Add .aws/credentials

2022-05-11 19:34:55 +01:00 · 2022-05-11 19:34:55 +01:00 · e0660ea33b
commit e0660ea33b
parent a9cdabb917
4 changed files with 72 additions and 0 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -33,3 +33,10 @@ creation_rules:
          - *nas
        pgp:
          - *lotte
+  - path_regex: secrets/desktop\.yaml$
+    key_groups:
+      - age:
+          - *nutty-noon
+          - *thinkrac
+        pgp:
+          - *lotte
--- a/config/desktop-secrets.nix
+++ b/config/desktop-secrets.nix
@ -0,0 +1,22 @@
+{ ... }:
+let mkSopsSecret =
+  { name
+  , path
+  }: {
+    name = "desktop/${name}";
+    value = {
+      sopsFile = ../secrets/desktop.yaml;
+      owner = "darkkirb";
+      key = name;
+      path = "/home/darkkirb/${path}";
+    };
+  };
+in
+{
+  sops.secrets."desktop/aws/credentials" = builtins.listToAttrs (map mkSopsSecret [
+    {
+      name = "aws/credentials";
+      path = ".aws/credentials";
+    }
+  ]);
+}
--- a/config/desktop.nix
+++ b/config/desktop.nix
@ -12,6 +12,7 @@ in
  imports = [
    ./services/kde.nix
    ./services/pipewire.nix
+    ./desktop-secrets.nix
  ];
  fonts.fonts = with pkgs; [
    noto-fonts
--- a/secrets/desktop.yaml
+++ b/secrets/desktop.yaml
@ -0,0 +1,42 @@
+aws:
+    credentials: ENC[AES256_GCM,data:ss4mF3Q7BFVs+wYc/dF85IXc8NzVkjU/ef49m/oaVnQpHSLebKxMH2v0nFMG6O3COjW+7OiZAi6A2TYx8WOZBVA7AVFCidrNr3O8LAmqATaCxkBbk+GcOTS5UO+m13Q1/L9rK5PA1ZkHbJm+V4V6e0C62VXrHZdvmDtj3N0C3zCHBvk1Dij0ngnv3DzDDNM18HFfB9VSp0X6bpgPgSKbnUsZ57SvLKpYUw6R+4dUCpa+3xxLm3Mej/z2h6RX,iv:ksAYZXbd3j7WuR2H3DLQOnLL6U9yJx2aa/dLERuP2IM=,tag:VunxQ6HnvWz34+xhq/kb6Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1wfftrnyngg7nxcwvt7m590fwx3w7p4kkrjn9uprjq0u3k3ym4s3qqzkmzm
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4dXExM1dIUEkvbmsxL3Ba
+            RDBTQjZkZDk0bGJtSDhHS1RwdlZ6NE9vVFRRCndxSDlOMFhEWlIrOG9qK09rZzBh
+            T01Wam5mNmRvNnA3MlQxYTFlWmlCU2sKLS0tIGlYQ1JkRDdNUjZiazFUUTc1Ylp5
+            ejFGUnFiUmgzbUExQlRmRXkzT3NiajgK7PJG+u2xwXYRqhForWpYoEZUb109ULU0
+            x0PGbt0DVDQH5xMcIxU8LYiMhz3siuum/Oa+xF+VdogAJgyJ2EZATg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age15c2dquc22epmmndpmd8pa3077fdl8nyr5qehr7y0c9uvavrledsq326ak9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cmZDWUNDRlpiMGxUZmg3
+            dXVnblpsQVl0RmQyS3ZmNVZZUUQwSXhTQnhzClcwNFE5Y1ZJZG1OcWhzMU9IVDlO
+            Z0xFQmhWanVYc3cybWs5SEdJU0Q4bVUKLS0tIFhxTUgvdWxjOXlJWmo4bEVobjBh
+            OTNuZmhramNLNVd3TlZuV2tkdFhESTQKxUBFFDxUXxLnch5YFsx6qOgW0NslH/IK
+            EqJo0EA/CofU/Iuzqr2tnI96FJvb/WcD9z9gk5RYT5vXLhAqBmG/Iw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-05-11T18:18:17Z"
+    mac: ENC[AES256_GCM,data:+bo22cqsldk68M9xZxCyILYB/qT35VjRtRrm10DuRIv/t6KmuZ1h60nwkLqGY2YTR8V0c9jnLSa5WUJ2s6XtUizUzdpGvyxBQtmQGhcerm6pB4MlIPo3oX+7zbejgwlCLF3W29/K/ydkbgmmzoFq0mWiI2oVkx6uyAllxiazUoc=,iv:SP40ItxHIwh2meDnYWnVESVfOTKnkMhXDrUY+fENkYs=,tag:GnhzFm50IXrr3EybFdqvOA==,type:str]
+    pgp:
+        - created_at: "2022-05-11T18:17:36Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DAAAAAAAAAAASAQdAyKMz9c76uOYKsgSXzZCJNWR0GF30ASLJNgTBtikBlx8w
+            pbHhOkqB/yD9rIGXplggw3LSuvqbt9k3G0JaTm+9/ffZ0MBFr6cT9R+yjcyTThzi
+            0l4Be5l7vpUiZstS9Sa6tIP8EAXdueoEeNGyxz5RmyeUsRwk9CjbDUomYkPnHav9
+            gvADKMXfT6bJ6pW4EyZmkzeZBofHKFmgNV1G5UsG7Z7ROpSyuOIpJwVmDQgjZC36
+            =A7lx
+            -----END PGP MESSAGE-----
+          fp: 46C6A7E14BC7812E86C2700737FE303AAC2D06CD
+    unencrypted_suffix: _unencrypted
+    version: 3.7.2