sops-nix ssh key
This commit is contained in:
parent
231fe8a462
commit
e07dce7874
5 changed files with 61 additions and 0 deletions
7
.sops.yaml
Normal file
7
.sops.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
keys:
|
||||||
|
- &ravenshade age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: secrets.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *ravenshade
|
|
@ -14,6 +14,7 @@
|
||||||
./easyeffects.nix
|
./easyeffects.nix
|
||||||
./lazygit.nix
|
./lazygit.nix
|
||||||
./dunst.nix
|
./dunst.nix
|
||||||
|
./sops.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
30
home/modules/sops.nix
Normal file
30
home/modules/sops.nix
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
{ lib, config, inputs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.snowhawk.sops;
|
||||||
|
home = config.home.homeDirectory;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
inputs.sops-nix.homeManagerModules.sops
|
||||||
|
];
|
||||||
|
|
||||||
|
options.snowhawk.sops = {
|
||||||
|
enable = lib.mkEnableOption "sops";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
sops = {
|
||||||
|
age.keyFile = "${home}/.config/sops/age/keys.txt";
|
||||||
|
|
||||||
|
defaultSopsFile = ../../secrets.yaml;
|
||||||
|
validateSopsFiles = false;
|
||||||
|
|
||||||
|
secrets = {
|
||||||
|
"private_keys/personal_git" = {
|
||||||
|
path = "${home}/.ssh/personal_git";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -18,6 +18,7 @@ in
|
||||||
projects.enable = true;
|
projects.enable = true;
|
||||||
lazygit.enable = true;
|
lazygit.enable = true;
|
||||||
dunst.enable = true;
|
dunst.enable = true;
|
||||||
|
sops.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
xsession.numlock.enable = true;
|
xsession.numlock.enable = true;
|
||||||
|
|
22
secrets.yaml
Normal file
22
secrets.yaml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
private_keys:
|
||||||
|
personal_git: ENC[AES256_GCM,data:r5NXuhqltyaZpjMhz6Nh+2Nv1UI86nxtud5aPFkAfwOuBhtDLOx5dOZWZqJ/8Lf+hjyVsCRN77GNXIKmBA3UhguIzWdWSRMboDXYePxRar+i0rBQdKK24rzPLMAYRd5L1sLml1hS5eZxds+D+C5PCv4FXrkc+9xO08RPFgqJVfFbzIEM/5HAmgG1xLpK32+56/QdwW/bL2r2bheSuNXmcrciDeilVBS5/jVgIaa8mxDHQjVPi6SdL4MGt85+OpcOesqDGuTpc00H9kd/i6mOucYCw2UjHJpLYDJ202cE0pHiKenFbssiS+NqG7dWSLKD0HqhDoHLvJVaXlLT+GxEx1ec/vHAl7LgpRRpUfcEknFpsJgliPOfr1p3D2plx/ZcWqysFy3jZ5HZI3ZawRrsDdQlKpljcjCgOeCVoTlQdrjQruDV3QueLPn5ueFMx3Iks6e/PyENXp+JhdJID5dPjckSb2vp/VUP7n3PT3aNuPMluMpXFUhUwthTb/RsKBAqDUEaw0RAe1mvAaoD3ZUJtg5Q84UVuQxQHGtS,iv:fUwoEgHb2Bat/qjnedfHVzso0qfRPXuelO26CFxdud0=,tag:bqHeF1R4+IHQ/a0urVXhIA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOGRXY1JMN20wK2tvbmNU
|
||||||
|
eVQ4YitPUVRzZkRubnFORU1oemVkZVRSUW1nCnp2eFBoUjhsVXprMnllVCtZK29K
|
||||||
|
ajJ6VUJDeXlabjJ3ZDhGWC84aDh6ZzAKLS0tIEdPTnl6bHpOcE1XVVN1WU9EUkZm
|
||||||
|
SjZNOWNndEIrMDFZRnV3QlRheklvMncK5n4lzgSrEDQ0M8m4SAslQvl2vq39owY9
|
||||||
|
s3SrXYCvQo6nsKKJMgaN0fnrSqxdSLbnrDYFchaF2fhdXozR8508PA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-07-09T04:04:27Z"
|
||||||
|
mac: ENC[AES256_GCM,data:DD/9KWi7rgtBa1gJBSoER2PrzFXTbkqL28yDgf6bT8uUo19N4ztm6XjzAfJuthTZPk2AuRY5J0LIiMPysHdyyCQzVlXJx7I26MQtZo+6McbGNar+rmpxOOhQE/fLV1itrJIw7vbK3SbFTycCvMt2LocQAH5H9vFhqFXJOwzbXjw=,iv:Ctp9fjHC8+F3CVyV1iVzva2BZ1rISEV5eThp1v7mb0c=,tag:IEDUeaqD7snFlk05PVeHaw==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.0
|
Loading…
Reference in a new issue