Add sops to altair
This commit is contained in:
38
secrets/default.nix
Normal file
38
secrets/default.nix
Normal file
@@ -0,0 +1,38 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [ inputs.sops-nix.homeManagerModules.sops ];
|
||||
|
||||
sops = {
|
||||
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
radicale_pass = { };
|
||||
university_calendar_url = { };
|
||||
ssh_config_orion = {
|
||||
mode = "0600";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
home.file.".config/nixos/secrets/.sops.yaml".text = ''
|
||||
keys:
|
||||
- &polaris age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl
|
||||
- &altair age15mg7k37mc3ll60rfzx4zpzp50xjefzwy0ayjpstq5ce7raem3a7sef57w7
|
||||
creation_rules:
|
||||
- path_regex: secrets.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *polaris
|
||||
- *altair
|
||||
'';
|
||||
|
||||
home.packages = with pkgs; [
|
||||
sops
|
||||
age
|
||||
];
|
||||
}
|
||||
27
secrets/secrets.yaml
Normal file
27
secrets/secrets.yaml
Normal file
@@ -0,0 +1,27 @@
|
||||
radicale_pass: ENC[AES256_GCM,data:zdUxtJKNPC8SzajhFKo=,iv:H55GWMiQLJvZx6rAufkk807lZflg0sepxoq6z0XJ/q4=,tag:MoDOuF37PeF7QEpUxBntEg==,type:str]
|
||||
university_calendar_url: ENC[AES256_GCM,data:y5UtZVC0KJPUz//6S0QsrNeFGQshc88zieQgmlur75VFw9y5CJpnZRpdhLnYva00z5HBkxYQelLqS/I5GrXexWtC7Y7d1dCcQ+IZ0K7GGJ5NrYtjNXfMhzNSlhqjvl5lBGb+S565kel3VsCTyo/YRxdbBN6FA/oQNsx8/AvTgtsPeFkQRDGlGkybFRfWHWuTIDLL,iv:rZK9utRrm/KAkVRUjC3VR09MvDZjpoLx7BgaidzQo3o=,tag:tGWGoQCsS3zZh818OKixPw==,type:str]
|
||||
ssh_config_orion: ENC[AES256_GCM,data:P2jH5BDIzeHSIwTBcZwTOXKes727xK0Xoj9W64GmEszEPZw8vA==,iv:hSY9mFdC82pBbOjMFuzoR2eufhjY2MGERJ4ODmcogbA=,tag:ejF535LrQwwH66nQG3qLGw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvemJLL3p3ZXNHTzAxSHJJ
|
||||
bEI2V3JiVDJaSHRVSGRpZHlta2dodnNhSzBJCjlLbmxVREFTMGtyZFdvY2V2YUpx
|
||||
Y3ZnSWlmYmtEZXFaT2dJQ0NkUnRIQmcKLS0tIFZ6TjhxYmQ3WC9JcHIxOGRuR2Yz
|
||||
VWdzUm1YMW83S244K3NXcVM1dkE0Y28KP25VhtPNZjxDGMkBoQUoHsdMbUGrRAFc
|
||||
N1XiF0E1rNAC7l0IFYea7QwiMWtq3oZNsYtBEdltRt4vWF4Pp2MFaw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age15mg7k37mc3ll60rfzx4zpzp50xjefzwy0ayjpstq5ce7raem3a7sef57w7
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzSWREeHp0UHh1WmJxYmph
|
||||
b0dUWHR6SDFJNjJnYnovRXZCM3ZSb1JRblZzCkxEWERFZHRxdWszR3FnNXN2eDBG
|
||||
MHl1RHB1N1RreU5mL1dwR2tFZ2xKQjQKLS0tIEUxSk9nOCtscEFIUFpYNFdZZ21t
|
||||
ODdTa0VlYjg0ajJuUWhiRVUrR1VSTHMK6NVeKyMTomvZoqAtJN1SshIZdd2fHFBy
|
||||
Waghxmi6x/93lf54E1ZiXZQ+LDCjqqmMY8jgoF00XCo0WeURlHXpaw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-11-29T18:05:48Z"
|
||||
mac: ENC[AES256_GCM,data:j0pHRA3c5lRdyLjqxlP2MTzIYb3WYAy7p+FttOjTQpXcyT5dFykXuu8rv+MQTmWdvHLQKC4iuZ7HTSO9qx8SbAuxHBWpoycpy3cZpmFp5T5crCl65AVQ/yRZKD9gRxkhnVW7aAK1kC3Mq07PamznvX/b7eEJ8h3tvmymuw6z/vY=,iv:W430t2YAXVcJztbO+fNdlOyjjy6+cH5r5YwuM2QdIdc=,tag:dDRJSslL9/Hac465A/TstA==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
Reference in New Issue
Block a user