start refactoring shared code into modules, update the lock, do some other minor fixes

modules/nixos/sops/default.nix

@@ -0,0 +1,44 @@
+{ lib, config, ...}:
+let cfg = config.sopsSetup; in {
+  options = {
+    sopsSetup.enable = lib.mkEnableOption "Enable Module";
+    global.desktop= lib.mkOption {
+            type = lib.types.bool;
+            default = false;
+            description = "Whether or not to install shared desktop secrets.";
+          };
+  };
+
+  config = lib.mkIf cfg.enable {
+    sops = {
+    age.keyFile = "/var/secrets/keys.txt";
+    secrets."lillian-password".neededForUsers = true;
+
+    defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
+
+    secrets."wg-private-key".mode = "0440";
+    secrets."wg-private-key".owner = config.users.users.root.name;
+
+    secrets."ssh-private-key" = {
+      mode = "0600";
+      owner = config.users.users.lillian.name;
+      path = "/home/lillian/.ssh/id_ed25519";
+    };
+  };
+  secrets."nextcloud-password" = lib.mkIf (cfg.desktop == true) {
+      mode = "0600";
+      owner = config.users.users.lillian.name;
+      path = "/home/lillian/.netrc";
+    };
+    secrets."prod.keys" = lib.mkIf (cfg.desktop == true) {
+      mode = "0600";
+      owner = config.users.users.lillian.name;
+      path = "/home/lillian/.config/Ryujinx/system/prod.keys";
+    };
+    secrets."title.keys" = lib.mkIf (cfg.desktop == true) {
+      mode = "0600";
+      owner = config.users.users.lillian.name;
+      path = "/home/lillian/.config/Ryujinx/system/title.keys";
+    };
+  };
+}