foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 04:58:01 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

hosts/ni: update secrets code

Browse Source
This commit is contained in:
Gabriel Arazas 2022-12-31 11:13:27 +08:00
parent 8c57eea6bb
commit b0d9ec560b
2 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
hosts/ni/default.nix
View File

@ -23,10 +23,27 @@
];
services.openssh.hostKeys = [{
path = config.sops.secrets.ssh-key.path;
path = config.sops.secrets."ni/ssh-key".path;
type = "ed25519";
}];
sops.secrets.ssh-key.sopsFile = ./secrets/secrets.yaml;
sops.secrets = let
getKey = key: {
inherit key;
sopsFile = ./secrets/secrets.yaml;
};
getSecrets = secrets:
lib.mapAttrs'
(secret: config:
lib.nameValuePair
"ni/${secret}"
((getKey secret) // config))
secrets;
in
getSecrets {
ssh-key = { };
};
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
boot.binfmt.emulatedSystems = [

6
hosts/ni/secrets/secrets.yaml
View File

@ -1,4 +1,6 @@
ssh-key: ENC[AES256_GCM,data:QKlQJCr4saNFHFBmbZBYnb0trwDaD+P925PRv0StcHjjT/eQVQijxGJRn4R73F0rChpB0YcnLsqn/mcgZzitzw0Q8MTREBNWYHITKl/VzTiOVhPdfD3hhlLMOVXRjtFwIk69iwheQeh9aGtRmin8MmbjZJHv7bczDuLeD5GtdL7G5Y8KPTF4BFOHFwLuUgL1vOG3wc+vWynFJ6W0t7umnBmcSHaIf2o8ZY2arGruHXsCJHVCtj9G5PS8SMBb1pGstiAXAdhd9rOhbHSYF0rqL841CkGnLL1hUrgNYTXNlEuss06exuYNEQq24GXRYdnMNizhNiWJxGiVC53masTWynryGdj0qRUvjqzzttLLer3w6wS4rA743vPvmlNnVrWauyoUtE9Z/EBLfh2gv2m+I6A8e7aAUyAqsI0e/zMbv0Mvm+Gv2veGHp1sX+PLF6MbQMDxMuax0ZNBgdidGqWAqBtKZ7buLQ5ckU43Js9/CaRB+qQ7VzTJ+amhtQPrlgILY+yQKheLribkSKRuw99p,iv:UaWomy2e/WE0jYAkblGoZDOEEPtQpaIiGawMh8q4Emk=,tag:kS1rafdiqkyMEbdPj+TdqA==,type:str]
ldap:
password: ENC[AES256_GCM,data:ukPDXnF21z4SKZSEtIlHbup9EPoU,iv:yAz5nlBnM9taU3JC+yCF+7ymIys/YvBVbgeXx7UvVAw=,tag:6yz0548WSaBoD9cwOxfQAw==,type:str]
sops:
kms: []
gcp_kms: []
@ -14,8 +16,8 @@ sops:
eEV0YWkyWHlIRmxhZjNYU3kzNlN3alkKDbMlrB1MkJ8145OcXyOhQLjLkKhrI/Vm
ba7etZO7hqWwajWgEhFGNexI6QuQwgUU3zIOc//zPp8P7nNySfWOww==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-07-18T13:08:34Z"
mac: ENC[AES256_GCM,data:Q3vlqrnYzjhdrqy6zWBTAU6IHM4rCmS+qdUrlyYezy5j3Sdw+y0EX9w4KCEiJ7c86QrxB+gfxgxYvyLBuXPEEoRqvf7xKIiwGXEs/vxif1W9nri3n14PAP/PdgjQqNCI1BVHAX276Mbkec8ipaFEClboV6d9904/18t9tqlFkx0=,iv:NlLzwp/pJ7X80A+EupaxNwrEP7iO4oFtOlhTQLjAies=,tag:Z3bgc2DhunF7iKF0GOoq2g==,type:str]
lastmodified: "2022-12-29T06:47:49Z"
mac: ENC[AES256_GCM,data:lo0nbFQNYeq3pq7RoVl3Qz33ZgAMsDjLvpMpGALIhdP40sVHhwAcTJNAKN/uqQHi3fhEQ5YG5+4IOuE7OToKmxI2sK4ffWiTils89nSH2CeQxYibHfKUYraCLEZhVH26Bgt0uaggG9BHjpGdA9Ua4jwFQReWPq9cpMF2oKkYSak=,iv:zZNt5CZQfwN2CdYiGNi0q+/QeGyTTo1Vd70CUwb3OTM=,tag:aSFcF1BPA7P0+W9Dce/NAg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3