feat(secrets): add encrypted fonts

flake.nix

@@ -107,6 +107,7 @@
                 nixpkgs.config.allowUnfree = true;
                 home-manager = {
                   useGlobalPkgs = true;
+                  backupFileExtension = "backup";
                   users.winston.imports = [
                     ./home.nix
                     {

modules/sops.nix

@@ -1,9 +1,37 @@
-{config, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: let
+  inherit (pkgs.stdenv.hostPlatform) isLinux isDarwin;
+
+  # TODO: make this accept more than just otf
+  fontMapping = fontname: {
+    path =
+      if isLinux
+      then "${config.xdg.dataHome}/fonts/${fontname}.otf"
+      else if isDarwin
+      then "${config.home.homeDirectory}/Library/Fonts/${fontname}.otf"
+      else throw "Unsupported platform";
+    format = "binary";
+    sopsFile = ../home/fonts/${fontname}.json;
+  };
+in {
   sops = {
     gnupg.home = "${config.xdg.configHome}/gnupg";
     defaultSopsFile = ../secrets.yaml;
-    secrets."kubernetes-work-prod" = {
+    secrets = {
-      path = "${config.xdg.configHome}/kube/work-prod";
+      "kubernetes-work-prod".path = "${config.xdg.configHome}/kube/work-prod";
+      "berkeley_regular" = fontMapping "berkeley_regular";
+      "berkeley_italic" = fontMapping "berkeley_italic";
+      "berkeley_bold" = fontMapping "berkeley_bold";
+      "berkeley_bold_italic" = fontMapping "berkeley_bold_italic";
+      "comic_code_regular" = fontMapping "comic_code_regular";
+      "comic_code_italic" = fontMapping "comic_code_italic";
+      "comic_code_medium" = fontMapping "comic_code_medium";
+      "comic_code_medium_italic" = fontMapping "comic_code_medium_italic";
+      "comic_code_bold" = fontMapping "comic_code_bold";
+      "comic_code_bold_italic" = fontMapping "comic_code_bold_italic";
     };
   };
 }