deepak/nixconf
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

sops everywhere

Browse Source
This commit is contained in:
Deepak Mallubhotla 2025-03-05 20:25:46 +00:00
parent 093b0ddc58
commit 7b1ca01cf1
Signed by: deepak
GPG Key ID: 47831B15427F5A55
4 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
home/deepak/.sops.yaml Normal file
View File

@ -0,0 +1,7 @@
keys:
- &nixosEggYoke age1tk3vdafrm93dyqpnjymns92z9gmcrnr23cd6fh7ten8092j4tfas84wyhe
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *nixosEggYoke

14
home/deepak/home.nix
View File

@ -176,6 +176,20 @@ in
eval "$(${pkgs.direnv}/bin/direnv hook zsh)" eval "$(${pkgs.direnv}/bin/direnv hook zsh)"
''; '';
}; };
sops = {
age.keyFile = "/home/deepak/.config/sops/age/keys.txt"; # must have no password!
# It's also possible to use a ssh key, but only when it has no password:
#age.sshKeyPaths = [ "/home/user/path-to-ssh-key" ];
defaultSopsFile = ./secrets.yaml;
secrets.test = {
# sopsFile = ./secrets.yml.enc; # optionally define per-secret files
# %r gets replaced with a runtime directory, use %% to specify a '%'
# sign. Runtime dir is $XDG_RUNTIME_DIR on linux and $(getconf
# DARWIN_USER_TEMP_DIR) on darwin.
path = "%r/test.txt";
};
};
} }

23
home/deepak/secrets.yaml Normal file
View File

@ -0,0 +1,23 @@
hello: ENC[AES256_GCM,data:mdwrgkzAvxazg319XbXnHTMUOJLO5ybx7iK0HfRHn0tYj+5q8EQB7XxQThF7Xw==,iv:XJIl2Idal+O61ONAKCaCGaGvB7mwyBMtd2+THsaeqdg=,tag:/vN0rkCNMPe62uMxwMg75Q==,type:str]
#ENC[AES256_GCM,data:XQeqeSMpzA/awNfbiWdq0GhfreE+0a5t1dmd5Ic=,iv:Tv0uGl9LtoF+F5o2HBGMnPCU05eHmekSn51HNxzlRWw=,tag:fQdevcwTK0oI3EzRZik0XA==,type:comment]
anthropic_key: ENC[AES256_GCM,data:tcuddpeu3PKPXrf8EgmSfjd12d7ptLok/DlumQC/oIzTGG7sYsvxseZrDElsYT4AGmkWPNVVhac+3PmKfGFL4rV16u+6G+weMgTCYsDHyg0KaWM5a01MB3GMf2HyA65RYUxaRW4kP+6UlOXO,iv:dyD6lxxLa99HP9NXf/ewZu1h6Sm6KBYPJqwM3l6SX88=,tag:23+3ad8o67Niyil9M+B4ag==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1tk3vdafrm93dyqpnjymns92z9gmcrnr23cd6fh7ten8092j4tfas84wyhe
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxVXdoaHhPdE8yVC9YcCsr
dDNiTldVcVZiVVJzMG4zSHhWenJUbmhxMXhVCkoxOE5QZkxBTmQ3Zm5qZml1MVBP
Y2UvWXpuc1ZhcFFIRktIb0RvWXlBT1EKLS0tIGZYWDFyWHNYUmc3U3UxOW1yUG9m
OENPOXBEZ3ZrU1k1bGk2Tko0VzcyME0Kc+d+9WO9Yv7wbg56cnGyklaeoQTfKqYr
7sycCyJFzlihyfiPxkHzGFkAudmakuwKo4cj+L4V7pDLta1leA4X+w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-05T20:08:03Z"
mac: ENC[AES256_GCM,data:he/4cI1SH0uloLOWd7Qi4wtrOrFQKE3xy6doDg0Uv0mp7ViScYiYbIq8r1bM/zH0X8aTKyYj9O75b+rm+vS3Q8sG8PFj6vHvF4bwduO1jobNnLnUjJDgpSmpLneGAPJyyV2UBFXRCQOJ0anshmNCD0bFPyV9SnSaf5NgBdBpkeI=,iv:7PmJ6zuY+tMzectAuDp6uCUpxbDp0CWqCCQzpq2evjY=,tag:OIwFQ96feI75ld9feB25Og==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

4
hosts/hosts.nix
View File

@ -54,6 +54,7 @@ in
}; };
modules = [ modules = [
./nixosEggYoke/configuration.nix ./nixosEggYoke/configuration.nix
inputs.sops-nix.nixosModules.sops
homeManager-24-05.nixosModules.home-manager { homeManager-24-05.nixosModules.home-manager {
home-manager.extraSpecialArgs = { home-manager.extraSpecialArgs = {
withGUI = false; withGUI = false;
@ -64,6 +65,9 @@ in
home-manager.users.deepak = { home-manager.users.deepak = {
imports = [ ../home/deepak/home.nix ]; imports = [ ../home/deepak/home.nix ];
}; };
home-manager.sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
} }
NixOS-WSL-2405.nixosModules.wsl NixOS-WSL-2405.nixosModules.wsl
]; ];