From c2c8bfdde8cc0899203121d86f841b61be25322e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Wed, 9 Mar 2022 17:27:09 +0100 Subject: [PATCH] feat: move the secrets into the parent directory fix #58 --- .sops.yaml | 10 ++---- config/sops.nix | 2 +- .../secrets.yaml => nixos-8gb-fsn1-1.yaml} | 0 .../secrets.yaml => nutty-noon.yaml} | 0 secrets/rpi2/secrets.yaml | 32 ------------------- .../{thinkrac/secrets.yaml => thinkrac.yaml} | 0 6 files changed, 4 insertions(+), 40 deletions(-) rename secrets/{nixos-8gb-fsn1-1/secrets.yaml => nixos-8gb-fsn1-1.yaml} (100%) rename secrets/{nutty-noon/secrets.yaml => nutty-noon.yaml} (100%) delete mode 100644 secrets/rpi2/secrets.yaml rename secrets/{thinkrac/secrets.yaml => thinkrac.yaml} (100%) diff --git a/.sops.yaml b/.sops.yaml index 7d98a0bc..cd0120ae 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,25 +4,21 @@ keys: - &nutty-noon age1zgxkntdp99dkvw7z29jjmgrzlla2ha542zrs3262dwat27a34asqckfkrl - &thinkrac age1azy4hfse3x9tzhjn0htelx8qeannscr7mydmuphp2qu73v72tp3qdxt7my creation_rules: - - path_regex: secrets/nixos-8gb-fsn1-1/[^/]+$ + - path_regex: secrets/nixos-8gb-fsn1-1\.yaml$ key_groups: - age: - *nixos-8gb-fsn1-1 pgp: - *lotte - - path_regex: secrets/nutty-noon/[^/]+$ + - path_regex: secrets/nutty-noon\.yaml$ key_groups: - age: - *nutty-noon pgp: - *lotte - - path_regex: secrets/thinkrac/[^/]+$ + - path_regex: secrets/thinkrac\.yaml$ key_groups: - age: - *thinkrac pgp: - *lotte - - path_regex: secrets/rpi2/[^/]+$ - key_groups: - - pgp: - - *lotte diff --git a/config/sops.nix b/config/sops.nix index 6010999b..7a46d16a 100644 --- a/config/sops.nix +++ b/config/sops.nix @@ -1,5 +1,5 @@ { config, ... }: { sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - sops.defaultSopsFile = ../secrets + "/${config.networking.hostName}/secrets.yaml"; + sops.defaultSopsFile = ../secrets + "/${config.networking.hostName}.yaml"; } diff --git a/secrets/nixos-8gb-fsn1-1/secrets.yaml b/secrets/nixos-8gb-fsn1-1.yaml similarity index 100% rename from secrets/nixos-8gb-fsn1-1/secrets.yaml rename to secrets/nixos-8gb-fsn1-1.yaml diff --git a/secrets/nutty-noon/secrets.yaml b/secrets/nutty-noon.yaml similarity index 100% rename from secrets/nutty-noon/secrets.yaml rename to secrets/nutty-noon.yaml diff --git a/secrets/rpi2/secrets.yaml b/secrets/rpi2/secrets.yaml deleted file mode 100644 index 796d611b..00000000 --- a/secrets/rpi2/secrets.yaml +++ /dev/null @@ -1,32 +0,0 @@ -network: - wireguard: - privkey: ENC[AES256_GCM,data:+mHow+Y5Y5kXS9iQwchvx+qKFOL54ZlJCGMxbEzjy1jt1V5nvf8181GKa/U=,iv:xCaNdyzJ6ZPlYC4Nm3lc5IRnuS4YLnzfpc7SyLbzsp8=,tag:lSgeMSHf8zH+dwGwDfMzhA==,type:str] -security: - restic: - password: ENC[AES256_GCM,data:YMoMhgOtXRa1aMXlhWCGWHvI4vc=,iv:HDJq3+aULRWKTKU3rLNdSXf0SaOKqvKE52rTbDPSY0Q=,tag:HUkOmWNkO6MoPPGgKhH8Aw==,type:str] -email: - darkkirb@darkkirb.de: ENC[AES256_GCM,data:y4U/BiN7kPPl8J8ivZuLoGuSiAk=,iv:jwGo25+UzaDjHTDRUgrCGOuplkfvSBGtcbtSL1BF360=,tag:cE/3NIZu0G1g5nmBey2z+A==,type:str] - lotte@chir.rs: ENC[AES256_GCM,data:Am08+fGqhr/ufpZg0ePziT/2dw==,iv:AhOoR44ZAiY2UTpo0WV94K1HeOE2cdxFmKAnM/2u7Dk=,tag:jvOoiP5SkPniXYPnLMRyuQ==,type:str] - mdelenk@hs-mittweida.de: ENC[AES256_GCM,data:iQzzdroSL7sIRWM5oR7CFjdW13oJzgy2ABuoaZw2el1hPJp9z7xCeQXMOB9CV/9gcIdUGF+kW6FXvayP3PeVYg==,iv:qGkzQKRhuV9MNTyuSWP+p1eJDTRQk94LP+b3DQkasz8=,tag:PORYS+LxNmmxVDXY9iej+Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-02-26T08:35:22Z" - mac: ENC[AES256_GCM,data:ZLR59MvrNjypM4s/VA8M57p9Cxb40Nlos2EwrAiXcXEYoJ3AKG9mDSBzt+KiCsOe5Pgrfx2cUuVXwvK7IdfdZFl9DpBXXCpeByVqxdMq45Zqq2QM8+99dxSZt8IfZdEp8cVP99P1aB3IQlmeyMIGLPOpL45HofC3f5SG/wF7aKQ=,iv:q0tJo3aA/X38iQkYs+AUGROUwn80fV978nulTLSB15o=,tag:dihaOBXS8pgSISTzLcQ//w==,type:str] - pgp: - - created_at: "2022-02-26T08:28:49Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hF4DAAAAAAAAAAASAQdAAn6xyUBJJ9Ted13EUMccOI6uJF4kl1b3c2WXbxsIUH4w - 2o1fl7kryh+dir4sZjlJn6MumIoFxCKLAGCtSVsnntKx73RCTGfm6wUWGLsalxUK - 0lwBCbUvEEk0Uf5yoWcFHK1Ayyw9vkR0taxIgefJCTDt73iKvYe9O4ymrKZyHQd6 - 3eZViCGn4FQBn5oVEBUVRX44awq4i0DCeXfG90uxfbYkuro55aQCbDP9U5xmYg== - =2T85 - -----END PGP MESSAGE----- - fp: 46C6A7E14BC7812E86C2700737FE303AAC2D06CD - unencrypted_suffix: _unencrypted - version: 3.7.1 diff --git a/secrets/thinkrac/secrets.yaml b/secrets/thinkrac.yaml similarity index 100% rename from secrets/thinkrac/secrets.yaml rename to secrets/thinkrac.yaml