From 2c57b566f9ff7d8070fc977c96e0bcdf4835bf30 Mon Sep 17 00:00:00 2001 From: Spectre Date: Fri, 7 Jun 2024 14:05:41 +0200 Subject: [PATCH] sops --- hosts/lilith-pad/secrets/default.yaml | 37 +++++++++++++++++++++++++++ secrets/secrets.yaml | 0 system/users.nix | 15 +++++++++-- 3 files changed, 50 insertions(+), 2 deletions(-) create mode 100644 hosts/lilith-pad/secrets/default.yaml create mode 100644 secrets/secrets.yaml diff --git a/hosts/lilith-pad/secrets/default.yaml b/hosts/lilith-pad/secrets/default.yaml new file mode 100644 index 00000000..969a63cc --- /dev/null +++ b/hosts/lilith-pad/secrets/default.yaml @@ -0,0 +1,37 @@ +user: + password: ENC[AES256_GCM,data:a6OrHaXj8XWWwni2hBcCh32CCZa5T4ervhHW9CrcCSFV/nFAs8gTlenoYwQjty8bhBvC8eMPlhYUI8Ofo8ausqSp6X9lU42o5w==,iv:Y5YUQ5AReiBN4e7qsYH5/UJsx5U2rGMfJt3Ch7MWizs=,tag:Kh+bte5VO1PKFlvLRSrVGw==,type:str] + ssh: + public: ENC[AES256_GCM,data:D8fDtcDgfo7sMkVAal3DgmsNPJaSPDjswGqTBT9qSXyDzyTDEp/6SR8YWFo3ObSFJluyZ8RTluADkcZjyVdZ7Ky/pJw9qJ8VXWne37Nu3lJYYyXLP+vqbYxyuV94h5aWEd7F,iv:Y7RyYlyVWs1Ur2OhLXGyzwzCP7+gMMBTLiVwzStkfxk=,tag:jznB9ROVPKF6KiyEg8fEVw==,type:str] + private: ENC[AES256_GCM,data:zHiIHU5472Gbrz+S+qVha4WhoAyBHRhwpWU3qc/krXrUwH2KD5Oumgh24Dkr0OuNM1L+dwKkshu6Uhg/Cq2wzrP30HUhXsKvE6KM4np8TIqPUi/FCgfhrk5g03U0ENe6inHh0IYbx2Vgxe5PQWhII1YuFrj33A1njpfpLD8AXli8XqzlDzHZaJ3MTSyTO/WfyFvXRakZyaqinVUFyTmP1F3VsAzNUChWblqOKAUEqoSdFdxypJw0v/neTMF+GadGlY9Y194Avo6uRqlwndETljr4ZTLbNVExR/cYtLwty72elPdGlyY3T7R4yPPDC3HDKaj0FzmH5Px8O/+26P9zi6Y7Y8aCtxyu9CAOIsx/eIIM0h4DrbdKYHOzRUBbrShAGwHlrp8ueWdL8QPKhnD3IE7v1xaIUJoaFfD0zNKJ+lYP2VmnOZBLSR35JEqjlIylRU74jpz2J7e2vBCmQK4QjORUAOXmafk8NysFVw1qBd1pcisIlnAoqiNrN1HygLU87Cz6aKktyitlkJ4QGSg7mi+z39oSDANgc7JOttfw0yAQQwQhrF88Rf2QjTl7DXWmfs6Xsg2Y/ZEf0PhHjvU5LBHprUsHrHMe/OyxbZB5GyA=,iv:7xN77ILr4af8AJAkld1qSRTfMRQ6VVnAFg8TtU+zNW8=,tag:Ctrkhbg1cH7oQGMIbXfAbw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1mqw75xvd2gnhx2wsmkr8yctegjfym6xkypwjh82s3yws2glk4vms3cxqaz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWaEN6bTVUakYzNE5lbm8x + Z1hBbnlNVDNGcHV4b0VhL2hibGl0ZVh0VWgwClJnWWVvNm0yZ2Y3a0FqYVdwUTNK + VFVwMGF5dm9TVXhabkVxMjZkd0wrVDAKLS0tICs3dkZIdEZLWXc3RGVUSFhSQ3FV + cFV0ZkliUHpKdEsyU0dEQUdNZ0kzb0UKSHUzMLKwB0s2CimzsIbktvng7dDReOzT + ygaLq22ZrYvb1etPyroaJA1M5hzNo2VnCMVqa7vUbu/5ZHVLxW9n6Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-07T11:59:05Z" + mac: ENC[AES256_GCM,data:37VoTqSrDuzvb0vRz3TnVTfd1HTzjFdUaTT5LZ+m9z41DYKNQOmATxZtsDqgZ7eLNvJbI214niSzHXRKelB4exQCon9KL+ruMpphoGBzfIiKSAy7Nuv4FcGEuIdjPoJguW6pf9Ut0bLcWMkTQFX5XYXtDWCR9simFOJ6O1pHU5s=,iv:OGVxt+frjuRPMYxwai8w9OKlG3ndtKAGW2gRfQP8xmU=,tag:/1wV7H57buanZuTYbFoQcA==,type:str] + pgp: + - created_at: "2024-06-07T11:56:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DCgMW7d7co2gSAQdAY7KJCFQCnrE1noIf4+PjHIiMnFl1eKpekpzWiqkN41gw + Xf2zH/ROoqzrNlxTV4g8a1dYm2GpAEUpnTDq/1WpR+n0D9rUJqYtqchCoQ7AX636 + 1GgBCQIQOovUfy7EuW663pe7TXpDhws9s3PdNerR4YWchg6x5nz4DuMYppeTUTFL + 65t3l+mERu5eHhadGP2OLIGtGlKbHLI9KDZeqllNuUASSwA6eMN52lgtQBjHVWtB + hER5gRqKM6oL/Q== + =4mno + -----END PGP MESSAGE----- + fp: 3586D8D6689B9C9ECD598C588712A0F317C37175 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 00000000..e69de29b diff --git a/system/users.nix b/system/users.nix index 98a9d0f2..d7cbaa69 100644 --- a/system/users.nix +++ b/system/users.nix @@ -17,14 +17,25 @@ hm = import ../home; in { ${conf.user} = { - # imports = hm.user; + imports = hm.user; home.username = conf.user; home.stateVersion = "24.11"; }; }; sops.secrets."user/password" = { - sopsFile = ../hosts/${conf.hostname}/secrets/default.yml; + sopsFile = ../hosts/${conf.hostname}/secrets/default.yaml; neededForUsers = true; }; + + sops.secrets."user/ssh/private" = { + sopsFile = ../hosts/${conf.hostname}/secrets/default.yaml; + path = "/home/lilith/.ssh/id_ed25519"; + owner = "lilith"; + }; + sops.secrets."user/ssh/public" = { + sopsFile = ../hosts/${conf.hostname}/secrets/default.yaml; + path = "/home/lilith/.ssh/id_ed25519.pub"; + owner = "lilith"; + }; }