delta/dotfiles
1
0
Fork 0
mirror of https://github.com/deltathetawastaken/dotfiles.git synced 2025-12-06 07:16:37 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

sops on nuc

Browse source
This commit is contained in:
Your Name 2024-03-21 18:05:19 +03:00
parent b0449fe2da
commit ea0076874f
4 changed files with 62 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -1,6 +1,7 @@
keys: keys:
- &dlaptop age15ztewc67js3aunwx8zvkdukqy8r3qswpqucjsqqnqjy3zecvacyqdxhl4y - &dlaptop age15ztewc67js3aunwx8zvkdukqy8r3qswpqucjsqqnqjy3zecvacyqdxhl4y
- &intelnuc age1sxv5n2au0pwpvnj8qya75quz264s5jt0e9734jefng4dh2vyyqlqyuynuc
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yml|yaml|json|env|ini|bin)$ - path_regex: secrets/[^/]+\.(yml|yaml|json|env|ini|bin)$
key_groups: key_groups:
@ -9,4 +10,9 @@ creation_rules:
- path_regex: secrets/wifi/[^/]+$ - path_regex: secrets/wifi/[^/]+$
key_groups: key_groups:
- age: - age:
- *dlaptop - *dlaptop
- path_regex: secrets/intelnuc/[^/]+\.(yml|yaml|json|env|ini|bin)$
key_groups:
- age:
- *dlaptop
- *intelnuc

4
hosts/intelnuc/configuration.nix
View file

@ -9,6 +9,10 @@
time.timeZone = "Europe/Moscow"; time.timeZone = "Europe/Moscow";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
imports = [
./sops.nix
];
users.users.intelnuc = { users.users.intelnuc = {
isNormalUser = true; isNormalUser = true;
description = "intelnuc"; description = "intelnuc";

17
hosts/intelnuc/sops.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, ... }:
{
sops = {
defaultSopsFile = ../../secrets/generic.yaml;
age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519" ];
defaultSopsFormat = "yaml";
secrets = {
"nginx/graf1" = { };
"nginx/graf2" = { };
"nginx/kibana" = { };
};
};
}

34
secrets/intelnuc/main.yaml Normal file
View file

@ -0,0 +1,34 @@
#ENC[AES256_GCM,data:FaOSuGU8RwFvckoITrGacn0T8dbVLaDH0aYVXaE=,iv:L6ffjAOb40cJrVipFOL2BqUHP2HKbiG7SYOk5duJLT8=,tag:O3J8FRYlElrrCiWCHq51BA==,type:comment]
nginx:
graf1: ENC[AES256_GCM,data:FLFAf065Lcu+e64=,iv:W/jQmUEueAVkuWFaElXVILV86n25MjRlcieUOdS73Kw=,tag:UTDfnLXBtI6kSiNkdqMTew==,type:str]
graf2: ENC[AES256_GCM,data:mdKFz9IMNpcfX04=,iv:34N491ELjlOlOdwpJEQNAR2mz+nrgGDnzppnyq76jeM=,tag:tLLzgjYlEpNGCISIHWEe2g==,type:str]
kibana: ENC[AES256_GCM,data:oiSnQzvaRYDS/44=,iv:3XlfBMd5gAu/FIbSr5nI0fHHCmwJkFHCiPXpoZB8ycw=,tag:lDcYsjdM86Bq7TE0yByAEA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age15ztewc67js3aunwx8zvkdukqy8r3qswpqucjsqqnqjy3zecvacyqdxhl4y
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa3RXMG1Jc3c1NVFCYnlO
bHdxc3cyYUZ6MDZKOGsxTklLbE5DTzYyLzF3CkFwRGlPNTFaYWNCbkxMcmJVVCtM
V0Z4RWxXVTErYUVlU05uMXNRSFZIUlUKLS0tIEtTMkcwTDhDZzdpRGtCSFpMV3Z6
ai9wNlRkUC9XNTlad3VkM3U5U3E3UGMKTnRsw7LstwwlELVtZcq6Yo0ClXs6BUX7
5AFE6q6bhdpkze0QPQLEm7hEyZ5hBIvD1T9LoAS19APd6ah6+eAHWA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sxv5n2au0pwpvnj8qya75quz264s5jt0e9734jefng4dh2vyyqlqyuynuc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TTZWdnpidGZkeEpTa2E4
ZVFCR21ZMVBiM1BtNk1rV2EwZmNldG1jYmljClFNMitqT2cwbGthRGswREtoWktx
VmVicityeVphcWNSVFVzREE0TVBUMG8KLS0tIGxtT3ppWDBqNXpUeDhUbXFDYjQ5
ZkFmUUg1R0w3czMvZytud3pEajFxL00KWcIupUeVIcXhf29NAiUGmmsCminokmJM
+/82FhbQwvIOCU5GlZOpCLVOFWIsMiwC3OzDv64hMHxzH4TNuiulvg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-21T14:59:29Z"
mac: ENC[AES256_GCM,data:ci8AchnKKTNU+xSb+DEz2Ts1qeLoYtwQDOjhg+A23hR0b8WOyjM3N4YZGCZue9S0VPa6LT6ZYlmWApfq684YnLUfJtS6eJ3w1gigOJNjuz+j+AHY87b4dltG10vZFR35hkfGIUAv7OgPE74L4caDG9PgoWhg/ESAuPhsXzEnnmI=,iv:l4V9f5EOKue+O7tIKgfVHxl0NwPw0D2gxnP8ZJ8ezPU=,tag:lT6BB/Ha/HKfpBPVpl8shg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1