sops: host level module
This commit is contained in:
parent
c3b83a15d3
commit
83f91a7016
3 changed files with 48 additions and 8 deletions
|
@ -1,7 +1,11 @@
|
||||||
keys:
|
keys:
|
||||||
|
users:
|
||||||
- &ravenshade age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
|
- &ravenshade age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
|
||||||
|
hosts:
|
||||||
|
- &snowhawk age1s549sffdhu2yyfk9h06hhks7xc4mqq9a6k53dleurr7y3rmuudpqwz24gv
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets.yaml$
|
- path_regex: secrets.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *ravenshade
|
- *ravenshade
|
||||||
|
- *snowhawk
|
||||||
|
|
25
modules/sops.nix
Normal file
25
modules/sops.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{ lib, config, inputs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.snowhawk.sops;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
inputs.sops-nix.nixosModules.sops
|
||||||
|
];
|
||||||
|
|
||||||
|
options.snowhawk.sops = {
|
||||||
|
enable = lib.mkEnableOption "sops";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ../secrets.yaml;
|
||||||
|
age = {
|
||||||
|
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
keyFile = "/var/lib/sops-nix/key.txt";
|
||||||
|
generateKey = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
25
secrets.yaml
25
secrets.yaml
|
@ -9,6 +9,8 @@ locations:
|
||||||
snowhawk:
|
snowhawk:
|
||||||
lat: ENC[AES256_GCM,data:N7CsvQ==,iv:BfSp2jXBZDEEyNHhpo3SAwEVIWI0timAT2S1l76ODn0=,tag:Mf99+rM/m3Wh8BmmITKjpg==,type:str]
|
lat: ENC[AES256_GCM,data:N7CsvQ==,iv:BfSp2jXBZDEEyNHhpo3SAwEVIWI0timAT2S1l76ODn0=,tag:Mf99+rM/m3Wh8BmmITKjpg==,type:str]
|
||||||
lon: ENC[AES256_GCM,data:dITeYwVzSA==,iv:s+St+As7wgAaUf8/qnAdCM932WY5c9S0qUFhUlzx3W0=,tag:iqqPhmHZ+t+CRZPdZxYVxA==,type:str]
|
lon: ENC[AES256_GCM,data:dITeYwVzSA==,iv:s+St+As7wgAaUf8/qnAdCM932WY5c9S0qUFhUlzx3W0=,tag:iqqPhmHZ+t+CRZPdZxYVxA==,type:str]
|
||||||
|
passwords:
|
||||||
|
ravenshade: ENC[AES256_GCM,data:U0s7qQ4+JI6uzrNygzvMvlBM/W+swtAu6V/iQ1Ggcqq+KJrfrwgVhew7i/E0i8Z5JqSlfeeFGpwptanM0NKKINXYk1h5wF30eA==,iv:KNgx4HfHNi8i8kHBtA9ITy8q+5C8QqAgR69CXB7WPWM=,tag:edRqEMuzNA7aTrCmUCuF3w==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -18,14 +20,23 @@ sops:
|
||||||
- recipient: age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
|
- recipient: age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOGRXY1JMN20wK2tvbmNU
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqaUZNVnZaV3Z6WG9zVmw1
|
||||||
eVQ4YitPUVRzZkRubnFORU1oemVkZVRSUW1nCnp2eFBoUjhsVXprMnllVCtZK29K
|
d0tXNlp0OWVHaHp4OFpNTG1GdStMdUlGakhFClg0TS9RZkFjSlFkUFlXOHRQbm1X
|
||||||
ajJ6VUJDeXlabjJ3ZDhGWC84aDh6ZzAKLS0tIEdPTnl6bHpOcE1XVVN1WU9EUkZm
|
NlZDa0JrMDhQOGM2MWVPRjE2VDBDSDAKLS0tIGg3aWVLTm9DQ2Q0dkdoaFFibHlP
|
||||||
SjZNOWNndEIrMDFZRnV3QlRheklvMncK5n4lzgSrEDQ0M8m4SAslQvl2vq39owY9
|
MGgveEdDb1laY3NhUkRyOVVuME9OVlkKUpTeucratE3vrdsHa/Sm0s0ygwD2UBZ7
|
||||||
s3SrXYCvQo6nsKKJMgaN0fnrSqxdSLbnrDYFchaF2fhdXozR8508PA==
|
5wNykjQUGUG+7OluUlWrwvnmgzyYKS0BM3BD0NjpzTS4OiSB6VYD5g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-07-28T14:01:07Z"
|
- recipient: age1s549sffdhu2yyfk9h06hhks7xc4mqq9a6k53dleurr7y3rmuudpqwz24gv
|
||||||
mac: ENC[AES256_GCM,data:rxpnMQthkIv2ucefdcEK2bRRN5a+auEsPlItX8QT3GpDI24X/ra+UmszqMIQsxai77KQRBh+flTzuYt+XHzJH5QNVkdxPdV/YLLtlrFZ2iGm5kVkLZ0PDU+O9GHlx8oAB0fxosbq6xYd6nuEwwSNVmiEnPnXdjmu02rkdg8PFfw=,iv:cl0UgfVOspnqaXX2Ipy1h4TDj01p7lIa0zGTSQwCnl0=,tag:sCRcLgBVmC3PAct4qr5uWQ==,type:str]
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhRVphSzg4NEZWenBWSGY3
|
||||||
|
L3A5QTVuMFVBOVdrRHlRY3ViK2xjcFpTVkdnCnlCV0dHMmVlRTllbnRpQTdJaVQr
|
||||||
|
QjFXV1lPV1N4TEZxL05WaStDYmlRRTAKLS0tIFZSdkdTT3JyQmlqZVNEWDRwSFln
|
||||||
|
Nk1jNmhBV2hFcFVXaVl0TE02L290NDgKq0JV2vKnHUio0d6p8Wo29skOdq1uzjGh
|
||||||
|
ViIFNODIG8pPVsXQZqCXDWgZIVsAwbavS43d4wkg8iSZ4h6o6sC23Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-07-31T04:34:15Z"
|
||||||
|
mac: ENC[AES256_GCM,data:cgZUtls4VWsbWJp4kdQn4Qj39owxOYX0Ujl7V6fQJ2+NAefyGFhh396Q9uss00N7N6gR8cUNnhUBHjuxr/9AE1afzirQxTBbvmNtf57YFhty709yB3nJWgfuBy2WtgfVi26e5BZiRW+2WBREocAR71TIVm6fiyrn1iq0EaqL1yA=,iv:g6yJUQl5eR2OGmhjvileIITSx3zSyhFou2p8/pYFlLQ=,tag:dX3Yy1RiYyZI8eda8bvBrg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.0
|
||||||
|
|
Loading…
Reference in a new issue