foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 04:58:01 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

users/foo-dogsquared: create secrets

Browse Source
This commit is contained in:
Gabriel Arazas 2023-07-24 17:48:15 +08:00
parent 152b7248c5
commit 5074098ab9
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
3 changed files with 65 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.sops.yaml
View File

@ -9,6 +9,12 @@ creation_rules:
age: *ni age: *ni
- path_regex: hosts/plover/secrets/[^/]+\.(yaml|json)$ - path_regex: hosts/plover/secrets/[^/]+\.(yaml|json)$
age: *plover age: *plover
- path_regex: users/home-manager/foo-dogsquared/[^/]+\.(yaml|json)$
key_groups:
- age:
- *foo-dogsquared-age
- gpg:
- *foo-dogsquared
- path_regex: secrets/[^/]+\.(yaml|json)$ - path_regex: secrets/[^/]+\.(yaml|json)$
key_groups: key_groups:
- age: - age:

9
users/home-manager/foo-dogsquared/default.nix
View File

@ -13,6 +13,15 @@ in
./modules/music.nix ./modules/music.nix
]; ];
# The keyfile required to decrypt the secrets.
sops.age.keyFile = "${config.xdg.configHome}/age/user";
sops.secrets = lib.getSecrets ./secrets/secrets.yaml {
davfs2-credentials = {
path = "${config.home.homeDirectory}/.davfs2/davfs2.conf";
};
};
# Set nixpkgs config both outside and inside of home-manager. # Set nixpkgs config both outside and inside of home-manager.
nixpkgs.config = import ./config/nixpkgs/config.nix; nixpkgs.config = import ./config/nixpkgs/config.nix;
xdg.configFile."nixpkgs/config.nix".source = ./config/nixpkgs/config.nix; xdg.configFile."nixpkgs/config.nix".source = ./config/nixpkgs/config.nix;

50
users/home-manager/foo-dogsquared/secrets/secrets.yaml Normal file
View File

@ -0,0 +1,50 @@
davfs2-credentials: ENC[AES256_GCM,data:94LGrgnLJPEOwaumXzkoVrlHZ4T+M5cdrzoYH8cKxHWv2DYusETB6X+mVBVyXhu8RSW4/969Xuv5NbBaEw/b/2EeVX5oSolGgysQR9Cg5bTJDO9Ul7SMZTBWwAs8oGYHOsVif1MAwDM=,iv:H2IYE2cHLzaZ/ni+t0BaSAcdHAmE2PCBlq93R6qQBhY=,tag:GjjDJI9dlIqjP98IkfmBTA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1say65zc678yc03tx4zexp20c9gvskvwrm4390j4x2jkepn97duhq9ptuj9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4T2hEaXVnaksxeEd2STRt
K0NMTS9oWUgvMDNyU1ppTDlIWExoVEVwKzFJCndvb0I4OStUUU5LM29SZ0dJc0Iz
d2VXcEs1SHpZWXQrVWptY3NwS1R2cmMKLS0tIFl6eC9qaThGYlJTdC90MEl4YndT
RXprcXhmazgvY1FYSWtIZ1BvbTU2RWMKb/WzNKM2QL+Tt/sx33EzbY4Jn2QYv9vv
GF2zlE1CQEmVKUr+AmNgh8oOtMdu49QMBmZqX5fV52fQjZDbdxCpcw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dm9xugju4q5gx0zty8ckw655ea904c64gv9qw9fn3lu507ck8uzsag59y8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWEk1YVNxMWdKaEUwaktT
VjBaOWcwR1Bmbk14L3dwa3dleHpoQnRuT0hJCjcvcERsUEk5Ulhyd2JsdEhNSzJI
c1c4Uk02Y0ZsTTI3azhoOUFRbjFpcWsKLS0tIGpWVXgveUZHR1RGdVhZUXpnODEw
VWdjK3czWFU1R1c3TkZvM1hpenhJclkKz23eALRIPuVpobGMChitQjwuy4aC31bt
4EOe2ajKkhn4iV91HwkJ/cpzNKZ50hs2u1D3lGPKzV4L9QMWIjl3vA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-24T09:08:14Z"
mac: ENC[AES256_GCM,data:90yi3yCZOX1tDnF2NaUHZtfVyn9iriZd9t0qP++VKbWJjp8QPXGRfjKmDU/FKrsQaDNgXxLv7m+ktLD9Jq65SOgHeLh8jPS9AOdU51xNiiJMK3XHlEhSqteUWk9B4qlRsxJCOHgTMFH1jZBG+eV0ij6JI2QtKE+Ol6Njc+G7THg=,iv:W/T8ImnsM2mn2O8k8WOzOyMdVI9Miv+NqR2r3TqWp94=,tag:1+O85c2qI6V1eNScxPOH+A==,type:str]
pgp:
- created_at: "2023-07-24T09:43:25Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA0MCE9LFsRfKARAAnmh12lbacTMP4O6pw1XCq/4MJpC4vR5DH385pyPUsrmz
3myNwgaKcgj38a2Q8fFcqcXdD39SCF/2riJFgqa8p4wVx+vwVAHvxtUYhTk60pBc
WW18WPDyQptsgJCTZA1XG2VhfK1GTkwI9gqYMkfWLjJibCp3TPfL+J5MCyNrzSbI
SOu2/jUt+rhDd9G5u2eUaG+XPgDtLS8Y0zgA3K0PawC7vRZQWGcMQ0xlycou/iys
iAw8tVym4WkaxKHr4yakqNxIAH5eSGIgviBXQPV/pJyFZMdQ6RR1GjcjbMgVBD8C
H7xyCYily+r25MMXNju29Z3Ku88SD5GpPM9X49DVUTftAKmwH5OKldRaMucuH6jX
ouxk6Rqf82EUg8mQ+ePWetqCIa3gyV6rIk/QJ3KmvNbe/ScypHWVCwfG5lkX2wZM
DK5q8NBTpu5wJn5MCJglNkiqzOiEyD0T7b16TcwJdT2cRBYe+nStoStRKqCwtOZT
P3XUZeFWyQXZ7yatrwvUAQbu3AH6KzqFPx9ZG5vHt8p3s1aV0l6SAKhgmkxqMqeE
gkjyI3Cl2XSOtDOH+/o9hqkJKQ8UBXtKshXW4IXJmgztYbVj9xlC7B9gt9IS0mkz
+kWEPO1/PNqwuGj4N03JtR3eZXKzQ+14Gy3GAiG+htQlcrsBVTC6t2GYzQw2EMPS
UQFEQZtvC24OooBLcmPjcqz8Ahr5YnYCDZvMtQFJJwzqpNhjHOoAPDFRWKmDisAI
La7F/KWfwrOBfjzKDSkcQgnk2P832T1lCGtbJj75CPZOww==
=EuQb
-----END PGP MESSAGE-----
fp: DDD7D0BD602E564BAA04FC3514310D9141152B92
unencrypted_suffix: _unencrypted
version: 3.7.3