From 13989473a72b4119d0cfdcf45d11e7c8823b36a3 Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Mon, 18 Dec 2023 22:12:17 -0500 Subject: [PATCH] Add SOPS on AirPuppet --- .sops.yaml | 5 ++++ modules/home-manager/hosts/AirPuppet/gene.nix | 9 +++++++- .../home-manager/hosts/AirPuppet/secrets.yaml | 23 +++++++++++++++++++ .../hosts/Blue-Rock/gene.liverman.nix | 1 - 4 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 modules/home-manager/hosts/AirPuppet/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 0956b03..4569401 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,6 +2,7 @@ keys: - &system_nixnuc age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4 - &system_rainbow_planet age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck + - &user_airpuppet age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77 - &user_blue_rock age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d creation_rules: - path_regex: nixnuc/secrets.yaml$ @@ -12,6 +13,10 @@ creation_rules: key_groups: - age: - *system_rainbow_planet + - path_regex: AirPuppet/secrets.yaml$ + key_groups: + - age: + - *user_airpuppet - path_regex: Blue-Rock/secrets.yaml$ key_groups: - age: diff --git a/modules/home-manager/hosts/AirPuppet/gene.nix b/modules/home-manager/hosts/AirPuppet/gene.nix index 12d0ec2..897b11b 100644 --- a/modules/home-manager/hosts/AirPuppet/gene.nix +++ b/modules/home-manager/hosts/AirPuppet/gene.nix @@ -1,4 +1,4 @@ -{ pkgs, genebean-omp-themes, ... }: { +{ pkgs, genebean-omp-themes, sops-nix, username, ... }: { home.stateVersion = "23.11"; imports = [ ../../common/all-cli.nix @@ -6,4 +6,11 @@ ../../common/all-darwin.nix ]; + sops = { + defaultSopsFile = ./secrets.yaml; + secrets = { + local_git_config.path = "/Users/${username}/.gitconfig-local"; + local_private_env.path = "/Users/${username}/.private-env"; + }; + }; } diff --git a/modules/home-manager/hosts/AirPuppet/secrets.yaml b/modules/home-manager/hosts/AirPuppet/secrets.yaml new file mode 100644 index 0000000..964504b --- /dev/null +++ b/modules/home-manager/hosts/AirPuppet/secrets.yaml @@ -0,0 +1,23 @@ +local_git_config: ENC[AES256_GCM,data:9jIVTh6nqDGcKj716fyUuXy+6XtmeausivGSyCjZzRCJK57qEqDjmSE=,iv:K8Va81ikBySImejlq9BJAHfwKMZ87BId75HyX/fO73M=,tag:S8DH6Ue66YeQpY4QXBM7SQ==,type:str] +local_private_env: "" +tailscale_key: ENC[AES256_GCM,data:me57xxTIe9UUTMaS89FTZEH4q2PBjOkKnLU6gxtecttKG4NpxX8UhTRB9V9sUVHhOd9Ap6V1iHA=,iv:laPC5cs2BDzLgHvvvnXG7bhNsZkg/3NEskM2WNp45ys=,tag:FrlDqiaf0arcmZ2jfvadUA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBL3RFM2VkTy9IODJTeDJD + S1lSYlV6bi93Y0RFd3ZLRTZQblA0Vm5CdEFnCmU5QkVkdmx0cHQ1bjkxa2k1YTVp + dzluekNVNVhuY2dMVGp5ZUlFV1hkL1EKLS0tIENEdUUzaXdqbEpvV3picVc0Vlpx + U2RiQ1NML0k3R09DNnZMTVdpZkdKbjQK1S6OLzASOC9zcsRPVK4uLrfgjkyouECJ + rdM/gP2BCk9vLWuC+RVEKl7+H9PDQZv14NVYity6q3LqLNasEGjR3w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-19T02:57:53Z" + mac: ENC[AES256_GCM,data:dzwtvFMDXtiC8dSLjzlgURt/Z9cg8vv90P5b8iV7nb5iKy8FyzCRamTacUCeWNwhXngxAKiHYqonDka8BjvBT1K9sgsz3x2miOfV97gt1DWyOV5Ai0LLp6QwB3rWGaMGWWBFEmJviv4iAE+RRCnhdJHVYQJqRf1BLCudv/VxbNs=,iv:mVnV2uhg/yPMvnNkimz9iFwcHA5hWyk4nrFEreco+fQ=,tag:+98Ww009PUChzirtnWZ8pA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/modules/home-manager/hosts/Blue-Rock/gene.liverman.nix b/modules/home-manager/hosts/Blue-Rock/gene.liverman.nix index 3adea47..7160605 100644 --- a/modules/home-manager/hosts/Blue-Rock/gene.liverman.nix +++ b/modules/home-manager/hosts/Blue-Rock/gene.liverman.nix @@ -21,5 +21,4 @@ local_private_env.path = "/Users/${username}/.private-env"; }; }; - }