kevin/dotfiles
1
0
Fork 0
mirror of https://github.com/Unkn0wnCat/dotfiles.git synced 2025-05-23 20:06:10 +02:00
Code Issues Projects Releases Wiki Activity

Add initial secrets

Browse source
This commit is contained in:
Kevin Kandlbinder 2023-02-27 13:59:02 +00:00
parent 78836daf06
commit 796010071b
4 changed files with 45 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
nixos/.sops.yaml Normal file
View file

@ -0,0 +1,9 @@
keys:
- &admin_kevin age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6
- &target_kevin-tp age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s
creation_rules:
- path_regex: kevin-tp/secrets/[^/]+\.yaml$
key_groups:
- age:
- *admin_kevin
- *target_kevin-tp

2
nixos/flake-module.nix
View file

@ -14,7 +14,7 @@ let
#services.envfs.enable = true; #services.envfs.enable = true;
imports = [ imports = [
#inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./modules/users.nix ./modules/users.nix
./modules/common.nix ./modules/common.nix
]; ];

5
nixos/kevin-tp/configuration.nix
View file

@ -15,6 +15,11 @@
../modules/yubikey.nix ../modules/yubikey.nix
]; ];
sops.defaultSopsFile = ./secrets/secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets.example-key = {};
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;

30
nixos/kevin-tp/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,30 @@
example_key: ENC[AES256_GCM,data:D1ZZuTM914KfLtRhfw==,iv:VZ05Gqfd24f044AEwdELTWpeTBg0/Q4slHJneYu9TJU=,tag:uIn+7cHXXUyObrpvxSKSXw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRFlvUXUrTFR0SEZnbjdH
R3kzaU4xRFlMNmNwNXgrM3JqenFOK2VwU3hnCmMzb0N1eWNZUW9ONnlyRFdHRGw3
Snl5ZXdiVWZ5VXoySW4zZExHdytiU0EKLS0tIGR6dFBVeVBqWU8wMHVjcnEyWElx
QmRDVkU3R0pneUdZNEpEY2o4Tm13ODAKs0/Xw3e/mvW3kZpYcwUsl9JPOUTDFpG3
KJBdRLPx0wNgqbqs7FX4zHpUTML02Huc2vzC2KsWE3XG/9ibMpze3w==
-----END AGE ENCRYPTED FILE-----
- recipient: age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArRkdlNmdORUNkbkl4OFdU
MElzZCt4dEpWVDBKRElKVW5jNkFCUUJ1eFJrCnJmKzBZekRSU0JBVGNEOWFkSDZt
eVhsOFRBeW93RHdqSnd1VU5IWDByOHcKLS0tIFJDUzlFbTZqandrSmpmNHRDK0RQ
RFhCUi9oSkpWbEZMSm81SUt0czZobGsKT6g6sl9sf0olO79YLZuIiLqmySH4Vy+a
bnapUeXAg6DQ/Vo5g71j6faF+3/FDPVzTYIvRhCWG71o/nvu1ZPqrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-27T13:52:50Z"
mac: ENC[AES256_GCM,data:9fbP+dv878yWqVbx486ZWcVmF/vei6upy0o2stUmtlnN/j5gSPwvizvwELobgbh2WnEUE+CN/Rc9UQ69ovAa/mrGC4CSn+xM9ElsRG14Pg140Vt5w5o7KFLrF/GJzTCzuS0CcB+68iVZyGcnOnovWTW/HzuWHJW0CsxJlPd8TAM=,iv:QEo1UBx4Zn0XTU468Mali0LbsFO+mCfGSd73iAVXvuA=,tag:uKnQcAuJF5BFHONgaVH5Iw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3