sops everywhere
This commit is contained in:
parent
093b0ddc58
commit
7b1ca01cf1
GPG Key ID:
47831B15427F5A55
7
home/deepak/.sops.yaml
Normal file
7
home/deepak/.sops.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
keys:
|
||||||
|
- &nixosEggYoke age1tk3vdafrm93dyqpnjymns92z9gmcrnr23cd6fh7ten8092j4tfas84wyhe
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: secrets.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *nixosEggYoke
|
||||||
@ -177,5 +177,19 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
age.keyFile = "/home/deepak/.config/sops/age/keys.txt"; # must have no password!
|
||||||
|
# It's also possible to use a ssh key, but only when it has no password:
|
||||||
|
#age.sshKeyPaths = [ "/home/user/path-to-ssh-key" ];
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
secrets.test = {
|
||||||
|
# sopsFile = ./secrets.yml.enc; # optionally define per-secret files
|
||||||
|
|
||||||
|
# %r gets replaced with a runtime directory, use %% to specify a '%'
|
||||||
|
# sign. Runtime dir is $XDG_RUNTIME_DIR on linux and $(getconf
|
||||||
|
# DARWIN_USER_TEMP_DIR) on darwin.
|
||||||
|
path = "%r/test.txt";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
23
home/deepak/secrets.yaml
Normal file
23
home/deepak/secrets.yaml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
hello: ENC[AES256_GCM,data:mdwrgkzAvxazg319XbXnHTMUOJLO5ybx7iK0HfRHn0tYj+5q8EQB7XxQThF7Xw==,iv:XJIl2Idal+O61ONAKCaCGaGvB7mwyBMtd2+THsaeqdg=,tag:/vN0rkCNMPe62uMxwMg75Q==,type:str]
|
||||||
|
#ENC[AES256_GCM,data:XQeqeSMpzA/awNfbiWdq0GhfreE+0a5t1dmd5Ic=,iv:Tv0uGl9LtoF+F5o2HBGMnPCU05eHmekSn51HNxzlRWw=,tag:fQdevcwTK0oI3EzRZik0XA==,type:comment]
|
||||||
|
anthropic_key: ENC[AES256_GCM,data:tcuddpeu3PKPXrf8EgmSfjd12d7ptLok/DlumQC/oIzTGG7sYsvxseZrDElsYT4AGmkWPNVVhac+3PmKfGFL4rV16u+6G+weMgTCYsDHyg0KaWM5a01MB3GMf2HyA65RYUxaRW4kP+6UlOXO,iv:dyD6lxxLa99HP9NXf/ewZu1h6Sm6KBYPJqwM3l6SX88=,tag:23+3ad8o67Niyil9M+B4ag==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1tk3vdafrm93dyqpnjymns92z9gmcrnr23cd6fh7ten8092j4tfas84wyhe
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxVXdoaHhPdE8yVC9YcCsr
|
||||||
|
dDNiTldVcVZiVVJzMG4zSHhWenJUbmhxMXhVCkoxOE5QZkxBTmQ3Zm5qZml1MVBP
|
||||||
|
Y2UvWXpuc1ZhcFFIRktIb0RvWXlBT1EKLS0tIGZYWDFyWHNYUmc3U3UxOW1yUG9m
|
||||||
|
OENPOXBEZ3ZrU1k1bGk2Tko0VzcyME0Kc+d+9WO9Yv7wbg56cnGyklaeoQTfKqYr
|
||||||
|
7sycCyJFzlihyfiPxkHzGFkAudmakuwKo4cj+L4V7pDLta1leA4X+w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-03-05T20:08:03Z"
|
||||||
|
mac: ENC[AES256_GCM,data:he/4cI1SH0uloLOWd7Qi4wtrOrFQKE3xy6doDg0Uv0mp7ViScYiYbIq8r1bM/zH0X8aTKyYj9O75b+rm+vS3Q8sG8PFj6vHvF4bwduO1jobNnLnUjJDgpSmpLneGAPJyyV2UBFXRCQOJ0anshmNCD0bFPyV9SnSaf5NgBdBpkeI=,iv:7PmJ6zuY+tMzectAuDp6uCUpxbDp0CWqCCQzpq2evjY=,tag:OIwFQ96feI75ld9feB25Og==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
||||||
@ -54,6 +54,7 @@ in
|
|||||||
};
|
};
|
||||||
modules = [
|
modules = [
|
||||||
./nixosEggYoke/configuration.nix
|
./nixosEggYoke/configuration.nix
|
||||||
|
inputs.sops-nix.nixosModules.sops
|
||||||
homeManager-24-05.nixosModules.home-manager {
|
homeManager-24-05.nixosModules.home-manager {
|
||||||
home-manager.extraSpecialArgs = {
|
home-manager.extraSpecialArgs = {
|
||||||
withGUI = false;
|
withGUI = false;
|
||||||
@ -64,6 +65,9 @@ in
|
|||||||
home-manager.users.deepak = {
|
home-manager.users.deepak = {
|
||||||
imports = [ ../home/deepak/home.nix ];
|
imports = [ ../home/deepak/home.nix ];
|
||||||
};
|
};
|
||||||
|
home-manager.sharedModules = [
|
||||||
|
inputs.sops-nix.homeManagerModules.sops
|
||||||
|
];
|
||||||
}
|
}
|
||||||
NixOS-WSL-2405.nixosModules.wsl
|
NixOS-WSL-2405.nixosModules.wsl
|
||||||
];
|
];
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user