diff --git a/.sops.yaml b/.sops.yaml index 8d69936..9f5ac3d 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,7 @@ keys: - &dlaptop age15ztewc67js3aunwx8zvkdukqy8r3qswpqucjsqqnqjy3zecvacyqdxhl4y + - &intelnuc age1sxv5n2au0pwpvnj8qya75quz264s5jt0e9734jefng4dh2vyyqlqyuynuc creation_rules: - path_regex: secrets/[^/]+\.(yml|yaml|json|env|ini|bin)$ key_groups: @@ -9,4 +10,9 @@ creation_rules: - path_regex: secrets/wifi/[^/]+$ key_groups: - age: - - *dlaptop \ No newline at end of file + - *dlaptop + - path_regex: secrets/intelnuc/[^/]+\.(yml|yaml|json|env|ini|bin)$ + key_groups: + - age: + - *dlaptop + - *intelnuc \ No newline at end of file diff --git a/hosts/intelnuc/configuration.nix b/hosts/intelnuc/configuration.nix index 8ccb8fb..d9d6fef 100644 --- a/hosts/intelnuc/configuration.nix +++ b/hosts/intelnuc/configuration.nix @@ -9,6 +9,10 @@ time.timeZone = "Europe/Moscow"; i18n.defaultLocale = "en_US.UTF-8"; + imports = [ + ./sops.nix + ]; + users.users.intelnuc = { isNormalUser = true; description = "intelnuc"; diff --git a/hosts/intelnuc/sops.nix b/hosts/intelnuc/sops.nix new file mode 100644 index 0000000..32e6484 --- /dev/null +++ b/hosts/intelnuc/sops.nix @@ -0,0 +1,17 @@ +{ config, lib, ... }: + +{ + sops = { + defaultSopsFile = ../../secrets/generic.yaml; + age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519" ]; + defaultSopsFormat = "yaml"; + + secrets = { + + "nginx/graf1" = { }; + "nginx/graf2" = { }; + "nginx/kibana" = { }; + + }; + }; +} diff --git a/secrets/intelnuc/main.yaml b/secrets/intelnuc/main.yaml new file mode 100644 index 0000000..958986f --- /dev/null +++ b/secrets/intelnuc/main.yaml @@ -0,0 +1,34 @@ +#ENC[AES256_GCM,data:FaOSuGU8RwFvckoITrGacn0T8dbVLaDH0aYVXaE=,iv:L6ffjAOb40cJrVipFOL2BqUHP2HKbiG7SYOk5duJLT8=,tag:O3J8FRYlElrrCiWCHq51BA==,type:comment] +nginx: + graf1: ENC[AES256_GCM,data:FLFAf065Lcu+e64=,iv:W/jQmUEueAVkuWFaElXVILV86n25MjRlcieUOdS73Kw=,tag:UTDfnLXBtI6kSiNkdqMTew==,type:str] + graf2: ENC[AES256_GCM,data:mdKFz9IMNpcfX04=,iv:34N491ELjlOlOdwpJEQNAR2mz+nrgGDnzppnyq76jeM=,tag:tLLzgjYlEpNGCISIHWEe2g==,type:str] + kibana: ENC[AES256_GCM,data:oiSnQzvaRYDS/44=,iv:3XlfBMd5gAu/FIbSr5nI0fHHCmwJkFHCiPXpoZB8ycw=,tag:lDcYsjdM86Bq7TE0yByAEA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15ztewc67js3aunwx8zvkdukqy8r3qswpqucjsqqnqjy3zecvacyqdxhl4y + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa3RXMG1Jc3c1NVFCYnlO + bHdxc3cyYUZ6MDZKOGsxTklLbE5DTzYyLzF3CkFwRGlPNTFaYWNCbkxMcmJVVCtM + V0Z4RWxXVTErYUVlU05uMXNRSFZIUlUKLS0tIEtTMkcwTDhDZzdpRGtCSFpMV3Z6 + ai9wNlRkUC9XNTlad3VkM3U5U3E3UGMKTnRsw7LstwwlELVtZcq6Yo0ClXs6BUX7 + 5AFE6q6bhdpkze0QPQLEm7hEyZ5hBIvD1T9LoAS19APd6ah6+eAHWA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1sxv5n2au0pwpvnj8qya75quz264s5jt0e9734jefng4dh2vyyqlqyuynuc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TTZWdnpidGZkeEpTa2E4 + ZVFCR21ZMVBiM1BtNk1rV2EwZmNldG1jYmljClFNMitqT2cwbGthRGswREtoWktx + VmVicityeVphcWNSVFVzREE0TVBUMG8KLS0tIGxtT3ppWDBqNXpUeDhUbXFDYjQ5 + ZkFmUUg1R0w3czMvZytud3pEajFxL00KWcIupUeVIcXhf29NAiUGmmsCminokmJM + +/82FhbQwvIOCU5GlZOpCLVOFWIsMiwC3OzDv64hMHxzH4TNuiulvg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-21T14:59:29Z" + mac: ENC[AES256_GCM,data:ci8AchnKKTNU+xSb+DEz2Ts1qeLoYtwQDOjhg+A23hR0b8WOyjM3N4YZGCZue9S0VPa6LT6ZYlmWApfq684YnLUfJtS6eJ3w1gigOJNjuz+j+AHY87b4dltG10vZFR35hkfGIUAv7OgPE74L4caDG9PgoWhg/ESAuPhsXzEnnmI=,iv:l4V9f5EOKue+O7tIKgfVHxl0NwPw0D2gxnP8ZJ8ezPU=,tag:lT6BB/Ha/HKfpBPVpl8shg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1