kiri/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add sops to altair

Browse Source
This commit is contained in:
kiri
2025-11-29 21:09:10 +01:00
parent 1e89b45042
commit 4e32e95eab
4 changed files with 22 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/altair/home.nix
View File

@@ -8,6 +8,7 @@
imports = [ imports = [
# Mostly user-specific configuration # Mostly user-specific configuration
./variables.nix ./variables.nix
../../secrets
# Programs # Programs
../../modules/home-manager/accounts ../../modules/home-manager/accounts

2
hosts/polaris/home.nix
View File

@@ -8,7 +8,7 @@
imports = [ imports = [
# Mostly user-specific configuration # Mostly user-specific configuration
./variables.nix ./variables.nix
./secrets/default.nix ../../secrets
# Programs # Programs
../../modules/home-manager/accounts ../../modules/home-manager/accounts

10
hosts/polaris/secrets/default.nix → secrets/default.nix
View File

@@ -19,14 +19,16 @@
}; };
}; };
home.file.".config/nixos/.sops.yaml".text = '' home.file.".config/nixos/secrets/.sops.yaml".text = ''
keys: keys:
- &primary age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl - &polaris age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl
- &altair age15mg7k37mc3ll60rfzx4zpzp50xjefzwy0ayjpstq5ce7raem3a7sef57w7
creation_rules: creation_rules:
- path_regex: hosts/polaris/secrets/secrets.yaml$ - path_regex: secrets.yaml$
key_groups: key_groups:
- age: - age:
- *primary - *polaris
- *altair
''; '';
home.packages = with pkgs; [ home.packages = with pkgs; [

19
hosts/polaris/secrets/secrets.yaml → secrets/secrets.yaml
View File

@@ -6,11 +6,20 @@ sops:
- recipient: age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl - recipient: age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRc08xMTMrTFZzSE8vQUx4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvemJLL3p3ZXNHTzAxSHJJ
Y3RjelNXcmZ0Z0lSQkpVMjV2Yk4yc0pmb2s0ClZyTENuL0xpazAxazFUbEkxZmRD bEI2V3JiVDJaSHRVSGRpZHlta2dodnNhSzBJCjlLbmxVREFTMGtyZFdvY2V2YUpx
TmhMSCtncWZ6NHhkVmRGV0lxVUkyYW8KLS0tIDR2dktlVy9UVVcvQ1IyaFUvRFZE Y3ZnSWlmYmtEZXFaT2dJQ0NkUnRIQmcKLS0tIFZ6TjhxYmQ3WC9JcHIxOGRuR2Yz
OFY3bU9JczZyV1dBS3FjWWVLQy9vWG8K9ESUWng+aRzt3Wu9WOYXQIu8ZMsBBYJX VWdzUm1YMW83S244K3NXcVM1dkE0Y28KP25VhtPNZjxDGMkBoQUoHsdMbUGrRAFc
PBnnSspDusmg1pWrFksA4c6UOEwG0E/l7t6VLssPkWAzJvz3qzBhZg== N1XiF0E1rNAC7l0IFYea7QwiMWtq3oZNsYtBEdltRt4vWF4Pp2MFaw==
-----END AGE ENCRYPTED FILE-----
- recipient: age15mg7k37mc3ll60rfzx4zpzp50xjefzwy0ayjpstq5ce7raem3a7sef57w7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzSWREeHp0UHh1WmJxYmph
b0dUWHR6SDFJNjJnYnovRXZCM3ZSb1JRblZzCkxEWERFZHRxdWszR3FnNXN2eDBG
MHl1RHB1N1RreU5mL1dwR2tFZ2xKQjQKLS0tIEUxSk9nOCtscEFIUFpYNFdZZ21t
ODdTa0VlYjg0ajJuUWhiRVUrR1VSTHMK6NVeKyMTomvZoqAtJN1SshIZdd2fHFBy
Waghxmi6x/93lf54E1ZiXZQ+LDCjqqmMY8jgoF00XCo0WeURlHXpaw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-29T18:05:48Z" lastmodified: "2025-11-29T18:05:48Z"
mac: ENC[AES256_GCM,data:j0pHRA3c5lRdyLjqxlP2MTzIYb3WYAy7p+FttOjTQpXcyT5dFykXuu8rv+MQTmWdvHLQKC4iuZ7HTSO9qx8SbAuxHBWpoycpy3cZpmFp5T5crCl65AVQ/yRZKD9gRxkhnVW7aAK1kC3Mq07PamznvX/b7eEJ8h3tvmymuw6z/vY=,iv:W430t2YAXVcJztbO+fNdlOyjjy6+cH5r5YwuM2QdIdc=,tag:dDRJSslL9/Hac465A/TstA==,type:str] mac: ENC[AES256_GCM,data:j0pHRA3c5lRdyLjqxlP2MTzIYb3WYAy7p+FttOjTQpXcyT5dFykXuu8rv+MQTmWdvHLQKC4iuZ7HTSO9qx8SbAuxHBWpoycpy3cZpmFp5T5crCl65AVQ/yRZKD9gRxkhnVW7aAK1kC3Mq07PamznvX/b7eEJ8h3tvmymuw6z/vY=,iv:W430t2YAXVcJztbO+fNdlOyjjy6+cH5r5YwuM2QdIdc=,tag:dDRJSslL9/Hac465A/TstA==,type:str]