sops.nix external file

hosts/dlaptop/configuration.nix

@@ -21,32 +21,9 @@
   #   localStorageDir = ../../secrets/rekeyed/${config.networking.hostName};
   # };
 
-  sops = {
+  imports = [ 
-    defaultSopsFile = ../../secrets/generic.yaml;
+    ./sops.nix
-    #defaultSopsFile = ../../.sops.yaml;
+  ];
-    age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519" ];
-    #age.keyFile = "/home/delta/.config/sops/age/keys.txt";
-    defaultSopsFormat = "yaml";
-
-    secrets.qqq = {
-      mode = "0400"; owner = "delta"; group = "users";
-    };
-
-    secrets.cloudflared = {
-      mode = "0400"; owner = "cloudflared"; group = "cloudflared";
-    };
-    
-
-    secrets."myservice/my_subdir/my_secret" = {};
-
-    secrets.singbox-aus = {
-      sopsFile = ../../secrets/singbox-aus.bin;
-      format = "binary";
-      mode = "0400";
-      owner = "socks";
-      group = "socks";
-    };
-  };
 
 
 

hosts/dlaptop/sops.nix

@@ -0,0 +1,30 @@
+{ config, lib, ...}:
+
+{
+  sops = {
+    defaultSopsFile = ../../secrets/generic.yaml;
+    #defaultSopsFile = ../../.sops.yaml;
+    age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519" ];
+    #age.keyFile = "/home/delta/.config/sops/age/keys.txt";
+    defaultSopsFormat = "yaml";
+
+    secrets.qqq = {
+      mode = "0400"; owner = "delta"; group = "users";
+    };
+
+    secrets.cloudflared = {
+      mode = "0400"; owner = "cloudflared"; group = "cloudflared";
+    };
+    
+
+    secrets."myservice/my_subdir/my_secret" = {};
+
+    secrets.singbox-aus = {
+      sopsFile = ../../secrets/singbox-aus.bin;
+      format = "binary";
+      mode = "0400";
+      owner = "socks";
+      group = "socks";
+    };
+  };
+}

secrets/generic.yaml

@@ -1,4 +1,4 @@
-#ENC[AES256_GCM,data:tsH+OzO1HuSGhW6FpMS4z/B7MGsy53gL8AlR1OtddpQPM/drvvI=,iv:TFXG6UZ+yiIiI7no2I5ZoCBozm/QsckpR08aoVpWmA8=,tag:/L8bfExsQzgUFUyZVjNE6g==,type:comment]
+#ENC[AES256_GCM,data:BoSXLfAzseyjQsS5GL/UW7XNfuU=,iv:IrLTGiH4awBmnZuC0AhkeWyTsG86DoFog7JTZ3g4rlQ=,tag:HghXG9MwBDCrmVeDp5yU1A==,type:comment]
 qqq: ENC[AES256_GCM,data:6HrbuPwwDdOfWP/6+lQOIIrg,iv:w6MP9T0uRgew7fVvpYcmdM2OOHvWUmbxw5pEBE2s7m8=,tag:s3gFo1AIyDbuEWcqzR309Q==,type:str]
 #ENC[AES256_GCM,data:byD/SyOeoUWOfbQgsr4zh3brXkNP0eX46qwJEAecN6KLokr2k9/loKL5n+vUHAs8WJpa1xwVuRw=,iv:nWv3leL6YaTT3IurT6wcvQCbvBoaWPihRk7VaZrptJA=,tag:p1ltRsWOXWvWy6DJlQdyVw==,type:comment]
 #ENC[AES256_GCM,data:h2Y/qaN1lKO20UZJ+LbDofboZmIoX5qP90bkb1u+OlIlDtZwhB+hnB+RQ6CgQdH6rU7X3lyd6SDSYNa+GKILH3c7vDLa1Tfb,iv:x6/4DUzV0lHuCy4IjRqutyyMx4pQq4unF52yITEfmQ4=,tag:9WfRbeAKTsiwmSMb3K7wwg==,type:comment]
@@ -21,8 +21,8 @@ sops:
             ZUMveWUySng1eFNCNEc4aThLbHQ4MXcKP5sQvjLknHpO3Tf1rlg4+5LNqPWzBL4p
             w+E3S1SsdzF5niYafdFj/5yc4PLdYR3JM9jxcuc2KzRWTM3oQNZH7Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-15T14:49:56Z"
+    lastmodified: "2024-03-15T15:10:31Z"
-    mac: ENC[AES256_GCM,data:lv1Ku7JdlGXgn4RCkQqQWdXwf7ESvOo0kmZDBkouItg31MYMunEGCnv7VYAlcSmDY2HkLd/iDvWbumS3ZnvLMFpuSH5wGeA2NwW0zPh9yyUHgxVP72fQK7ddCzhOaqn9w/5IfRQBAfed4YOeCoqKKoGunwaJQRhFtPjbdT49GAE=,iv:PepxRwGwTvbhhA/h8MV9gRtaXOgiATvAjgNCODlbw/U=,tag:z3IbOL7szx26n9FVH9kMCA==,type:str]
+    mac: ENC[AES256_GCM,data:3KTUBOZ32R+pG+1CqX1F7L5LSRrzSYBiU92565bu1Kl0WyllAtL+nVQei0ByCwJ/Au+Dg3OwYBqCc4JMZlxn8TM6KFb+j7ttCUL6o3/TekDSSAUlIGmNMUCJikaGAIWZ9JHPMU/BdNKQeltRTpxb6cU1Qp3FA1NQlr7f+dXtqn8=,iv:cOQplwWIm+kZB97EjzXkuhqPmQdFY08nWTrM4Ky33PM=,tag:7tQbnJICXsw+FUnG8D8o/w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1