add user sops
All checks were successful
Hydra devShells.x86_64-linux.default Hydra build #23874 of nixos-config:pr618:devShells.x86_64-linux.default
Hydra nixosConfigurations.container-default-x86_64-linux Hydra build #23912 of nixos-config:pr618:nixosConfigurations.container-default-x86_64-linux
Hydra nixosConfigurations.container-default-riscv64-linux Hydra build #23911 of nixos-config:pr618:nixosConfigurations.container-default-riscv64-linux
Hydra nixosConfigurations.container-default-aarch64-linux Hydra build #23910 of nixos-config:pr618:nixosConfigurations.container-default-aarch64-linux
Hydra nixosConfigurations.not522 Hydra build #23913 of nixos-config:pr618:nixosConfigurations.not522
Hydra nixosConfigurations.pc-installer Hydra build #23915 of nixos-config:pr618:nixosConfigurations.pc-installer
Hydra checks.x86_64-linux.containers-default Hydra build #23909 of nixos-config:pr618:checks.x86_64-linux.containers-default
Hydra nixosConfigurations.not522-installer Hydra build #23914 of nixos-config:pr618:nixosConfigurations.not522-installer
All checks were successful
Hydra devShells.x86_64-linux.default Hydra build #23874 of nixos-config:pr618:devShells.x86_64-linux.default
Hydra nixosConfigurations.container-default-x86_64-linux Hydra build #23912 of nixos-config:pr618:nixosConfigurations.container-default-x86_64-linux
Hydra nixosConfigurations.container-default-riscv64-linux Hydra build #23911 of nixos-config:pr618:nixosConfigurations.container-default-riscv64-linux
Hydra nixosConfigurations.container-default-aarch64-linux Hydra build #23910 of nixos-config:pr618:nixosConfigurations.container-default-aarch64-linux
Hydra nixosConfigurations.not522 Hydra build #23913 of nixos-config:pr618:nixosConfigurations.not522
Hydra nixosConfigurations.pc-installer Hydra build #23915 of nixos-config:pr618:nixosConfigurations.pc-installer
Hydra checks.x86_64-linux.containers-default Hydra build #23909 of nixos-config:pr618:checks.x86_64-linux.containers-default
Hydra nixosConfigurations.not522-installer Hydra build #23914 of nixos-config:pr618:nixosConfigurations.not522-installer
This commit is contained in:
parent
f21ca56051
commit
4b5587a685
6 changed files with 29 additions and 13 deletions
16
.sops.yaml
16
.sops.yaml
|
|
@ -1,28 +1,30 @@
|
|||
keys:
|
||||
- &lotte age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
|
||||
- &base age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
|
||||
- ¬522 age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa
|
||||
- &pc-installer age1eh2vd6cdy23qazwg0hzq95pn9e6p8yaqu4g6zyan8gzal4x5ed5qful8kg
|
||||
- &root age1pcdyf483yl2r8wny30yxsp9yusgder6vra7yrf7qjqn5fjhcxeaq3342ew
|
||||
- &darkkirb age15g6tzvcmcp3ae4hwnn4pwewat6eq9unlhtjrlaka6rf94ej9dd5qqpgt7u
|
||||
|
||||
creation_rules:
|
||||
- path_regex: machine/not522/secrets\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *not522
|
||||
- *lotte
|
||||
- *base
|
||||
- path_regex: services/tailscale\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *not522
|
||||
- *lotte
|
||||
- path_regex: users/root/password\.yaml$
|
||||
- *base
|
||||
- path_regex: users/root/system\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *not522
|
||||
- *lotte
|
||||
- *base
|
||||
- *pc-installer
|
||||
- path_regex: users/darkkirb/password\.yaml$
|
||||
- path_regex: users/darkkirb/system\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *not522
|
||||
- *lotte
|
||||
- *base
|
||||
- *pc-installer
|
||||
|
|
|
|||
|
|
@ -10,7 +10,12 @@
|
|||
};
|
||||
sops.secrets."users/users/darkkirb/hashedPassword" = {
|
||||
neededForUsers = true;
|
||||
sopsFile = ./password.yaml;
|
||||
sopsFile = ./system.yaml;
|
||||
};
|
||||
sops.secrets."users/users/darkkirb/age-key" = {
|
||||
owner = "darkkirb";
|
||||
sopsFile = ./system.yaml;
|
||||
};
|
||||
home-manager.users.darkkirb.sops.age.keyFile = config.sops.secrets."users/users/darkkirb/age-key".path;
|
||||
environment.impermanence.users = ["darkkirb"];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ users:
|
|||
users:
|
||||
darkkirb:
|
||||
hashedPassword: ENC[AES256_GCM,data:mDfXEfKTORaTOKubl1To093Hd4elXfGih69RX8LKsKsVZjQ01gT9vCLZMbdo9k7A7fonQWunxcpla9mMPo6DFeJrF4rzhJfLJgp3/EODtG9RAKKzy3X/E0nsygrvK8BxErryJG026wrL5g==,iv:VyyMIUqv6TDl+Gm7P9gEJbnsxHHcgJsn+Gh7SD2SeT8=,tag:mH4PNVSCv4fc9MLtlvIaVQ==,type:str]
|
||||
age-key: ENC[AES256_GCM,data:sDT+jQEBKHXzmCOJ/yq7Cn43ILECbvuSfikDlSZUObX7p6n9fNTh+uNfBxzPZfxPxkoR5ex9cKYJPo/faTuSIygkLvdRIihY0jfJmSi/BYTaQ2ReDpB/djVNC7hzqhJoTxMfHkBBdYeqpj3KFD1+eSCA04w+oFUe12zJIrbtEok2H4qm6KAtlsHKH/iWxkJ95bWCouwzKsREM1pJJ/bKOe5pSqquAGQ7VIm1ZAL532Rj2ET0ExFGIonijw9l,iv:K3tJLhgAo3tFKemp56gXcXqjdl1YP2xTzmKJB0JSD6E=,tag:ENEzSIyR8cCAO3utLBORZw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -35,8 +36,8 @@ sops:
|
|||
Vjd0QkU2VnhQcFJ2VTlNeTdRTmhmUU0KCM3KWpVDIjXS1nIuVwofFFudqiIgQ/DM
|
||||
rBgk0yrx401kz248eazRjXrf5QIpYG+2OJ/WlE7/SiQ9IOluoAAk7w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-05T08:08:48Z"
|
||||
mac: ENC[AES256_GCM,data:ZBP0CQTG8Wojh368lX9jNziuOIe9M/1MUjDvH30G96w+mCMa3fp4nmXOPV8DbsATgphJ5To+pZjk+heX72aaTx47jF03vGq2jAMp2gndG4N6R9Zb+UcoHVnyE+Q24PtvRmqcBkQS/Hz1vFUPlpEwKLw8h6ct0DDqalrZ18Ra5HQ=,iv:yIznbjO4o/M+tNcUeSsjHJrky6k+1xVbMwA6/Pngq1I=,tag:p60YYm2QJ+NBhQ/DOhJZzQ==,type:str]
|
||||
lastmodified: "2024-11-06T08:34:00Z"
|
||||
mac: ENC[AES256_GCM,data:kb6SOv5juzL1GjGye3SHF9BSlsxWEoMwjOGd+g1xz0aRLZAtEkeN7ZS1a6rO1C9PyQOQdWGZ59NU5k7BftgA4+mWnkgyQtxpb8e2KwcDnkSE+kMYxPgufzuS4L46jkmbTHACItVowja0Qd1Z0fUlUkAzego6bmgPd0hM8s4ZSX4=,iv:SBrFNNVpEBhuybtzQpl8hNx+osyCR42OU5E//sAE2gQ=,tag:7ZAGK//NCxcWl0lx5vrLmQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
|
|
@ -3,6 +3,7 @@
|
|||
inputs,
|
||||
inputs',
|
||||
config,
|
||||
sops-nix,
|
||||
...
|
||||
}: {
|
||||
home-manager = {
|
||||
|
|
@ -18,6 +19,7 @@
|
|||
sharedModules = [
|
||||
./common
|
||||
"${impermanence}/home-manager.nix"
|
||||
sops-nix.homeManagerModules.sops
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,12 @@
|
|||
};
|
||||
sops.secrets."users/users/root/hashedPassword" = {
|
||||
neededForUsers = true;
|
||||
sopsFile = ./password.yaml;
|
||||
sopsFile = ./system.yaml;
|
||||
};
|
||||
sops.secrets."users/users/root/age-key" = {
|
||||
owner = "root";
|
||||
sopsFile = ./system.yaml;
|
||||
};
|
||||
home-manager.users.root.sops.age.keyFile = config.sops.secrets."users/users/root/age-key".path;
|
||||
environment.impermanence.users = ["root"];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ users:
|
|||
users:
|
||||
root:
|
||||
hashedPassword: ENC[AES256_GCM,data:ptHTZ/MHRId363TlEWNJpOMQ46dISPSQjvrqsxQzq9hmDU3oC0FO9Mtf08I9wcVa0KpIEQfSZp/AgZ7yburK9EpfBccwudRdzpCBynsRYxhbuirSAm4ANaBLyrYx1jsCXFbeNDA4xsrmfw==,iv:WIG8qv7vAIUN8MMPkPKc9sjG1CQMYk03/C2TYSDs9zY=,tag:9Vm8Grn2AtME0O329N60Bw==,type:str]
|
||||
age-key: ENC[AES256_GCM,data:A0G/R9o2Qray5kk7lqwu00EOJD0mRQ5cYWRDBzvw0gMTIq+JU16m5QrXLgzK3M/oURxPbBUOC+Wy7ZdiPAHVj5i353bsVLzGi6wIuwQpL2HA0RUwcos/bBnPTcvRriErBIpMYxgkxEVvgb4NpS0523V09AiXgX5DSY/z6pmQ1ERtXl1YRW+lCRqewgUUweC4WE31iG82NDOXkPZM+oaFginQeUy0Ruy4Kya4xQjC/+pzbxRdJwQKGkf/5fLl,iv:1TnvWbolHgQgOMmOBxpqxUlKmD14oCd+Yo/Jn2AHuL8=,tag:ML2ifWFpzHHxJ4F2OQ3+jA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -35,8 +36,8 @@ sops:
|
|||
MGg3ZUxqcnhzbiszb2RNVkkwNUNIbHcK/NdUErDE9xecelLx1i0MjZCKkdev+hdx
|
||||
ZWwQORih0fGotN9FjFQuBTc4Y0ApRy8Su52xCp1UOqM0FhnaHjwEQQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-29T13:48:11Z"
|
||||
mac: ENC[AES256_GCM,data:fNxQFhopRt4cf8tepyYuePCwIwOozf1gOgO3ixhyuZqpnWAt5ng7p8BoKyeigRDvIanBsbUQ8MtuEfIfBSEYzgAeAihODIyuSmsq72sqE1Jfm77Yq8HpeUQxYGEtDND3awx/wEcgpumnNXS9UzAJVh0Un5yY1mUA/E2fYpdVRX0=,iv:Kh9oUpyK83xxfG8OVs2jgxlJDIRiyKuQVgPNEiFdT7A=,tag:CXyRtYHHgD0+INnyEcC6rg==,type:str]
|
||||
lastmodified: "2024-11-06T08:34:07Z"
|
||||
mac: ENC[AES256_GCM,data:U3+GUzxyPL7infWqht48rQ7Oe7E7Fu3WU883VZjJSKLM46ilDf0mWhpIWX7JDwhFzii/fSyF3+FsJvBDD4bcnK8L0UiS7C9z6yH9RGtOXI6is6jitfgm4qOuPP+aZa99hEDUf/ZO5uEzE/Psayf4aVAxEyL3L+SgVdiWf2MIFmk=,iv:XQavrryRBHnSf/xPMGY/lk/ep1qdRdgDtzUVwde4vXE=,tag:yWScrP9lTH1SiHpUiQuAXw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
Loading…
Reference in a new issue