This commit is contained in:
Charlotte 🦝 Delenk 2022-01-14 15:13:55 +01:00
parent a3246f97c1
commit 8f7ca40b9d
Signed by: darkkirb
GPG key ID: 015E3768A70AFBC5
6 changed files with 52 additions and 4 deletions

9
.sops.yml Normal file
View file

@ -0,0 +1,9 @@
keys:
- &lotte age1k5emdjljm5amrquky2tn3khqt38wq62s797nujxuhp8j6x7k5p0sedv0q2
- &nixos-8gb-fsn1-1 age1273ps5thcy70ckdt0270s2nysqgu48t38pq3wq975v3y7mf4eavsw38wsl
creation_rules:
- path_regex: secrets/nixos-8gb-fsn1-1/[^/]+$
key_groups:
- age:
- *lotte
- *nixos-8gb-fsn1-1

View file

@ -3,6 +3,7 @@
./zfs.nix
./users/darkkirb.nix
./nix.nix
./sops.nix
];
services.openssh.enable = true;
environment.systemPackages = [ pkgs.git ];

5
config/sops.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, ... }:
{
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.defaultSopsFile = ../secrets + "/${config.networking.hostName}/config.yaml";
}

View file

@ -22,11 +22,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1642154755,
"narHash": "sha256-hutfaWfSjrZgcJrLx7cpqofxv6By0pEU4K2xrGGgdPU=",
"lastModified": 1642167199,
"narHash": "sha256-KvwIaVwoa90jn8E0PhHlpnLxRHQFKb7nfpE0t8KCokU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c9101439cd6e924ee1e09888e0a110973ec56dfa",
"rev": "790b76e23d6ec303916e190b5400b27e7ca82620",
"type": "github"
},
"original": {

View file

@ -8,7 +8,7 @@ rec {
inputs.sops-nix.url = github:Mic92/sops-nix;
inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs";
outputs = { self, nixpkgs, ... } @ args: {
outputs = { self, nixpkgs, sops-nix, ... } @ args: {
nixosConfigurations =
let
systems = [
@ -24,6 +24,7 @@ rec {
modules = [
(./config + "/${name}.nix")
./config/default.nix
sops-nix.nixosModules.sops
];
};
})

View file

@ -0,0 +1,32 @@
network:
wireguard:
privkey: ENC[AES256_GCM,data:+avWYsJmrVYFnwi6T6NqQiXH1U+q3DsvMUT+pG4P2zJ+typzA3dQ+85HBVc=,iv:mdf2+p+7FOUPUNAmfS+CAMkw6xTHrjxQDTVDAHF4qbA=,tag:Ano//8t7dDjqfFVmdQXsfw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1k5emdjljm5amrquky2tn3khqt38wq62s797nujxuhp8j6x7k5p0sedv0q2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4akg2SDcvV1d2Q1JaRWxS
clV4YlY4aWUrY1U3ejIxSTQrSmNrQzE1bm5RCldJeGxFdEpzVzFzSVZEczdIeHJD
MDl6TlJUUTBmcjE3UVBRYSt5eTZWbUEKLS0tIHZ6b1ZyQXNSWWZoZHRPSm5FdWN4
ZkZVdk5jL0xxT3haRFg0WVJCNXJHYkUKlHrEyD0atydLMEX3S9F6b897G1YY88zu
l6gfV2/si4TXJPUwhfJej56RLq40i2uA2ZQT/I3XMccojMm5DvtS0A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1273ps5thcy70ckdt0270s2nysqgu48t38pq3wq975v3y7mf4eavsw38wsl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSGxIb2VFQ1BqWU9BWng2
NHhRc1A4TlZtTlhtYlNFYWczaUsxbW90bXpzCkRGYWVScXZkVFFuRVV2RGdJbW1B
ZzFFYUNzMHdpSTIzQnh5c2RaYUw5cTAKLS0tIDRLQ211Z3JuUE9DaUZGWWh5S1VS
QkkzbUVrVWtYMWhLa0N5MzJ2KzV4MW8KEAtd2cnwNH01rYUFr+qWyAhHvUsqsxXg
not2RQLEIGbo80Z7CMIwqCIpUYOL4m70KlEKrFzflXFbOFX2en82iA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-01-14T14:10:36Z"
mac: ENC[AES256_GCM,data:IJi2TNEG41bgjekGE67iwQrt1ZlmtN7QS8A4M4i417hao+g7IORArXSHDRTWrYT0Gw9xE7NEWtrnRue9ompPcgTV1bGt0Re2EAB+5TI4/7fFbxuIvpYZqhqIFUFEmOyYl+QqkvUH6yKdfdsVj4WgVI8mucxF890F5cWJ1abMaww=,iv:Rr9R3whv7gdBcj/nrsmqTm/JhqvhzdIgMh/Q8EFKP1s=,tag:sFlL5fyP/HWckrmZSgj5zA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.1