From 4e32e95eab28792196276c5f37013b16352a823d Mon Sep 17 00:00:00 2001 From: kiri Date: Sat, 29 Nov 2025 21:09:10 +0100 Subject: [PATCH] Add sops to altair --- hosts/altair/home.nix | 1 + hosts/polaris/home.nix | 2 +- .../polaris/secrets => secrets}/default.nix | 10 ++++++---- .../polaris/secrets => secrets}/secrets.yaml | 19 ++++++++++++++----- 4 files changed, 22 insertions(+), 10 deletions(-) rename {hosts/polaris/secrets => secrets}/default.nix (64%) rename {hosts/polaris/secrets => secrets}/secrets.yaml (56%) diff --git a/hosts/altair/home.nix b/hosts/altair/home.nix index 05b8a4b..067eea9 100644 --- a/hosts/altair/home.nix +++ b/hosts/altair/home.nix @@ -8,6 +8,7 @@ imports = [ # Mostly user-specific configuration ./variables.nix + ../../secrets # Programs ../../modules/home-manager/accounts diff --git a/hosts/polaris/home.nix b/hosts/polaris/home.nix index 18d284f..159c70c 100644 --- a/hosts/polaris/home.nix +++ b/hosts/polaris/home.nix @@ -8,7 +8,7 @@ imports = [ # Mostly user-specific configuration ./variables.nix - ./secrets/default.nix + ../../secrets # Programs ../../modules/home-manager/accounts diff --git a/hosts/polaris/secrets/default.nix b/secrets/default.nix similarity index 64% rename from hosts/polaris/secrets/default.nix rename to secrets/default.nix index d6f8cda..08384a3 100644 --- a/hosts/polaris/secrets/default.nix +++ b/secrets/default.nix @@ -19,14 +19,16 @@ }; }; - home.file.".config/nixos/.sops.yaml".text = '' + home.file.".config/nixos/secrets/.sops.yaml".text = '' keys: - - &primary age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl + - &polaris age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl + - &altair age15mg7k37mc3ll60rfzx4zpzp50xjefzwy0ayjpstq5ce7raem3a7sef57w7 creation_rules: - - path_regex: hosts/polaris/secrets/secrets.yaml$ + - path_regex: secrets.yaml$ key_groups: - age: - - *primary + - *polaris + - *altair ''; home.packages = with pkgs; [ diff --git a/hosts/polaris/secrets/secrets.yaml b/secrets/secrets.yaml similarity index 56% rename from hosts/polaris/secrets/secrets.yaml rename to secrets/secrets.yaml index 60dba90..64e61a6 100644 --- a/hosts/polaris/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -6,11 +6,20 @@ sops: - recipient: age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRc08xMTMrTFZzSE8vQUx4 - Y3RjelNXcmZ0Z0lSQkpVMjV2Yk4yc0pmb2s0ClZyTENuL0xpazAxazFUbEkxZmRD - TmhMSCtncWZ6NHhkVmRGV0lxVUkyYW8KLS0tIDR2dktlVy9UVVcvQ1IyaFUvRFZE - OFY3bU9JczZyV1dBS3FjWWVLQy9vWG8K9ESUWng+aRzt3Wu9WOYXQIu8ZMsBBYJX - PBnnSspDusmg1pWrFksA4c6UOEwG0E/l7t6VLssPkWAzJvz3qzBhZg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvemJLL3p3ZXNHTzAxSHJJ + bEI2V3JiVDJaSHRVSGRpZHlta2dodnNhSzBJCjlLbmxVREFTMGtyZFdvY2V2YUpx + Y3ZnSWlmYmtEZXFaT2dJQ0NkUnRIQmcKLS0tIFZ6TjhxYmQ3WC9JcHIxOGRuR2Yz + VWdzUm1YMW83S244K3NXcVM1dkE0Y28KP25VhtPNZjxDGMkBoQUoHsdMbUGrRAFc + N1XiF0E1rNAC7l0IFYea7QwiMWtq3oZNsYtBEdltRt4vWF4Pp2MFaw== + -----END AGE ENCRYPTED FILE----- + - recipient: age15mg7k37mc3ll60rfzx4zpzp50xjefzwy0ayjpstq5ce7raem3a7sef57w7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzSWREeHp0UHh1WmJxYmph + b0dUWHR6SDFJNjJnYnovRXZCM3ZSb1JRblZzCkxEWERFZHRxdWszR3FnNXN2eDBG + MHl1RHB1N1RreU5mL1dwR2tFZ2xKQjQKLS0tIEUxSk9nOCtscEFIUFpYNFdZZ21t + ODdTa0VlYjg0ajJuUWhiRVUrR1VSTHMK6NVeKyMTomvZoqAtJN1SshIZdd2fHFBy + Waghxmi6x/93lf54E1ZiXZQ+LDCjqqmMY8jgoF00XCo0WeURlHXpaw== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-11-29T18:05:48Z" mac: ENC[AES256_GCM,data:j0pHRA3c5lRdyLjqxlP2MTzIYb3WYAy7p+FttOjTQpXcyT5dFykXuu8rv+MQTmWdvHLQKC4iuZ7HTSO9qx8SbAuxHBWpoycpy3cZpmFp5T5crCl65AVQ/yRZKD9gRxkhnVW7aAK1kC3Mq07PamznvX/b7eEJ8h3tvmymuw6z/vY=,iv:W430t2YAXVcJztbO+fNdlOyjjy6+cH5r5YwuM2QdIdc=,tag:dDRJSslL9/Hac465A/TstA==,type:str]