Zynh0722
/
nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sops: host level module

main
Zynh Ludwig 2024-07-30 21:47:01 -07:00
parent c3b83a15d3
commit 83f91a7016
3 changed files with 48 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.sops.yaml
View File

@ -1,7 +1,11 @@
keys: keys:
- &ravenshade age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd users:
- &ravenshade age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
hosts:
- &snowhawk age1s549sffdhu2yyfk9h06hhks7xc4mqq9a6k53dleurr7y3rmuudpqwz24gv
creation_rules: creation_rules:
- path_regex: secrets.yaml$ - path_regex: secrets.yaml$
key_groups: key_groups:
- age: - age:
- *ravenshade - *ravenshade
- *snowhawk

25
modules/sops.nix Normal file
View File

@ -0,0 +1,25 @@
{ lib, config, inputs, ... }:
let
cfg = config.snowhawk.sops;
in
{
imports = [
inputs.sops-nix.nixosModules.sops
];
options.snowhawk.sops = {
enable = lib.mkEnableOption "sops";
};
config = lib.mkIf cfg.enable {
sops = {
defaultSopsFile = ../secrets.yaml;
age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
};
};
}

25
secrets.yaml
View File

@ -9,6 +9,8 @@ locations:
snowhawk: snowhawk:
lat: ENC[AES256_GCM,data:N7CsvQ==,iv:BfSp2jXBZDEEyNHhpo3SAwEVIWI0timAT2S1l76ODn0=,tag:Mf99+rM/m3Wh8BmmITKjpg==,type:str] lat: ENC[AES256_GCM,data:N7CsvQ==,iv:BfSp2jXBZDEEyNHhpo3SAwEVIWI0timAT2S1l76ODn0=,tag:Mf99+rM/m3Wh8BmmITKjpg==,type:str]
lon: ENC[AES256_GCM,data:dITeYwVzSA==,iv:s+St+As7wgAaUf8/qnAdCM932WY5c9S0qUFhUlzx3W0=,tag:iqqPhmHZ+t+CRZPdZxYVxA==,type:str] lon: ENC[AES256_GCM,data:dITeYwVzSA==,iv:s+St+As7wgAaUf8/qnAdCM932WY5c9S0qUFhUlzx3W0=,tag:iqqPhmHZ+t+CRZPdZxYVxA==,type:str]
passwords:
ravenshade: ENC[AES256_GCM,data:U0s7qQ4+JI6uzrNygzvMvlBM/W+swtAu6V/iQ1Ggcqq+KJrfrwgVhew7i/E0i8Z5JqSlfeeFGpwptanM0NKKINXYk1h5wF30eA==,iv:KNgx4HfHNi8i8kHBtA9ITy8q+5C8QqAgR69CXB7WPWM=,tag:edRqEMuzNA7aTrCmUCuF3w==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -18,14 +20,23 @@ sops:
- recipient: age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd - recipient: age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOGRXY1JMN20wK2tvbmNU YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqaUZNVnZaV3Z6WG9zVmw1
eVQ4YitPUVRzZkRubnFORU1oemVkZVRSUW1nCnp2eFBoUjhsVXprMnllVCtZK29K d0tXNlp0OWVHaHp4OFpNTG1GdStMdUlGakhFClg0TS9RZkFjSlFkUFlXOHRQbm1X
ajJ6VUJDeXlabjJ3ZDhGWC84aDh6ZzAKLS0tIEdPTnl6bHpOcE1XVVN1WU9EUkZm NlZDa0JrMDhQOGM2MWVPRjE2VDBDSDAKLS0tIGg3aWVLTm9DQ2Q0dkdoaFFibHlP
SjZNOWNndEIrMDFZRnV3QlRheklvMncK5n4lzgSrEDQ0M8m4SAslQvl2vq39owY9 MGgveEdDb1laY3NhUkRyOVVuME9OVlkKUpTeucratE3vrdsHa/Sm0s0ygwD2UBZ7
s3SrXYCvQo6nsKKJMgaN0fnrSqxdSLbnrDYFchaF2fhdXozR8508PA== 5wNykjQUGUG+7OluUlWrwvnmgzyYKS0BM3BD0NjpzTS4OiSB6VYD5g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-28T14:01:07Z" - recipient: age1s549sffdhu2yyfk9h06hhks7xc4mqq9a6k53dleurr7y3rmuudpqwz24gv
mac: ENC[AES256_GCM,data:rxpnMQthkIv2ucefdcEK2bRRN5a+auEsPlItX8QT3GpDI24X/ra+UmszqMIQsxai77KQRBh+flTzuYt+XHzJH5QNVkdxPdV/YLLtlrFZ2iGm5kVkLZ0PDU+O9GHlx8oAB0fxosbq6xYd6nuEwwSNVmiEnPnXdjmu02rkdg8PFfw=,iv:cl0UgfVOspnqaXX2Ipy1h4TDj01p7lIa0zGTSQwCnl0=,tag:sCRcLgBVmC3PAct4qr5uWQ==,type:str] enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhRVphSzg4NEZWenBWSGY3
L3A5QTVuMFVBOVdrRHlRY3ViK2xjcFpTVkdnCnlCV0dHMmVlRTllbnRpQTdJaVQr
QjFXV1lPV1N4TEZxL05WaStDYmlRRTAKLS0tIFZSdkdTT3JyQmlqZVNEWDRwSFln
Nk1jNmhBV2hFcFVXaVl0TE02L290NDgKq0JV2vKnHUio0d6p8Wo29skOdq1uzjGh
ViIFNODIG8pPVsXQZqCXDWgZIVsAwbavS43d4wkg8iSZ4h6o6sC23Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-31T04:34:15Z"
mac: ENC[AES256_GCM,data:cgZUtls4VWsbWJp4kdQn4Qj39owxOYX0Ujl7V6fQJ2+NAefyGFhh396Q9uss00N7N6gR8cUNnhUBHjuxr/9AE1afzirQxTBbvmNtf57YFhty709yB3nJWgfuBy2WtgfVi26e5BZiRW+2WBREocAR71TIVm6fiyrn1iq0EaqL1yA=,iv:g6yJUQl5eR2OGmhjvileIITSx3zSyhFou2p8/pYFlLQ=,tag:dX3Yy1RiYyZI8eda8bvBrg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.0