lilith/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sops

Browse source
This commit is contained in:
Spectre 2024-06-07 14:05:41 +02:00
parent c0f3e77000
commit 2c57b566f9
3 changed files with 50 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

37
hosts/lilith-pad/secrets/default.yaml Normal file
View file

@ -0,0 +1,37 @@
user:
password: ENC[AES256_GCM,data:a6OrHaXj8XWWwni2hBcCh32CCZa5T4ervhHW9CrcCSFV/nFAs8gTlenoYwQjty8bhBvC8eMPlhYUI8Ofo8ausqSp6X9lU42o5w==,iv:Y5YUQ5AReiBN4e7qsYH5/UJsx5U2rGMfJt3Ch7MWizs=,tag:Kh+bte5VO1PKFlvLRSrVGw==,type:str]
ssh:
public: ENC[AES256_GCM,data:D8fDtcDgfo7sMkVAal3DgmsNPJaSPDjswGqTBT9qSXyDzyTDEp/6SR8YWFo3ObSFJluyZ8RTluADkcZjyVdZ7Ky/pJw9qJ8VXWne37Nu3lJYYyXLP+vqbYxyuV94h5aWEd7F,iv:Y7RyYlyVWs1Ur2OhLXGyzwzCP7+gMMBTLiVwzStkfxk=,tag:jznB9ROVPKF6KiyEg8fEVw==,type:str]
private: ENC[AES256_GCM,data:zHiIHU5472Gbrz+S+qVha4WhoAyBHRhwpWU3qc/krXrUwH2KD5Oumgh24Dkr0OuNM1L+dwKkshu6Uhg/Cq2wzrP30HUhXsKvE6KM4np8TIqPUi/FCgfhrk5g03U0ENe6inHh0IYbx2Vgxe5PQWhII1YuFrj33A1njpfpLD8AXli8XqzlDzHZaJ3MTSyTO/WfyFvXRakZyaqinVUFyTmP1F3VsAzNUChWblqOKAUEqoSdFdxypJw0v/neTMF+GadGlY9Y194Avo6uRqlwndETljr4ZTLbNVExR/cYtLwty72elPdGlyY3T7R4yPPDC3HDKaj0FzmH5Px8O/+26P9zi6Y7Y8aCtxyu9CAOIsx/eIIM0h4DrbdKYHOzRUBbrShAGwHlrp8ueWdL8QPKhnD3IE7v1xaIUJoaFfD0zNKJ+lYP2VmnOZBLSR35JEqjlIylRU74jpz2J7e2vBCmQK4QjORUAOXmafk8NysFVw1qBd1pcisIlnAoqiNrN1HygLU87Cz6aKktyitlkJ4QGSg7mi+z39oSDANgc7JOttfw0yAQQwQhrF88Rf2QjTl7DXWmfs6Xsg2Y/ZEf0PhHjvU5LBHprUsHrHMe/OyxbZB5GyA=,iv:7xN77ILr4af8AJAkld1qSRTfMRQ6VVnAFg8TtU+zNW8=,tag:Ctrkhbg1cH7oQGMIbXfAbw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mqw75xvd2gnhx2wsmkr8yctegjfym6xkypwjh82s3yws2glk4vms3cxqaz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWaEN6bTVUakYzNE5lbm8x
Z1hBbnlNVDNGcHV4b0VhL2hibGl0ZVh0VWgwClJnWWVvNm0yZ2Y3a0FqYVdwUTNK
VFVwMGF5dm9TVXhabkVxMjZkd0wrVDAKLS0tICs3dkZIdEZLWXc3RGVUSFhSQ3FV
cFV0ZkliUHpKdEsyU0dEQUdNZ0kzb0UKSHUzMLKwB0s2CimzsIbktvng7dDReOzT
ygaLq22ZrYvb1etPyroaJA1M5hzNo2VnCMVqa7vUbu/5ZHVLxW9n6Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-07T11:59:05Z"
mac: ENC[AES256_GCM,data:37VoTqSrDuzvb0vRz3TnVTfd1HTzjFdUaTT5LZ+m9z41DYKNQOmATxZtsDqgZ7eLNvJbI214niSzHXRKelB4exQCon9KL+ruMpphoGBzfIiKSAy7Nuv4FcGEuIdjPoJguW6pf9Ut0bLcWMkTQFX5XYXtDWCR9simFOJ6O1pHU5s=,iv:OGVxt+frjuRPMYxwai8w9OKlG3ndtKAGW2gRfQP8xmU=,tag:/1wV7H57buanZuTYbFoQcA==,type:str]
pgp:
- created_at: "2024-06-07T11:56:01Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DCgMW7d7co2gSAQdAY7KJCFQCnrE1noIf4+PjHIiMnFl1eKpekpzWiqkN41gw
Xf2zH/ROoqzrNlxTV4g8a1dYm2GpAEUpnTDq/1WpR+n0D9rUJqYtqchCoQ7AX636
1GgBCQIQOovUfy7EuW663pe7TXpDhws9s3PdNerR4YWchg6x5nz4DuMYppeTUTFL
65t3l+mERu5eHhadGP2OLIGtGlKbHLI9KDZeqllNuUASSwA6eMN52lgtQBjHVWtB
hER5gRqKM6oL/Q==
=4mno
-----END PGP MESSAGE-----
fp: 3586D8D6689B9C9ECD598C588712A0F317C37175
unencrypted_suffix: _unencrypted
version: 3.8.1

0
secrets/secrets.yaml Normal file
View file

15
system/users.nix
View file

@ -17,14 +17,25 @@
hm = import ../home; hm = import ../home;
in { in {
${conf.user} = { ${conf.user} = {
# imports = hm.user; imports = hm.user;
home.username = conf.user; home.username = conf.user;
home.stateVersion = "24.11"; home.stateVersion = "24.11";
}; };
}; };
sops.secrets."user/password" = { sops.secrets."user/password" = {
sopsFile = ../hosts/${conf.hostname}/secrets/default.yml; sopsFile = ../hosts/${conf.hostname}/secrets/default.yaml;
neededForUsers = true; neededForUsers = true;
}; };
sops.secrets."user/ssh/private" = {
sopsFile = ../hosts/${conf.hostname}/secrets/default.yaml;
path = "/home/lilith/.ssh/id_ed25519";
owner = "lilith";
};
sops.secrets."user/ssh/public" = {
sopsFile = ../hosts/${conf.hostname}/secrets/default.yaml;
path = "/home/lilith/.ssh/id_ed25519.pub";
owner = "lilith";
};
} }