Setup and utilize SOPS

2026-03-27 09:27:44 -04:00 · 2023-12-18 15:34:47 -05:00 · 2023-12-18 15:34:47 -05:00 · 5ab4df18b2
commit 5ab4df18b2
parent 0fc27eb75f
14 changed files with 213 additions and 14 deletions
--- a/modules/home-manager/common/all-darwin.nix
+++ b/modules/home-manager/common/all-darwin.nix
@ -1,4 +1,4 @@
-{ pkgs, genebean-omp-themes, ... }: {
+{ pkgs, genebean-omp-themes, sops-nix, username, ... }: {
  # dawrwin-specific shell config
  programs.zsh = {
    initExtra = ''
@ -23,4 +23,6 @@
      ykey = "pkill -9 gpg-agent && source ~/.zshrc; ssh-add -L";
    };
  };
+
+  sops.age.keyFile = "/Users/${username}/Library/Application Support/sops/age/keys.txt";
 }
--- a/modules/home-manager/common/all-linux.nix
+++ b/modules/home-manager/common/all-linux.nix
@ -9,4 +9,5 @@
      ykey = "sudo systemctl restart pcscd && sudo pkill -9 gpg-agent && source ~/.zshrc; ssh-add -L";
    };
  };
-}
+
+}
--- a/modules/home-manager/hosts/Blue-Rock/gene.liverman.nix
+++ b/modules/home-manager/hosts/Blue-Rock/gene.liverman.nix
@ -1,4 +1,4 @@
-{ pkgs, genebean-omp-themes, ... }: {
+{ pkgs, genebean-omp-themes, sops-nix, username, ... }: {
  home.stateVersion = "23.11";
  imports = [
    ../../common/all-cli.nix
@ -14,4 +14,12 @@
    k9s.enable = true;
  };

+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    secrets = {
+      local_git_config.path = "/Users/${username}/.gitconfig-local";
+      local_private_env.path = "/Users/${username}/.private-env";
+    };
+  };
+
 }
--- a/modules/home-manager/hosts/Blue-Rock/secrets.yaml
+++ b/modules/home-manager/hosts/Blue-Rock/secrets.yaml
@ -0,0 +1,23 @@
+tailscale_key: ENC[AES256_GCM,data:7XXDKJ/x/8F5HabD7dYE4OE8kLMUjkxCp5eBnVayErPpobo+/4P2DC6ZAUlnaxllHpFMPMQE82S4,iv:aRUvoHuwNa3kOnH38foY/dfZl3JH8LyQsZb2qDGACsM=,tag:YL3Dm66WuDIv8KwvYLfjUw==,type:str]
+local_git_config: ENC[AES256_GCM,data:DC8DzFYGT0H/5t2QhtvSc65WMil+nhj6BUdYujnNqyQJVlRe5DgIgCu280/y,iv:cCWJ9PmqIB8udCVQJfb8w5rPYIq9CWB0smtv+jiLm/o=,tag:5eeaHfPr6Y6B30CB7Yidqw==,type:str]
+local_private_env: ENC[AES256_GCM,data:69a+k6o5FvNx3QuuYim8xDBGZqq/DQbqALBSOqGjyYLtox3ghzn4/X0SGP0keBXAlECNNaoKxCZ6BQIwthEotXn4eZAt/tMybY9qttT25OrZp31xnbCxA6piVPrTWaRMwb2dc8tJ9cci7TTCOFQyR9kQ5q2A39TkLw3co8MjbG6dj6tc6vt3pviTEC679LcoT9BCm/gWP/qgM/YDJMt89ldDnqF1tDdXWOBjpAzBxEWu97xtk3huxk36diphfFEBCizGnsX8ttdZb/Ltn894+u68upIAA7Y+mGTyNz91um4ix4cxtRqWe6ElZSekzVhUoxPM/3TXwXD+klWlV4hdRA4i5GiZbNSae6oC58lpZpVyfcrLRshk3cN9yqZAGSLRMbLdeAtIefcGZEMeIIhEC+sIvlTkkJ+Rz1nbzZ2tZMeBrr8z3R1TBeMZUli2qlt+yXH+LPW5WuhaLIFncyyxloPyZSCrhgQyocRyoH4J5Ee/Ym97wpkostLnm47271m4DJQBjbalxvSG5F55E4BHdh0jAnRBe45gEE3nWjnrcJ5kux6ANqTnNfdN98PNqyT/M9AbjLkw4YnZKVzGpBV6sAHtz66EpXWuEKDkiTzmsFyvu9SvNMVbWlNxhCv3H9Xf4e6031uFO5IBJLIMWiNMLyRnI5A+ZDRWe/CbUhP9xqQ81opbKgyuSRuteflGkKMacGQpoyK0upICyBDTS+f8wOGh0SEdQbr866+bdIdd4SCGEnWmQqQRqnvdt0kpere+tZ8488gaHZDGlmxIi0T5pFU81h5+QmXaAAB4LUo5KMffGOa6C86JgtGsC6wvaGGZ0/49cBdx2qZR8O+7XN4TCktZpyI4EFlBL2sAXHYVzxhge5xg+uYo6t8ZB0RohkJhdyTy5ScV0Xq0zwgACSkZ9rmEEN1S6chAmjwO4QEzn/9HNypc/7MdDt5SgrLM6wVzptaGqLIjWgYUD8/Y8ccWKJIJdx+LkaX9+FtJtSMVx63vsGs2JaJ+MtqSmswo+E6yshs1AjXIvyr8WKOwa+Gpa5U7bpwxPEa1XtVb1qLN2EtEQ5CAK+CrqMT4q1+iwcXPXTk4csk+ia8YDYsv7w5E2dR04V86jcsXXPlaOw3V8/ljnhRt2+jtiA3l9nEq0DK6Mlz9qfwMSdS2H8ZWVg6A1IFfXae5s4FD4skxLd423Hu8YI8lx+x5LoyYmqPMEilZQMVGuglf1avEYvxp9P+p44xZRo9CMkaFikVnKo4IOU3hCSK7DWfrXRMXnWg6D3PZBfDt2B5PHGClyQiqS5wYGPvPq1cXS/jO1AZlmX2Z+nXmWXA09BokbtkKuZ19zZ+HzWja73NnX8kTBCUVEyFDlKp+W7i0qL83405ZHN2btxUDOFRe5e+CTuprcyQtm2VtRu+lGU5Ss6wxDyqDg6W2WcU3FNyhj2eqddCa7HxcY33It3XuazXityo5hmYy6F4QrR2OeUTSTXTkTnGrd3mbGS70ey/geb+SVOXM9Hg3hzuE1zDWvELU6RioipOOMQ7K6yoYdxALrWRLkst1IjQCw75l0iKXJfp+M3rk1umX0lP2Nd8eXDuumfTEvC1STg7qAuXMsYPQ1OZjdD1pmGN3lVlVCVXrOdoZBtOo69IKZfqKHougrxnH0w1N5K4hVTwCh8N/+veV7kzDihfJeQa3ipLBT86YFDz7cw8+8Jn3qU/kAz1xUmChz/6jRHILxbn81RDaXbgh8saRhzpu4cOPWPMADUwyHgfMwpPqbydIcBDvwYzazSCHcEQsOccvpxCAaoA4WWprP8yKhznTpnFp+fKcPQy2HdxgmuHSjrzyJQAxJhVXsUEtD8StZbAhwLuriDoju1K4RQsDUGEFt8/363+UaP5/Qpa03nMg5uShQdflHgC67rVBmBKUxI7hAMD7eu3xrHIZqxUc7vTEtsT+Uy1VNMkRZ36eKZYxNMMBg4Sg64UE9a+C69qrMd02NEDW+YjtFmXJL4ZNEG8INaNPrDF+ZMWTvcTQsNpPVgdvkdQdX9fAhP0aKneFTBzDSFUPf8vSRWTZ,iv:/ljcG+rx0JjgXIfGpZ+rnuss0i+ZXi3vSCtly2XRxRo=,tag:+0+yPNQuTnCj4zF8cQEeeg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTd1Rzb3dKZW45MUgzVVZV
+            RTVCb201dGthUWZTYXpJbks3anh5THBBbFFJCnl2TkdLQnVwM1RJSy9xNzQ3SURs
+            MWRZbm41dUJiUTNhN1VuSnRCbktvUzgKLS0tIFdTODVoRkhJSnBPM0o1dlhyUTlU
+            b3U5ZWtYNXgzQXljYU5DSlJkUitjUGMKMtV3Q3X9Hn/ILCm5Wf9rt5YezT76Nnrn
+            XYbIIVIglNfgaS4iVgQhMOPh+yLJ5P+swFSt6/vrDH72LUFA9YNxSw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-12-18T19:39:41Z"
+    mac: ENC[AES256_GCM,data:LwQGcpDFrsuc0yYEv0ElJa50AdnzWk/xs78UJz4VjRPOEZbw3ibo3MmLcrYSsatU4cLqtBbVO60/lWjeeKiqmzAKdbxA/sui3JLYB4aS6wEnJvrNa4+cNr9cryaAMBF2zz9eXifBGa5Hk1VuXPCwLzAftBSTqdhIWfOHA/jej2w=,iv:eUk2TJ4fVk8y4FPYW9mgoT4UHRH6SP5GEWYsf68K714=,tag:TPn9xY+IiWHFEuD4jVvvkA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/modules/home-manager/hosts/nixnuc/gene.nix
+++ b/modules/home-manager/hosts/nixnuc/gene.nix
@ -3,6 +3,5 @@
  imports = [
    ../../common/all-cli.nix
    ../../common/all-linux.nix
-  ];
-
+  ];  
 }