change secrets

Former-commit-id: 9bf66b26cf
2026-04-02 11:12:09 +02:00 · 2025-03-19 09:51:46 +01:00
parent b20bf2fbce
commit 7c1f56d6a3
5 changed files with 41 additions and 8 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -59,6 +59,7 @@
          { _module.args = { inherit inputs; }; }
          inputs.home-manager.nixosModules.home-manager
          inputs.stylix.nixosModules.stylix
+          inputs.sops-nix.nixosModules.sops
          ./hosts/server/configuration.nix
        ];
      };
--- a/hosts/laptop/secrets/default.nix
+++ b/hosts/laptop/secrets/default.nix
@@ -23,10 +23,6 @@
        key_groups:
          - age:
            - *primary
-      - path_regex: hosts/desktop/secrets/secrets.yaml$
-        key_groups:
-          - age:
-            - *primary
      - path_regex: hosts/server/secrets/secrets.yaml$
        key_groups:
          - age:
--- a/hosts/laptop/secrets/secrets.yaml
+++ b/hosts/laptop/secrets/secrets.yaml
@@ -1,5 +1,5 @@
 pia: ENC[AES256_GCM,data:0bnhHeVqKSLHVimd78a94ShHlO3+LUoZ4oiKD3cnBYkaZsw=,iv:S+/IChlFlqdI+PyFF+Ti4AJUkch2MS0qKiqHL1Q3RMk=,tag:+v2kV70ou84eIc01dKnAhA==,type:str]
-sshconfig: ENC[AES256_GCM,data:/sDTGVeYRjxF5Epp5kmVS0ScSYOqOs2grX0+Ap8HJc8CQftpNOYXNYdEyqLDMc5g5ualaO4iKg4sQ76J4j9ZPugt4iprIvOo2Uxmu7KRU47Z8SNwrrMNpv6x/XA2P6r261e/e/pOHyrmiFfV/I5Km9IwGqY5TWbEhvjx8qyRO2bQDIdffI1L1ZWJGC9ZOZ4o5RJCr2xB+qxLLI2pl8qHZhvfZlGHnyHw5ne0RfAFubIrW4nQJTamoaGHZqWro4tVSfXAEb+9IsYCc1aj3MehVdV8PUQ38/LxL2MAQTt9bs7sHLf9DmxZ6rGPWmpJ+IRoQbP1PA65tobFOd+Kf13XvWymNUcQpQFHDj0vpvDONxIikO+vj2T7SteRRPy+38UPdB8jrHfQ1JrGbxUQIrWOWeD3S44lINmquIMclJQ26zf6nvklXR7xCuzNAvmjublsnYK+CGDkt/ap/kDD7nCuQYYY,iv:VX55dyt2N80LJPDYoUES7ZWJjlqVyQrUQWvOQ/yItBc=,tag:6NlHwy0SqJ40+ltQHzmX7g==,type:str]
+sshconfig: ENC[AES256_GCM,data:wktwwpHsd6u/A5ti0RmWZB5qGO5Ok0ly0SucjBIUxIfMEF2b8Cbmyg6nBqqELEDo7GQ8Hlvpxa1Pu7ajgXy35HNupb33KSXMLofvxCoyfC9UbzT85nHgGpE5kGv9iTpiuBsaDTAL9UCBcEaJED8xbUIUG3RME1m1Qqi07081mtqY7xR53QgaUc2w8ATCQ1ymiW7xZ0IbZw8G7RWzV7AXMpC1VOgr1NFgvUfLs4L/1PdG40fYwFaF1BcGtzUnkeZCdeAnMWj55GI5+6OX80HYuIgPApHfjlgRVaQ2c6Utsdc2wqekkPut996nm6bGCpld3JlKL/VXnsnhJoKgfdulL2o8uDYypcacYwTXonKsHqXX4tkhniDsyB6PA0Ty/eXrzwbsjD/yTcDHDJX2Xy594nRgLDM+VvyVosH7WhIDcMrk/RpSbBB2T7mNORI0VlLQFdMX2Rc6b6X/kBbd78ZoIthiaiZdgRpX++OGbwr9Fky8ml88,iv:x8aekarsRkyMmU1GjZt9El8dS1B51M6Htv+68yfVB/o=,tag:y3TkpEVf9TSIi3iK5JqilQ==,type:str]
 github-key: ENC[AES256_GCM,data:xUgFMlBo8e+3eXqNscxbby1dWug3SgUagDiNUe/IGVbU6cczkaJ3uOaB0OuRBQ8AYhOLkzXj0pIKjUrElHwmYrhURtS1aF4SFEGJsjhhobNA//j3E2/5/nLVjfco+lRzyHdwmsNhEUCqEhsXrrodJMb39H4b5oip3z0rjc729YveiWUKQxXVZVPurp3nq9yNnix9R4CA6XYFRW6T6MNqgPD5qhbcDlhxLb/SN+uI5h+5eZIS24VDWlKaTaCLL5KLhZmfuA37SquOQ+edi9Yg8MnfrZkMrp/3qmAjP2rSQLMOc4QdQCLQBQSf0/snpydgLwY+FoJmMSztwtkqUdIZWOfDUJbJxegEOrAR68jLTNbp+GYiDn3thtOZDiK5p/M1amjCT+A9qeFMed5WS+aZHNTRbR9UcfiP6+48MGZFt1mr7q+/CoL04/DTp0w6tUf6/SZD31NvTJDqngkhpc0ZH9Dh5+2JcnBWpq25AM36kZTn1hIQCLNTr/oGWZXSLA2tksAhQCaUcFj4IIh6Bl96,iv:GEJsAs5NriwENYTV/VShgJF6iMmrtTwNiXOvfXyEP8E=,tag:nfZgsFqaet075GjQAoVZxQ==,type:str]
 gitlab-key: ENC[AES256_GCM,data:6271Tg7LIJsXAw7Co32vva+iUWv+eRAfVfXaGkoirHxiPTAgZfq8yDpGJwti2D/aFnLvbURcUgp3B5zy1aURu9puXi6QMu3orJOE2Zx0dX3lyeHyIhOZ1hAWsQxwBDkJYODuMZbIKHNrF26Mkk6smFF9SrGoADZGxY7XSou/iopw6yrLvQAXP6lN55PQvoP5/ek/QzKNwjJAbAjp7FjjtPqPUbUdj7bfIfr9avs6gpRYnRzb2H3auyhb5qvyuRWnKu4+FeZUofC7HnfRU1eSI8UzG49Rg4f2b1Xqr0JtsjvEmuRx7lbptINXEAjW7zaSZ2B9NgotWPIzkNZRNZkuTEaOulBf5iH3wJ9GM1FcbUu2gpCt6y+CMIk5QkVvETYtKuALLbcPx9/sc90doiH1411LeKQCs5l88BBILG9KPkKmXiGGUVNxzFtjbRYQIUEmmyl95kPPEdCkkzGzHXNfE3F9HRu4MCGKPK2yZPZtCXd3Jp1b21wKSIRNYqLqxru+J8eLSljd3czO0SuTG/Vx,iv:E+y3aVLaiStlPLTQBqyfJuEXtAQyOvDUYS+XfuOHuA0=,tag:6d1IAsGcmcpgL1pE9dDcbw==,type:str]
 jack-key: ENC[AES256_GCM,data:VfCl3wH0MMBc8QDyjLDFeSvzSEsf7uGpfJvRjFrmjW+bPRUXBpZhJV8a9VQIAz7z7zZXvzARMfCeI0ydyC57CW81GH5/H5pneJ4b+xreINjVfdLbL1nC1thelo/O64jda/L+xVKhgE+QQi8/zt4JmXGghkP+74nYcTTaMpmcbgWw354J1ybXqyCEY+88nsJ1d2s+M7M2bplx4fGb7sLUs6sqdsad3sENzhH/0HQCFXreHTtgsLbIs8ccmdRgFNKM8/wD0OoW76rOQsJoA9JY4yOTQNVoX5M8+Olj6+wVlt6QBrWrYRuEztGnHrHvzxiHXtmEkMwVNfoPpEflQyRYRa0rVp/66REOkMckGx6/LbxKFgrxnifRlsK3kWd28v2bRGVQOghUluYUtVkaJ+eh6o6ik0NQKx8/H6BznBSDE6MjDwbLv434LHBfDtAqhWN1eMbOlunFivsl5Hb/6rl9kydHlcCS6FY8cUHoKQ90gDaUuDrvUifwmdO5hU0GH5tgvGi1ReK9ndcpQsrHptG6,iv:oC1xU5Tu3The105VYRmxIw4kEwDoqe8T/EH6mmqpqwQ=,tag:Pu8c536u6W7ALrqjRsvXDw==,type:str]
@@ -18,8 +18,8 @@ sops:
            cmVxVC8rVDlWMUdZaGw3bmdOaWZGS1EKYahBlc8XpB5UdKZQkvxbLcKQ/xkFJjWo
            FSfQWnjhe/a7BJtJEcKZkjOQU0mYqlSu+uT2RA9diCQeRUJPRF+nAw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-05T12:05:15Z"
-    mac: ENC[AES256_GCM,data:ggTUKhmfUp4CCE6w3uiuwV0ys6xUhaMBeXi4WiaxkED/lB9iUdP9UssE9iF5lToyNxt/6O2C60CXc4OvpqBxe5dsxPkVNeB6PNhQrD5Ga8+Cu0i6hKz6Fmm0Rq461OuX0Nu2Nl3MUBCWxjM0+1ywfLRKDcjoVC7RzP5eo1NtrV8=,iv:G+Ntog1claKwAY4PEpUK1hjNzspDZiO3bdWNxugUXDQ=,tag:Yg2ZJEV2VrnTmpw8TykmZg==,type:str]
+    lastmodified: "2025-03-19T08:38:27Z"
+    mac: ENC[AES256_GCM,data:ZLljLyyibu9KMdJIwf9DsdKr4aVNWIKOneU05iPEOM9paLw/cSXVYqbfmj0i7xwvpZEin6QtUrUmIPepDIRMtIK8chmk7U5Lqxzp7XA0/IbXw0fkGg3+NmauHUGdeb1BJBLTT4AD+W0aqSayT9AvE40JOXMDzOW50WdUPzI5Ou0=,iv:6KdKZK0RoCkfTeO4oAUS1jRxcGZFrlTIXwXothQwsYE=,tag:VFL+TEjLZEue/hT1nl9f0g==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.9.4
--- a/hosts/server/secrets/default.nix
+++ b/hosts/server/secrets/default.nix
@@ -0,0 +1,15 @@
+{ inputs, ... }: {
+  imports = [ inputs.sops-nix.nixosModules.sops ];
+
+  sops = {
+    age.keyFile = "/home/hadi/.config/sops/age/keys.txt";
+    defaultSopsFile = ./secrets.yaml;
+    secrets = {
+      "example" = {
+        owner = "hadi";
+        path = "/home/hadi/test";
+      };
+    };
+  };
+
+}
--- a/hosts/server/secrets/secrets.yaml
+++ b/hosts/server/secrets/secrets.yaml
@@ -0,0 +1,21 @@
+example: ENC[AES256_GCM,data:pB2An4tSXQkNMYRGKw==,iv:0h3gB4N7RuTrQa0uGWE+x0FsIWdJwI2EOLTi/3EW/Dg=,tag:bMfXlPG0wA9kT01T2hmqiQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Z3MzZmoyVDRtRmd3amFJ
+            MWVvWlA1c3RFeVMrbHJQQmNTcG9ZN2tXSWxjClJ0L1psd1RFM1EreG1yNHdOYzZF
+            aXphL0lvcGNFTFFMbkNocGNXY00xdW8KLS0tIFh2YjN0aTlRazBXSktnQWx0L3BY
+            TEc5d01RaVFGNXc3dlljM0FTTHpENjQKOqwI+pl8UxVIVl43glnOYvW660/PsDGY
+            yefODJGVtHrOm3yeXC2xlTi3sFW+c5wUl2yPqddbvcBt5Ud/yd4iXQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-03-19T08:43:05Z"
+    mac: ENC[AES256_GCM,data:5YWT14ARSwyFcYWt7N6hfif/Tq44xp1KWLVV5BxBxIjFPskgPUZMUHSSRmZp4gf2zFPAoWOPIoQKax/tGDGsZ2bhkF5V2inY1cizIE8ODgbnBtF5yHs7eK8p96jbyLwvYPKJbownYAfTbQvYEhionouJPGqc8/x3gQ32mkBJT2M=,iv:Xy4mPzFxBORF3IeD0oFz5U8TaqjLO1bqm7cnFYssHyc=,tag:TyBL3V4qg8UC8IXx7Woy6g==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4