Compare commits

..

No commits in common. "6e2ef44fd1fe632780b4da378183b773aa9fe027" and "c3b83a15d329b116c157bce62445703593c63a4a" have entirely different histories.

5 changed files with 9 additions and 55 deletions

View File

@ -1,11 +1,7 @@
keys: keys:
users: - &ravenshade age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
- &ravenshade age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
hosts:
- &snowhawk age1s549sffdhu2yyfk9h06hhks7xc4mqq9a6k53dleurr7y3rmuudpqwz24gv
creation_rules: creation_rules:
- path_regex: secrets.yaml$ - path_regex: secrets.yaml$
key_groups: key_groups:
- age: - age:
- *ravenshade - *ravenshade
- *snowhawk

View File

@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{ pkgs, inputs, lib, config, ... }: { pkgs, inputs, lib, ... }:
{ {
imports = [ imports = [
@ -41,15 +41,10 @@
# #
# ]; # ];
# users sops setup
sops.secrets."passwords/ravenshade".neededForUsers = true;
users.mutableUsers = false;
# Define a user account. Don't forget to set a password with `passwd`. # Define a user account. Don't forget to set a password with `passwd`.
users.users.ravenshade = { users.users.ravenshade = {
isNormalUser = true; isNormalUser = true;
description = "Zynh Ludwig"; description = "Zynh Ludwig";
hashedPasswordFile = config.sops.secrets."passwords/ravenshade".path;
extraGroups = [ "networkmanager" "wheel" "audio" ]; extraGroups = [ "networkmanager" "wheel" "audio" ];
packages = with pkgs; [ packages = with pkgs; [
ripgrep ripgrep

View File

@ -13,5 +13,4 @@ in
snowhawk.i18n.enable = lib.mkDefault true; snowhawk.i18n.enable = lib.mkDefault true;
snowhawk.audio.enable = lib.mkDefault true; snowhawk.audio.enable = lib.mkDefault true;
snowhawk.env.enable = lib.mkDefault true; snowhawk.env.enable = lib.mkDefault true;
snowhawk.sops.enable = lib.mkDefault true;
} }

View File

@ -1,25 +0,0 @@
{ lib, config, inputs, ... }:
let
cfg = config.snowhawk.sops;
in
{
imports = [
inputs.sops-nix.nixosModules.sops
];
options.snowhawk.sops = {
enable = lib.mkEnableOption "sops";
};
config = lib.mkIf cfg.enable {
sops = {
defaultSopsFile = ../secrets.yaml;
age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
};
};
}

View File

@ -9,8 +9,6 @@ locations:
snowhawk: snowhawk:
lat: ENC[AES256_GCM,data:N7CsvQ==,iv:BfSp2jXBZDEEyNHhpo3SAwEVIWI0timAT2S1l76ODn0=,tag:Mf99+rM/m3Wh8BmmITKjpg==,type:str] lat: ENC[AES256_GCM,data:N7CsvQ==,iv:BfSp2jXBZDEEyNHhpo3SAwEVIWI0timAT2S1l76ODn0=,tag:Mf99+rM/m3Wh8BmmITKjpg==,type:str]
lon: ENC[AES256_GCM,data:dITeYwVzSA==,iv:s+St+As7wgAaUf8/qnAdCM932WY5c9S0qUFhUlzx3W0=,tag:iqqPhmHZ+t+CRZPdZxYVxA==,type:str] lon: ENC[AES256_GCM,data:dITeYwVzSA==,iv:s+St+As7wgAaUf8/qnAdCM932WY5c9S0qUFhUlzx3W0=,tag:iqqPhmHZ+t+CRZPdZxYVxA==,type:str]
passwords:
ravenshade: ENC[AES256_GCM,data:U0s7qQ4+JI6uzrNygzvMvlBM/W+swtAu6V/iQ1Ggcqq+KJrfrwgVhew7i/E0i8Z5JqSlfeeFGpwptanM0NKKINXYk1h5wF30eA==,iv:KNgx4HfHNi8i8kHBtA9ITy8q+5C8QqAgR69CXB7WPWM=,tag:edRqEMuzNA7aTrCmUCuF3w==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -20,23 +18,14 @@ sops:
- recipient: age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd - recipient: age1zgd7qpj7vc4gjtetttqgp32aw75fmnjrw6ax2x2meul2w4jclytszvutdd
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqaUZNVnZaV3Z6WG9zVmw1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOGRXY1JMN20wK2tvbmNU
d0tXNlp0OWVHaHp4OFpNTG1GdStMdUlGakhFClg0TS9RZkFjSlFkUFlXOHRQbm1X eVQ4YitPUVRzZkRubnFORU1oemVkZVRSUW1nCnp2eFBoUjhsVXprMnllVCtZK29K
NlZDa0JrMDhQOGM2MWVPRjE2VDBDSDAKLS0tIGg3aWVLTm9DQ2Q0dkdoaFFibHlP ajJ6VUJDeXlabjJ3ZDhGWC84aDh6ZzAKLS0tIEdPTnl6bHpOcE1XVVN1WU9EUkZm
MGgveEdDb1laY3NhUkRyOVVuME9OVlkKUpTeucratE3vrdsHa/Sm0s0ygwD2UBZ7 SjZNOWNndEIrMDFZRnV3QlRheklvMncK5n4lzgSrEDQ0M8m4SAslQvl2vq39owY9
5wNykjQUGUG+7OluUlWrwvnmgzyYKS0BM3BD0NjpzTS4OiSB6VYD5g== s3SrXYCvQo6nsKKJMgaN0fnrSqxdSLbnrDYFchaF2fhdXozR8508PA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1s549sffdhu2yyfk9h06hhks7xc4mqq9a6k53dleurr7y3rmuudpqwz24gv lastmodified: "2024-07-28T14:01:07Z"
enc: | mac: ENC[AES256_GCM,data:rxpnMQthkIv2ucefdcEK2bRRN5a+auEsPlItX8QT3GpDI24X/ra+UmszqMIQsxai77KQRBh+flTzuYt+XHzJH5QNVkdxPdV/YLLtlrFZ2iGm5kVkLZ0PDU+O9GHlx8oAB0fxosbq6xYd6nuEwwSNVmiEnPnXdjmu02rkdg8PFfw=,iv:cl0UgfVOspnqaXX2Ipy1h4TDj01p7lIa0zGTSQwCnl0=,tag:sCRcLgBVmC3PAct4qr5uWQ==,type:str]
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhRVphSzg4NEZWenBWSGY3
L3A5QTVuMFVBOVdrRHlRY3ViK2xjcFpTVkdnCnlCV0dHMmVlRTllbnRpQTdJaVQr
QjFXV1lPV1N4TEZxL05WaStDYmlRRTAKLS0tIFZSdkdTT3JyQmlqZVNEWDRwSFln
Nk1jNmhBV2hFcFVXaVl0TE02L290NDgKq0JV2vKnHUio0d6p8Wo29skOdq1uzjGh
ViIFNODIG8pPVsXQZqCXDWgZIVsAwbavS43d4wkg8iSZ4h6o6sC23Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-31T04:34:15Z"
mac: ENC[AES256_GCM,data:cgZUtls4VWsbWJp4kdQn4Qj39owxOYX0Ujl7V6fQJ2+NAefyGFhh396Q9uss00N7N6gR8cUNnhUBHjuxr/9AE1afzirQxTBbvmNtf57YFhty709yB3nJWgfuBy2WtgfVi26e5BZiRW+2WBREocAR71TIVm6fiyrn1iq0EaqL1yA=,iv:g6yJUQl5eR2OGmhjvileIITSx3zSyhFou2p8/pYFlLQ=,tag:dX3Yy1RiYyZI8eda8bvBrg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.0