c8h4/nixos-config
1
0
Fork 0
Code Issues Actions Activity

secrets: convert machine-specific zero secrets to common desktop

Browse source 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
Christoph Heiss 2024-05-24 21:08:34 +02:00
parent 8845dec639
commit 620b681176
Signed by: c8h4
GPG key ID: 73D5E7FDEE3DE49A
6 changed files with 35 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -4,8 +4,9 @@ keys:
- &christoph_zero age1es8273vc2yq89kvs4s84m6qffep86sm924k4my47a5qtau4ueypsgz3kqh
- &christoph_maui age1ul99nmekam6rs9fpjka32aaxmnjq0p3a8x8drzxwtxa4g2u23anq6p2g6s
# generate with: `ssh <machine> 'sudo cat /etc/ssh/ssh_host_ed25519_key.pub' | nix run nixpkgs#ssh-to-age`
- &machine_tank age165nqtky9a5kdhca70uwd0cewqle7egzm4vmcmrpfnqfuchjdg3esn7frvh
- &machine_fort age1h96sm0j0k5kjmuf857xurtq7rwk5fhptenjdlkgmadtrz4lm95rqm6ctm2
- &machine_tank age165nqtky9a5kdhca70uwd0cewqle7egzm4vmcmrpfnqfuchjdg3esn7frvh
- &machine_trek age1ssrv832gpktt3ktqvh4c9793xdpa6xv2ugytq8jhwpcmzdjz9amsu2793e
- &machine_zero age1xdd0mzt7mhr30rzvt34ygxurlvdvs53svg7lxd6843lx83vy0guqew578d
creation_rules:
@ -31,10 +32,11 @@ creation_rules:
- *christoph_zero
- *christoph_maui
- *machine_fort
- path_regex: secrets/sops/zero\.yaml
- path_regex: secrets/sops/desktop\.yaml
key_groups:
- age:
- *christoph_trek
- *christoph_zero
- *christoph_maui
- *machine_trek
- *machine_zero

1
machines/trek.nix
View file

@ -2,6 +2,7 @@
{
imports = [
../secrets/desktop.nix
../system/bluetooth.nix
../system/btrfs.nix
../system/desktop.nix

2
machines/zero.nix
View file

@ -2,7 +2,7 @@
{
imports = [
../secrets/machines/zero.nix
../secrets/desktop.nix
../system/automation-target.nix
../system/btrfs.nix
../system/desktop.nix

BIN
secrets/desktop.nix Normal file
View file

Binary file not shown.

BIN
secrets/machines/zero.nix
View file

Binary file not shown.

49
secrets/sops/zero.yaml → secrets/sops/desktop.yaml
View file

@ -9,38 +9,47 @@ sops:
- recipient: age1kdkzjqy88en4m65s7ld28srupzwaq30gu2e63ylayhqedpgfxews9kf6fy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYQmlYYktMbXpDRGllV0JW
MVh5bEM5MHhMWWI1T01WNnl2WGNRK295M0JzCnJxZkk1WTNqU1MyN0lJUis2VFJY
bjhwaE9uMDB5Sy9nazB5anN0OFI5UkkKLS0tIGVOSWZlYkZ0L3RtV2FxQTNDMjl4
V0gwdm15UGNrUVN4TGhjUDVrSHdpZTQK/aQjTESHaBS62p9Pu8Z15pVufgKAb2mn
iep0c30esSBrWVX+BNzKgcWYCIQ1PgSm50Kles3eZhre4K9q58drwA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZEQ4RnFKOFYvY2wwU3k0
WGNCbjhzUlhFcm9JRXVTVGh1RmdQalBMVkc0Cit3cWxuRGUxNHVhMkRza2ZVOGRy
R3pFZXppWE1tZWVDeGRQaUV5TDdYV28KLS0tIG4yZU9SdmRJV3RORkZpTkdoS0ho
NmtxbmRjdWtQZitzbnhYWjY1aG13L00KoF49nUMgNeGDmB3eq0tyFf/haOl2GSFB
3nPnUD3AwhySWVgyURc0e4uCsdpq9S653Y3O+F8HI2VgtX21PqtdZg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1es8273vc2yq89kvs4s84m6qffep86sm924k4my47a5qtau4ueypsgz3kqh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3M2ovczdJdzQvUnJscTJT
M0sxQnE5TFpqWHBoWUZpbzhyM1FNbHhoSkR3ClRoTm5vWENWUnF0VWtoWkhNaGQr
SmJCWnFDRmdZK2ZEbFlxVUpuV2VsTlUKLS0tIGpHNU54NEc2YkJLdy82QkR2bnh3
YkZzWFcwSktsRk9KMlBVVUV6VHRvMm8KXrCEEkopwSTvO+lKpjucxDyzVBtcexCG
sJGjh8ew5BRjdKT4gNUPGEHfz4HwnNjh1j44P6nZItp9co7mRR64wQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBUXlqano2cmdXK2ZSS2E5
aW1RMUVmaVFoRHFBNHJiVnNrdFo1N1hyNTAwCjJveFNNZ1RaczU1YkxsdHcrYTRC
cEhRZEIvNXNVNkZWV2puRHM5UXpJbUEKLS0tIHdNSGUyV29hNEdRWUVaZ2R5QTdi
L24rUTJzZFRjeE5PbGxPRWNCK3dQRFEKyH19JQB2zT5iSMWueLRkJgFMsY8+Q4+T
LI+vyzaP0Tl53lSCT5O5Lz5Nav1zxHWt/+Nr/sCHBo1I5nuTii1TAw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ul99nmekam6rs9fpjka32aaxmnjq0p3a8x8drzxwtxa4g2u23anq6p2g6s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MnNFbTVPaS9lK2VIdHMx
bkpEUFBmOHRPdXVuUkRKcXpxWlNNMnF0RENJCkNMNHpwUDRwRWpzVGVpVWY2am5E
UnFZdEdYeFppSytTU1BnOERwQ1Q4eTQKLS0tIGE5OGdhY29LNElIRXkrSjZ6U1lq
UXMyQjhLMDhEVzVBU3VaVWpqc0tDY3cK86D9wWoxAHPIxtOFdR+31ioxV1AjOzUl
/qKtO3ns2WpRiEnqDwGgM1nOYBqYt9Mqi9+OSo/4rn9gUb+zAekk+Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBUERmTWdCazRaVkFlZmg4
V2NxaWlPb2hhbk1HTW4wTmltVVVnMG9TSFI0Ckh6UXF1bVVtRDZtZ0I5T1R2NFEy
dXZMS3ArSVQxMzBzV3ZlQ0VydHV0SjAKLS0tIC8rcGRPNjZNZXhLdUpCM0liSVhK
Z1YrUmxGY1VsMEdXbGNXV3UrYllUVlUKUXhy6TZkMaJsWpXKslcEt73skOkvcl/F
1UVBmkzdhHQhqOkBpitv5cL6b+PKSsgc9A7/w0wYkWC61hHcUOmTjw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ssrv832gpktt3ktqvh4c9793xdpa6xv2ugytq8jhwpcmzdjz9amsu2793e
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBENHpwZVdxcUR3cndjb2JR
ak5pL2hMSERPdWZvOU5YWHdmNWhIcFJtWFdjCllmVDBDemtSbnRoQ2I4cVBNU050
YVdwR1BzbFpPRUUxdW1XWWNobGlXUVUKLS0tIGJGQjdCSWJyTnVTOFFvL1E0akZy
S1oxUG11THNLeG5uYWFFdndLaDIvRHcKJiSpSEpYD9AK5JxEjjVFP0Cq2/Qsgs9k
DweTzQq3fAX2xPiDPai8Xq49sP+NVBv5hedms2ZQxcKhXq8DVXtJTQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xdd0mzt7mhr30rzvt34ygxurlvdvs53svg7lxd6843lx83vy0guqew578d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dU92cG1iTmZUUU1ydTlM
MUFUdGg3aUJsd0xZeGg5UTlvRFZpVmVHa0FFCk1EUy9ZZS8vcGNpSkpqZ3l0RUJ0
QXhkQU14TmM0dUE0ckhBRE9zSDY4cUUKLS0tIGFhRzkzTlNPMDdzcWhpR0QwY0lt
enpGQ2RrUHdiQm4zYmlXb2pDekNEKzQKls4bPH4T3oniKeWNkNrwwXNgFVgTZ8vG
0vzWohjesvID9KkcsPwo8Ye78tYxtxSBEihrGZYFr2cjhpPPAcCFVQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBReUFzZUZxcmlmaEhWUFl6
cUhBeHRyUVEwYTRXL3ByQTc2TmhDTzJRNUhNCnZMSjFrNGEvN1dITVpES211V0ls
VE5OSUlFUElBZ0RwcmxrUnpTNGhQOEEKLS0tIDJHRXVybk9ORDRTdzRMN0VTWTY4
YkNjYnNxWUJFcGFva2ZaK1IxRVc2OWMK9tMSiUqZES5tGbY9fG18BU3j3HPaJbj8
xZzaqzoZ49eLdgcDLJVMWkf7i7p/1K2YAVR/LP58M/JCt24x/gZUnQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-02T20:44:21Z"
mac: ENC[AES256_GCM,data:Tn4o4NYvKvZLzA+LpwwchTuPjLsMNozHeZ1lfDGRIrzub+tHxUj+yAclSHAgTk7tf4zZMPLOYEaHi80eCQ1ktzf8woHRL6pLyUmC0gMvMsf9N1yjAu1uvPngknDCuhNZjPSdMHdebuUbDihmGp0gbI3ZC4f63mEEGaoRq73B6M4=,iv:tbM+tYcN8SvjBR0DltSYoQQDAU780hzsjabjLWiKT6U=,tag:QMUZBYztfSeEha7QNoeGng==,type:str]