sops: host level module
This commit is contained in:
parent
c3b83a15d3
commit
83f91a7016
3 changed files with 48 additions and 8 deletions
|
@ -1,7 +1,11 @@
|
|||
keys:
|
||||
- &ravenshade age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
|
||||
users:
|
||||
- &ravenshade age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
|
||||
hosts:
|
||||
- &snowhawk age1s549sffdhu2yyfk9h06hhks7xc4mqq9a6k53dleurr7y3rmuudpqwz24gv
|
||||
creation_rules:
|
||||
- path_regex: secrets.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *ravenshade
|
||||
- *snowhawk
|
||||
|
|
25
modules/sops.nix
Normal file
25
modules/sops.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{ lib, config, inputs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.snowhawk.sops;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
];
|
||||
|
||||
options.snowhawk.sops = {
|
||||
enable = lib.mkEnableOption "sops";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
sops = {
|
||||
defaultSopsFile = ../secrets.yaml;
|
||||
age = {
|
||||
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
keyFile = "/var/lib/sops-nix/key.txt";
|
||||
generateKey = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
25
secrets.yaml
25
secrets.yaml
|
@ -9,6 +9,8 @@ locations:
|
|||
snowhawk:
|
||||
lat: ENC[AES256_GCM,data:N7CsvQ==,iv:BfSp2jXBZDEEyNHhpo3SAwEVIWI0timAT2S1l76ODn0=,tag:Mf99+rM/m3Wh8BmmITKjpg==,type:str]
|
||||
lon: ENC[AES256_GCM,data:dITeYwVzSA==,iv:s+St+As7wgAaUf8/qnAdCM932WY5c9S0qUFhUlzx3W0=,tag:iqqPhmHZ+t+CRZPdZxYVxA==,type:str]
|
||||
passwords:
|
||||
ravenshade: ENC[AES256_GCM,data:U0s7qQ4+JI6uzrNygzvMvlBM/W+swtAu6V/iQ1Ggcqq+KJrfrwgVhew7i/E0i8Z5JqSlfeeFGpwptanM0NKKINXYk1h5wF30eA==,iv:KNgx4HfHNi8i8kHBtA9ITy8q+5C8QqAgR69CXB7WPWM=,tag:edRqEMuzNA7aTrCmUCuF3w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -18,14 +20,23 @@ sops:
|
|||
- recipient: age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOGRXY1JMN20wK2tvbmNU
|
||||
eVQ4YitPUVRzZkRubnFORU1oemVkZVRSUW1nCnp2eFBoUjhsVXprMnllVCtZK29K
|
||||
ajJ6VUJDeXlabjJ3ZDhGWC84aDh6ZzAKLS0tIEdPTnl6bHpOcE1XVVN1WU9EUkZm
|
||||
SjZNOWNndEIrMDFZRnV3QlRheklvMncK5n4lzgSrEDQ0M8m4SAslQvl2vq39owY9
|
||||
s3SrXYCvQo6nsKKJMgaN0fnrSqxdSLbnrDYFchaF2fhdXozR8508PA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqaUZNVnZaV3Z6WG9zVmw1
|
||||
d0tXNlp0OWVHaHp4OFpNTG1GdStMdUlGakhFClg0TS9RZkFjSlFkUFlXOHRQbm1X
|
||||
NlZDa0JrMDhQOGM2MWVPRjE2VDBDSDAKLS0tIGg3aWVLTm9DQ2Q0dkdoaFFibHlP
|
||||
MGgveEdDb1laY3NhUkRyOVVuME9OVlkKUpTeucratE3vrdsHa/Sm0s0ygwD2UBZ7
|
||||
5wNykjQUGUG+7OluUlWrwvnmgzyYKS0BM3BD0NjpzTS4OiSB6VYD5g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-28T14:01:07Z"
|
||||
mac: ENC[AES256_GCM,data:rxpnMQthkIv2ucefdcEK2bRRN5a+auEsPlItX8QT3GpDI24X/ra+UmszqMIQsxai77KQRBh+flTzuYt+XHzJH5QNVkdxPdV/YLLtlrFZ2iGm5kVkLZ0PDU+O9GHlx8oAB0fxosbq6xYd6nuEwwSNVmiEnPnXdjmu02rkdg8PFfw=,iv:cl0UgfVOspnqaXX2Ipy1h4TDj01p7lIa0zGTSQwCnl0=,tag:sCRcLgBVmC3PAct4qr5uWQ==,type:str]
|
||||
- recipient: age1s549sffdhu2yyfk9h06hhks7xc4mqq9a6k53dleurr7y3rmuudpqwz24gv
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhRVphSzg4NEZWenBWSGY3
|
||||
L3A5QTVuMFVBOVdrRHlRY3ViK2xjcFpTVkdnCnlCV0dHMmVlRTllbnRpQTdJaVQr
|
||||
QjFXV1lPV1N4TEZxL05WaStDYmlRRTAKLS0tIFZSdkdTT3JyQmlqZVNEWDRwSFln
|
||||
Nk1jNmhBV2hFcFVXaVl0TE02L290NDgKq0JV2vKnHUio0d6p8Wo29skOdq1uzjGh
|
||||
ViIFNODIG8pPVsXQZqCXDWgZIVsAwbavS43d4wkg8iSZ4h6o6sC23Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-31T04:34:15Z"
|
||||
mac: ENC[AES256_GCM,data:cgZUtls4VWsbWJp4kdQn4Qj39owxOYX0Ujl7V6fQJ2+NAefyGFhh396Q9uss00N7N6gR8cUNnhUBHjuxr/9AE1afzirQxTBbvmNtf57YFhty709yB3nJWgfuBy2WtgfVi26e5BZiRW+2WBREocAR71TIVm6fiyrn1iq0EaqL1yA=,iv:g6yJUQl5eR2OGmhjvileIITSx3zSyhFou2p8/pYFlLQ=,tag:dX3Yy1RiYyZI8eda8bvBrg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
|
Loading…
Reference in a new issue