fix: secrets

flake.lock

@@ -347,11 +347,11 @@
     },
     "unstable": {
       "locked": {
-        "lastModified": 1754498491,
-        "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=",
+        "lastModified": 1755186698,
+        "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134",
+        "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
         "type": "github"
       },
       "original": {

host/ark/sops.nix

@@ -5,7 +5,11 @@
     defaultSopsFile = ../../secrets/sops/host/ark/default.yaml;
     validateSopsFiles = false;
 
-    age.keyFile = "/var/lib/sops-nix/key.txt";
+    age.keyFile = if builtins.pathExists /var/lib/sops-nix/key.txt then
+      "/var/lib/sops-nix/key.txt"
+    else
+      "/home/admin/.config/sops/age/keys.txt" # temp decrypt key
+    ;
 
     secrets = {
       "host_age_key" = {