From 385b2e533fdcbdb22f8f217615afed70812d7571 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 15 Mar 2024 18:16:31 +0300 Subject: [PATCH] sops.nix external file --- hosts/dlaptop/configuration.nix | 29 +++-------------------------- hosts/dlaptop/sops.nix | 30 ++++++++++++++++++++++++++++++ secrets/generic.yaml | 6 +++--- 3 files changed, 36 insertions(+), 29 deletions(-) create mode 100644 hosts/dlaptop/sops.nix diff --git a/hosts/dlaptop/configuration.nix b/hosts/dlaptop/configuration.nix index 14d6edb..f3f5255 100644 --- a/hosts/dlaptop/configuration.nix +++ b/hosts/dlaptop/configuration.nix @@ -21,32 +21,9 @@ # localStorageDir = ../../secrets/rekeyed/${config.networking.hostName}; # }; - sops = { - defaultSopsFile = ../../secrets/generic.yaml; - #defaultSopsFile = ../../.sops.yaml; - age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519" ]; - #age.keyFile = "/home/delta/.config/sops/age/keys.txt"; - defaultSopsFormat = "yaml"; - - secrets.qqq = { - mode = "0400"; owner = "delta"; group = "users"; - }; - - secrets.cloudflared = { - mode = "0400"; owner = "cloudflared"; group = "cloudflared"; - }; - - - secrets."myservice/my_subdir/my_secret" = {}; - - secrets.singbox-aus = { - sopsFile = ../../secrets/singbox-aus.bin; - format = "binary"; - mode = "0400"; - owner = "socks"; - group = "socks"; - }; - }; + imports = [ + ./sops.nix + ]; diff --git a/hosts/dlaptop/sops.nix b/hosts/dlaptop/sops.nix new file mode 100644 index 0000000..eb34f75 --- /dev/null +++ b/hosts/dlaptop/sops.nix @@ -0,0 +1,30 @@ +{ config, lib, ...}: + +{ + sops = { + defaultSopsFile = ../../secrets/generic.yaml; + #defaultSopsFile = ../../.sops.yaml; + age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519" ]; + #age.keyFile = "/home/delta/.config/sops/age/keys.txt"; + defaultSopsFormat = "yaml"; + + secrets.qqq = { + mode = "0400"; owner = "delta"; group = "users"; + }; + + secrets.cloudflared = { + mode = "0400"; owner = "cloudflared"; group = "cloudflared"; + }; + + + secrets."myservice/my_subdir/my_secret" = {}; + + secrets.singbox-aus = { + sopsFile = ../../secrets/singbox-aus.bin; + format = "binary"; + mode = "0400"; + owner = "socks"; + group = "socks"; + }; + }; +} \ No newline at end of file diff --git a/secrets/generic.yaml b/secrets/generic.yaml index 2015bef..547856d 100644 --- a/secrets/generic.yaml +++ b/secrets/generic.yaml @@ -1,4 +1,4 @@ -#ENC[AES256_GCM,data:tsH+OzO1HuSGhW6FpMS4z/B7MGsy53gL8AlR1OtddpQPM/drvvI=,iv:TFXG6UZ+yiIiI7no2I5ZoCBozm/QsckpR08aoVpWmA8=,tag:/L8bfExsQzgUFUyZVjNE6g==,type:comment] +#ENC[AES256_GCM,data:BoSXLfAzseyjQsS5GL/UW7XNfuU=,iv:IrLTGiH4awBmnZuC0AhkeWyTsG86DoFog7JTZ3g4rlQ=,tag:HghXG9MwBDCrmVeDp5yU1A==,type:comment] qqq: ENC[AES256_GCM,data:6HrbuPwwDdOfWP/6+lQOIIrg,iv:w6MP9T0uRgew7fVvpYcmdM2OOHvWUmbxw5pEBE2s7m8=,tag:s3gFo1AIyDbuEWcqzR309Q==,type:str] #ENC[AES256_GCM,data:byD/SyOeoUWOfbQgsr4zh3brXkNP0eX46qwJEAecN6KLokr2k9/loKL5n+vUHAs8WJpa1xwVuRw=,iv:nWv3leL6YaTT3IurT6wcvQCbvBoaWPihRk7VaZrptJA=,tag:p1ltRsWOXWvWy6DJlQdyVw==,type:comment] #ENC[AES256_GCM,data:h2Y/qaN1lKO20UZJ+LbDofboZmIoX5qP90bkb1u+OlIlDtZwhB+hnB+RQ6CgQdH6rU7X3lyd6SDSYNa+GKILH3c7vDLa1Tfb,iv:x6/4DUzV0lHuCy4IjRqutyyMx4pQq4unF52yITEfmQ4=,tag:9WfRbeAKTsiwmSMb3K7wwg==,type:comment] @@ -21,8 +21,8 @@ sops: ZUMveWUySng1eFNCNEc4aThLbHQ4MXcKP5sQvjLknHpO3Tf1rlg4+5LNqPWzBL4p w+E3S1SsdzF5niYafdFj/5yc4PLdYR3JM9jxcuc2KzRWTM3oQNZH7Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-15T14:49:56Z" - mac: ENC[AES256_GCM,data:lv1Ku7JdlGXgn4RCkQqQWdXwf7ESvOo0kmZDBkouItg31MYMunEGCnv7VYAlcSmDY2HkLd/iDvWbumS3ZnvLMFpuSH5wGeA2NwW0zPh9yyUHgxVP72fQK7ddCzhOaqn9w/5IfRQBAfed4YOeCoqKKoGunwaJQRhFtPjbdT49GAE=,iv:PepxRwGwTvbhhA/h8MV9gRtaXOgiATvAjgNCODlbw/U=,tag:z3IbOL7szx26n9FVH9kMCA==,type:str] + lastmodified: "2024-03-15T15:10:31Z" + mac: ENC[AES256_GCM,data:3KTUBOZ32R+pG+1CqX1F7L5LSRrzSYBiU92565bu1Kl0WyllAtL+nVQei0ByCwJ/Au+Dg3OwYBqCc4JMZlxn8TM6KFb+j7ttCUL6o3/TekDSSAUlIGmNMUCJikaGAIWZ9JHPMU/BdNKQeltRTpxb6cU1Qp3FA1NQlr7f+dXtqn8=,iv:cOQplwWIm+kZB97EjzXkuhqPmQdFY08nWTrM4Ky33PM=,tag:7tQbnJICXsw+FUnG8D8o/w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1