kiri/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add sops

Browse Source
This commit is contained in:
kiri
2025-11-29 16:54:14 +01:00
parent 98737c1550
commit 6aac1fb788
4 changed files with 67 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
hosts/polaris/secrets/default.nix
View File

@@ -1,42 +1,34 @@
# Those are my secrets, encrypted with sops
# You shouldn't import this file, unless you edit it
{
config,
pkgs,
inputs,
...
}: {
imports = [inputs.sops-nix.homeManagerModules.sops];
}:
{
imports = [ inputs.sops-nix.homeManagerModules.sops ];
sops = {
age.keyFile = "/home/hadi/.config/sops/age/keys.txt";
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
secrets = {
sshconfig = {path = "/home/hadi/.ssh/config";};
github-key = {path = "/home/hadi/.ssh/github";};
gitlab-key = {path = "/home/hadi/.ssh/gitlab";};
jack-key = {path = "/home/hadi/.ssh/jack";};
signing-key = {path = "/home/hadi/.ssh/key";};
signing-pub-key = {path = "/home/hadi/.ssh/key.pub";};
pia = {path = "/home/hadi/.config/pia/pia.ovpn";};
radicale_pass = { };
university_calendar_url = { };
# sshconfig = { path = "${config.home.homeDirectory}/.ssh/config"; };
};
};
home.file.".config/nixos/.sops.yaml".text = ''
keys:
- &primary age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334
- &primary age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl
creation_rules:
- path_regex: hosts/laptop/secrets/secrets.yaml$
key_groups:
- age:
- *primary
- path_regex: hosts/server/secrets/secrets.yaml$
key_groups:
- age:
- *primary
- path_regex: hosts/polaris/secrets/secrets.yaml$
key_groups:
- age:
- *primary
'';
systemd.user.services.mbsync.Unit.After = ["sops-nix.service"];
home.packages = with pkgs; [sops age];
wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"];
home.packages = with pkgs; [
sops
age
];
}

27
hosts/polaris/secrets/secrets.yaml
View File

@@ -1,22 +1,17 @@
pia: ENC[AES256_GCM,data:0bnhHeVqKSLHVimd78a94ShHlO3+LUoZ4oiKD3cnBYkaZsw=,iv:S+/IChlFlqdI+PyFF+Ti4AJUkch2MS0qKiqHL1Q3RMk=,tag:+v2kV70ou84eIc01dKnAhA==,type:str]
sshconfig: ENC[AES256_GCM,data:1EY0vnJ6NHb/GODYkiOKVR6i0UoojFPileQW1/ZokxDswGnz6P0eicS72wkMjwsw9tY5l0OM0NNbTIyYkqgE+q0HJw8IkRHvmvBq4AX/6o+2++YJuDTMpCcDkMAp4BNtrzqpBkKaqXJgMbxTpEPRNTnSpg96sinluCtuASEZaI8Ej+QKq/pEeELIGnkYkUr9d8/M8ZavzZ59oQmUsOxOCtYBsCi5BHMpATfVg+WqyXv3uptMB2PoTwsJiJ9IiQTJHWgkpe+WpIIsi4Dc49YpX3O2pHytimfuuy8D5DESKTOtcqg8qIL/xcR8iJl8ISJAA9IZg8eJ1FYdEpfTruwfiPYo6Ce5zH4W/BVm3iQ8B3Tuzi+gvRBwffcRpYkdAS4c7tk7cgF3U7sr1L7yLL6OmuBXaNSnALyHO2W5b3tefGY0YmwGUfh6M5FMI8/5SfxcMfSOAZKxhcckRL1CpFMzmKkAdY/PRCghmEWobU1KswBPiYWQ6vfubbdN1Yx1mng4z6zmkXmiqrc5IQfOBpbY71VnUoXh384Et9PM3cti4K6SmZFYX1uZStP7KXLhw4ZnVZ0J0fIks4RZ11A3NWtE1yak9z7QXj7k/PtdfrsNtIphVZ7LsZEvOvdgIlUToYNcyvagYsRRlreQPqhLSc7ninjIbRaL4a/s6kIdrr3qovPNSlE3R3HRGTBOjTEF9Bmp+oGb5L9HvBBu6NmNwHQ76gySAXbMnRa34JuXtzpEIZ5yo4AI5i2eDPeM2Dx6jUSl7OJm3wT6cVMF/2rLj0zHzp8B1bYOsf7VaMzHCYEhXMu7REMmmfDKwtb9zsuf/r1zlPXJcukDCrtJ3Z/mFl03,iv:0hS7g9gVVntWVSRSPCgZ3rjGcMf2RzQPjMpgSz0GlxE=,tag:mnDakNZiG28H4jmnZH00eg==,type:str]
github-key: ENC[AES256_GCM,data:xUgFMlBo8e+3eXqNscxbby1dWug3SgUagDiNUe/IGVbU6cczkaJ3uOaB0OuRBQ8AYhOLkzXj0pIKjUrElHwmYrhURtS1aF4SFEGJsjhhobNA//j3E2/5/nLVjfco+lRzyHdwmsNhEUCqEhsXrrodJMb39H4b5oip3z0rjc729YveiWUKQxXVZVPurp3nq9yNnix9R4CA6XYFRW6T6MNqgPD5qhbcDlhxLb/SN+uI5h+5eZIS24VDWlKaTaCLL5KLhZmfuA37SquOQ+edi9Yg8MnfrZkMrp/3qmAjP2rSQLMOc4QdQCLQBQSf0/snpydgLwY+FoJmMSztwtkqUdIZWOfDUJbJxegEOrAR68jLTNbp+GYiDn3thtOZDiK5p/M1amjCT+A9qeFMed5WS+aZHNTRbR9UcfiP6+48MGZFt1mr7q+/CoL04/DTp0w6tUf6/SZD31NvTJDqngkhpc0ZH9Dh5+2JcnBWpq25AM36kZTn1hIQCLNTr/oGWZXSLA2tksAhQCaUcFj4IIh6Bl96,iv:GEJsAs5NriwENYTV/VShgJF6iMmrtTwNiXOvfXyEP8E=,tag:nfZgsFqaet075GjQAoVZxQ==,type:str]
gitlab-key: ENC[AES256_GCM,data:6271Tg7LIJsXAw7Co32vva+iUWv+eRAfVfXaGkoirHxiPTAgZfq8yDpGJwti2D/aFnLvbURcUgp3B5zy1aURu9puXi6QMu3orJOE2Zx0dX3lyeHyIhOZ1hAWsQxwBDkJYODuMZbIKHNrF26Mkk6smFF9SrGoADZGxY7XSou/iopw6yrLvQAXP6lN55PQvoP5/ek/QzKNwjJAbAjp7FjjtPqPUbUdj7bfIfr9avs6gpRYnRzb2H3auyhb5qvyuRWnKu4+FeZUofC7HnfRU1eSI8UzG49Rg4f2b1Xqr0JtsjvEmuRx7lbptINXEAjW7zaSZ2B9NgotWPIzkNZRNZkuTEaOulBf5iH3wJ9GM1FcbUu2gpCt6y+CMIk5QkVvETYtKuALLbcPx9/sc90doiH1411LeKQCs5l88BBILG9KPkKmXiGGUVNxzFtjbRYQIUEmmyl95kPPEdCkkzGzHXNfE3F9HRu4MCGKPK2yZPZtCXd3Jp1b21wKSIRNYqLqxru+J8eLSljd3czO0SuTG/Vx,iv:E+y3aVLaiStlPLTQBqyfJuEXtAQyOvDUYS+XfuOHuA0=,tag:6d1IAsGcmcpgL1pE9dDcbw==,type:str]
jack-key: ENC[AES256_GCM,data:VfCl3wH0MMBc8QDyjLDFeSvzSEsf7uGpfJvRjFrmjW+bPRUXBpZhJV8a9VQIAz7z7zZXvzARMfCeI0ydyC57CW81GH5/H5pneJ4b+xreINjVfdLbL1nC1thelo/O64jda/L+xVKhgE+QQi8/zt4JmXGghkP+74nYcTTaMpmcbgWw354J1ybXqyCEY+88nsJ1d2s+M7M2bplx4fGb7sLUs6sqdsad3sENzhH/0HQCFXreHTtgsLbIs8ccmdRgFNKM8/wD0OoW76rOQsJoA9JY4yOTQNVoX5M8+Olj6+wVlt6QBrWrYRuEztGnHrHvzxiHXtmEkMwVNfoPpEflQyRYRa0rVp/66REOkMckGx6/LbxKFgrxnifRlsK3kWd28v2bRGVQOghUluYUtVkaJ+eh6o6ik0NQKx8/H6BznBSDE6MjDwbLv434LHBfDtAqhWN1eMbOlunFivsl5Hb/6rl9kydHlcCS6FY8cUHoKQ90gDaUuDrvUifwmdO5hU0GH5tgvGi1ReK9ndcpQsrHptG6,iv:oC1xU5Tu3The105VYRmxIw4kEwDoqe8T/EH6mmqpqwQ=,tag:Pu8c536u6W7ALrqjRsvXDw==,type:str]
signing-key: ENC[AES256_GCM,data:NvLqmt7NzrWkbQQqFfosmSMvEv8C8+MDDpxSoDo3zZ3MR6WXr9B+6CnUc6rtevM230wgE17VC9XlmcQxX+PjJsWq6gZteK5THTIcrR5zPJVNlVCEyeLKoFj/6m7qBgyyoN3OjCNjgMkhsm009jwBgNk0qJMAYebOGo8eoP/al+4ytm7dhna+iX5WZabAg0J4z4JMDQonqQl3SaDnCEdHvk9m7ZEP2vUFscPkbLj4ewgFq+bUCHOOQb2uqRJoEgcR/NetRFcQfzcU6lp7JxobaICaO3zdmomUm7oabIUTrc3Kom3Wjw8ryqfqC1/SC0SHr5XGk2ygk0WnlQ4kNshqriL2dwbWAzy1Z/cTX9+aB/KNtC0U6zWG1bpnL3dgSgvhRiocIis/eNg1HWsLWVicmdebL/lXHztxFMdTuX/gWgQBotggTmx+OFGZfP9ZGlF3635mDxM/fEOCtTyA195dMicCUsjEpBegNtXsp+oOtxyRI0jSW47MBcXFP09f5ywELTPyz4eOUHO8sQ6UfJ6X,iv:KNQUlMPaiR4x1Fw+HZe/EOmh/gfsrqlefpq23uflz/8=,tag:illu42HKunQXnijjsUIvnQ==,type:str]
signing-pub-key: ENC[AES256_GCM,data:XuokZmCsnaNQ0rvVa3k81T4vtxw//r63xp1yHDLaNAMwA2r2bh6addl9WoAmm76g1rweqZrAAIw1PXDb90ubPaBP1iEHSkGZpwUpy/tOTePRdHMW2WtVvidpHQ==,iv:auB/bA89cJK6DnQi1BK2uldXRPyJfo+r7nl5qOLefUk=,tag:/I3kB6El1yesBMGOjJ+oHA==,type:str]
radicale_pass: ENC[AES256_GCM,data:zdUxtJKNPC8SzajhFKo=,iv:H55GWMiQLJvZx6rAufkk807lZflg0sepxoq6z0XJ/q4=,tag:MoDOuF37PeF7QEpUxBntEg==,type:str]
university_calendar_url: ENC[AES256_GCM,data:y5UtZVC0KJPUz//6S0QsrNeFGQshc88zieQgmlur75VFw9y5CJpnZRpdhLnYva00z5HBkxYQelLqS/I5GrXexWtC7Y7d1dCcQ+IZ0K7GGJ5NrYtjNXfMhzNSlhqjvl5lBGb+S565kel3VsCTyo/YRxdbBN6FA/oQNsx8/AvTgtsPeFkQRDGlGkybFRfWHWuTIDLL,iv:rZK9utRrm/KAkVRUjC3VR09MvDZjpoLx7BgaidzQo3o=,tag:tGWGoQCsS3zZh818OKixPw==,type:str]
sops:
age:
- recipient: age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334
- recipient: age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHVWN4YjZqczB3Q21WL1lz
ckROWkhRditHblVHVEpOS0E0aGVqdW14M0ZvCkNzRXlCOWFBWmQwTGpTYVdFRlpq
bFdOR2pSTEZpUVpvUHo2NklrQm5EU1kKLS0tIFZ5ZWhYcHg1Z0hTOTZIdHR1QUxv
cmVxVC8rVDlWMUdZaGw3bmdOaWZGS1EKYahBlc8XpB5UdKZQkvxbLcKQ/xkFJjWo
FSfQWnjhe/a7BJtJEcKZkjOQU0mYqlSu+uT2RA9diCQeRUJPRF+nAw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRc08xMTMrTFZzSE8vQUx4
Y3RjelNXcmZ0Z0lSQkpVMjV2Yk4yc0pmb2s0ClZyTENuL0xpazAxazFUbEkxZmRD
TmhMSCtncWZ6NHhkVmRGV0lxVUkyYW8KLS0tIDR2dktlVy9UVVcvQ1IyaFUvRFZE
OFY3bU9JczZyV1dBS3FjWWVLQy9vWG8K9ESUWng+aRzt3Wu9WOYXQIu8ZMsBBYJX
PBnnSspDusmg1pWrFksA4c6UOEwG0E/l7t6VLssPkWAzJvz3qzBhZg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-27T13:28:57Z"
mac: ENC[AES256_GCM,data:XMPDLGHwTYIxgEz9Stj7j+lWgAOpzkEsnoRdWVVs4798m1sQRIyUuvEiCgbHoAktajrAAzXq3GZ4HJ1dfE1fDWGh+B7WwRoJKxtP6qI8Ub4h7lSiDsxJhr8ieqm5bzmHZkn8VJkrqBrSSXesirLprRLR5yZOVLAgco0lg9boM1Y=,iv:pYA5oz8cldKw1Ai7k2LCQBipE2keZa49L3SHcL+eDp0=,tag:4kVsC95SSPCCSZDf6qDeqA==,type:str]
lastmodified: "2025-11-29T15:19:14Z"
mac: ENC[AES256_GCM,data:iG5K86rqwzVHhMTsiwKdM3ibaz72SujNOmPmZ1WMFx0pFABsToQN6yKzWPHOKx+gXkIyembV/Y90rpra6HEtsok2doLIfoUMfznHoQqcnV2s07hKnh0V+X0WzRJstNe+EScyoFnr1WxezCBaat8WK79u9LhiYXExlm7w5XDMXfM=,iv:X+aabOZXJ4Iu+hs+O/ZNiD+6we7nV2MjQCpvx2vya9k=,tag:zxxxHa53VMSCxXn+c59M4w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0