sops-nix ssh key

sh-initrd-on-root
Zynh Ludwig 2024-07-08 20:35:25 -07:00
parent 231fe8a462
commit e07dce7874
5 changed files with 61 additions and 0 deletions

7
.sops.yaml Normal file
View File

@ -0,0 +1,7 @@
keys:
- &ravenshade age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *ravenshade

View File

@ -14,6 +14,7 @@
./easyeffects.nix
./lazygit.nix
./dunst.nix
./sops.nix
];
nixpkgs.config.allowUnfree = true;

30
home/modules/sops.nix Normal file
View File

@ -0,0 +1,30 @@
{ lib, config, inputs, ... }:
let
cfg = config.snowhawk.sops;
home = config.home.homeDirectory;
in
{
imports = [
inputs.sops-nix.homeManagerModules.sops
];
options.snowhawk.sops = {
enable = lib.mkEnableOption "sops";
};
config = lib.mkIf cfg.enable {
sops = {
age.keyFile = "${home}/.config/sops/age/keys.txt";
defaultSopsFile = ../../secrets.yaml;
validateSopsFiles = false;
secrets = {
"private_keys/personal_git" = {
path = "${home}/.ssh/personal_git";
};
};
};
};
}

View File

@ -18,6 +18,7 @@ in
projects.enable = true;
lazygit.enable = true;
dunst.enable = true;
sops.enable = true;
};
xsession.numlock.enable = true;

22
secrets.yaml Normal file
View File

@ -0,0 +1,22 @@
private_keys:
personal_git: ENC[AES256_GCM,data:r5NXuhqltyaZpjMhz6Nh+2Nv1UI86nxtud5aPFkAfwOuBhtDLOx5dOZWZqJ/8Lf+hjyVsCRN77GNXIKmBA3UhguIzWdWSRMboDXYePxRar+i0rBQdKK24rzPLMAYRd5L1sLml1hS5eZxds+D+C5PCv4FXrkc+9xO08RPFgqJVfFbzIEM/5HAmgG1xLpK32+56/QdwW/bL2r2bheSuNXmcrciDeilVBS5/jVgIaa8mxDHQjVPi6SdL4MGt85+OpcOesqDGuTpc00H9kd/i6mOucYCw2UjHJpLYDJ202cE0pHiKenFbssiS+NqG7dWSLKD0HqhDoHLvJVaXlLT+GxEx1ec/vHAl7LgpRRpUfcEknFpsJgliPOfr1p3D2plx/ZcWqysFy3jZ5HZI3ZawRrsDdQlKpljcjCgOeCVoTlQdrjQruDV3QueLPn5ueFMx3Iks6e/PyENXp+JhdJID5dPjckSb2vp/VUP7n3PT3aNuPMluMpXFUhUwthTb/RsKBAqDUEaw0RAe1mvAaoD3ZUJtg5Q84UVuQxQHGtS,iv:fUwoEgHb2Bat/qjnedfHVzso0qfRPXuelO26CFxdud0=,tag:bqHeF1R4+IHQ/a0urVXhIA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOGRXY1JMN20wK2tvbmNU
eVQ4YitPUVRzZkRubnFORU1oemVkZVRSUW1nCnp2eFBoUjhsVXprMnllVCtZK29K
ajJ6VUJDeXlabjJ3ZDhGWC84aDh6ZzAKLS0tIEdPTnl6bHpOcE1XVVN1WU9EUkZm
SjZNOWNndEIrMDFZRnV3QlRheklvMncK5n4lzgSrEDQ0M8m4SAslQvl2vq39owY9
s3SrXYCvQo6nsKKJMgaN0fnrSqxdSLbnrDYFchaF2fhdXozR8508PA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-09T04:04:27Z"
mac: ENC[AES256_GCM,data:DD/9KWi7rgtBa1gJBSoER2PrzFXTbkqL28yDgf6bT8uUo19N4ztm6XjzAfJuthTZPk2AuRY5J0LIiMPysHdyyCQzVlXJx7I26MQtZo+6McbGNar+rmpxOOhQE/fLV1itrJIw7vbK3SbFTycCvMt2LocQAH5H9vFhqFXJOwzbXjw=,iv:Ctp9fjHC8+F3CVyV1iVzva2BZ1rISEV5eThp1v7mb0c=,tag:IEDUeaqD7snFlk05PVeHaw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0