg
+            zSGbdw79U4H0Umbi5eSCvEYNtv7eBzKaS/t6irfDRr1WajNhThcd1wmnvjZYxl3S
+            XgHOucYvQvxXjqG0B0Qbd12ucYthPO1+gozEzWxJx2wtiL3gClPYOaiteRlO/XQA
+            WTG6A36X3IxB6qW8lEx12geyjHxFYb82BjyrBnnlj+YcViIBpPQqd8Dz6sl4Rls=
+            =tCoI
+            -----END PGP MESSAGE-----
+          fp: F7D37890228A907440E1FD4846B9228E814A2AAC
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0