Add sops-nix
parent
1da714d2b7
commit
01f88e9051
|
|
@ -0,0 +1,9 @@
|
||||||
|
keys:
|
||||||
|
- &kalle_laptop age1y86zket4wccf9kfp65gmlcsf0a9drjux7r3zlcfqqdkh99dfnyeqts8jra
|
||||||
|
- &vm_base age1w8flykazkwxewcxpe2mn50cawn857ylcdp4r7vp459p3q7cx9uasap4stz
|
||||||
|
|
||||||
|
creation_rules:
|
||||||
|
- key_groups:
|
||||||
|
- age:
|
||||||
|
- *kalle_laptop
|
||||||
|
- *vm_base
|
||||||
23
flake.lock
23
flake.lock
|
|
@ -34,7 +34,28 @@
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"impermanence": "impermanence",
|
"impermanence": "impermanence",
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs",
|
||||||
|
"sops-nix": "sops-nix"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"sops-nix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1734546875,
|
||||||
|
"narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=",
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"type": "github"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,10 @@
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
impermanence.url = "github:nix-community/impermanence";
|
impermanence.url = "github:nix-community/impermanence";
|
||||||
|
|
||||||
|
# Sops-nix, a secrets manager
|
||||||
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
|
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,33 @@
|
||||||
|
traefik:
|
||||||
|
acmeEmail: ENC[AES256_GCM,data:aM2AQADo5s0c1b//UWPXNPlKMXNRRnPFDbM=,iv:RP7Tn8s1nYKJf0B0KO0BQkI4tnz/zUK8KqzQqeNiyZk=,tag:g4+lwK4miUdxOwLHQcUZhg==,type:str]
|
||||||
|
CLOUDFLARE_EMAIL: ENC[AES256_GCM,data:YHQ00Qh0t7owvFE/PXu8o4a8ry1P92/CVA==,iv:z982jUAm8W4Du/5dLopQZE0p5eWi4Ls7TYsiiwUlqvg=,tag:bek2eQ4duYBH8F2LG+Tr+g==,type:str]
|
||||||
|
CLOUDFLARE_DNS_API_TOKEN: ENC[AES256_GCM,data:zyTpv1AGA9GzfGfFyxqO40NKZt8LlHU1YT9kvXPZYAGUc5wE3GVxzg==,iv:W7u5gEeYNkCGO3D0Y+XBZ4PCI081QsNK10ThHKbV68M=,tag:7onKfU+mVz3euCbFrX1mdg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1y86zket4wccf9kfp65gmlcsf0a9drjux7r3zlcfqqdkh99dfnyeqts8jra
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArSmIyL2JwZXhJaE13SlJW
|
||||||
|
NXg3Nzg3bjlUOHp4blVBdmFJZmRjUkREa0RnCmhZQTJlaER4KzZHeHc2dkVXQ3RU
|
||||||
|
OFd1c2REMkR0YlVJL2lOcENNM01Ka1EKLS0tIGJFdzFpN2VqdEVQV1ZnQXVwa1Vs
|
||||||
|
enpRZVQ1dVphQmtETlY1UDdleXVRdDAKmUzn+98cPWbKXgsCKHeQzkVysj2eOIx6
|
||||||
|
UTT6+MPOskud/PPrCV9SmBsfwxZ5NJvbkYPtmRHOWr3UgJ7gOSD0ZQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1w8flykazkwxewcxpe2mn50cawn857ylcdp4r7vp459p3q7cx9uasap4stz
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmMHllWTBWd2h0c29TT2pF
|
||||||
|
NTNmM2puSG9USUtVU0drNnFmVUxaYXJES2lrCmY1d2hLR2VCVXgrb3k2Z2RJVXBY
|
||||||
|
dUhOMjJ4elhLaUZqK1BNQzh0Z3YvYTAKLS0tICtFSFBsN2FoRURwQVNGNUNRdnAy
|
||||||
|
SitKZlhUek9SM2xuRmc1dEh3N0xJak0K1HrF4CcZhq2DBjiRj8eTRBe1FHas9yep
|
||||||
|
vzEBYsnjsJ3uCtcLCqVu0CApBr6oLXPiwgRouAmRIzBUQfiXtWoEbQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-12-26T18:39:38Z"
|
||||||
|
mac: ENC[AES256_GCM,data:2dr8o3njYlYVHiFItM4MrlHfpiw7AurdedXm614MbMiX6b5bkAoIuSJHWjjwmBsQY52yTUwl5GS0oLztRGOZ9OsxiwvGRoxNG5lAPK83t4pralaWvLKVn7CCClU6fyYnUwqPEfw/YFSxlm00iBPz54zRQNvIigrZhhAM3lHswaM=,iv:sgvpiOwz183/GewbTFsW3EV8bHX7p/13b32sDPxRcMw=,tag:ZHHv4fAOT/lPZg/n9rnMvA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.2
|
||||||
|
|
@ -19,12 +19,16 @@
|
||||||
};
|
};
|
||||||
modules = [
|
modules = [
|
||||||
inputs.impermanence.nixosModules.impermanence
|
inputs.impermanence.nixosModules.impermanence
|
||||||
# inputs.sops-nix.nixosModules.sops
|
inputs.sops-nix.nixosModules.sops
|
||||||
|
|
||||||
./systems/base/configuration.nix
|
./systems/base/configuration.nix
|
||||||
(
|
(
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
|
sops.defaultSopsFile = ./secrets + "/${hostConfig.hostname}.yaml";
|
||||||
|
# Disable automatic pgp key generation based on ssh keys
|
||||||
|
sops.gnupg.sshKeyPaths = [ ];
|
||||||
|
|
||||||
networking.hostName = hostConfig.hostname;
|
networking.hostName = hostConfig.hostname;
|
||||||
system.stateVersion = hostConfig.stateVersion;
|
system.stateVersion = hostConfig.stateVersion;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue