genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 17:37:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Setup and utilize SOPS

Browse source
This commit is contained in:
Gene Liverman 2023-12-18 15:34:47 -05:00
parent 0fc27eb75f
commit 5ab4df18b2
14 changed files with 213 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/hosts/nixos/nixnuc/default.nix
View file

@ -1,4 +1,4 @@
{ inputs, config, pkgs, username, ... }: {
{ inputs, config, hostname, pkgs, sops-nix, username, ... }: {
imports = [
./hardware-configuration.nix
];
@ -72,7 +72,6 @@
enable = true;
openFirewall = true;
};
openssh.enable = true;
tailscale = {
extraUpFlags = [
"--advertise-exit-node"
@ -82,6 +81,21 @@
};
};
sops = {
age.keyFile = /home/${username}/.config/sops/age/keys.txt;
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config = {
owner = "${username}";
path = "/home/${username}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "/home/${username}/.private-env";
};
};
};
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";

23
modules/hosts/nixos/nixnuc/secrets.yaml Normal file
View file

@ -0,0 +1,23 @@
tailscale_key: ENC[AES256_GCM,data:aB3KUD4QYm+ZDrjjLcU3gQ8kneVGkVYBsrkVcioOhxunal2FekLDrpKxJwNXuiwx2M5vipnGAEPO,iv:e+tPPfVYkv4U0KRGwspWb1O3ZQom/WFFGm9H9cd/KKE=,tag:ZG5z1C18bj1L7DcGzunQ0w==,type:str]
local_git_config: ENC[AES256_GCM,data:Nqwog5C4wnRzNoS4oqaYQ4J1DIj7fUL1y/nXESquR0N7KQ+ebhvuJnM=,iv:Q6o45LZStS3k8iO7s2P6u7OrKFu5alplshZuGgeRKmk=,tag:NcLJrI9AK4eDroODX15lcA==,type:str]
local_private_env: ""
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6djJ0Z2t4SFNjbzlHUmt2
NjVudktRcU9yZ0NEQXlnZG5uYTNoNExySFUwCldETHFwNzhwWEExTmxVV2dkTlBL
VWYzbEtENUlhQmtUam9WTlhib1NZZDgKLS0tIGY2czVIdzVrQ2VoaGExNGlET0s5
bHZlNTZDV2NYU1hQQy9mem80SFF6TFkKfmjkJBfTdh0vTtGaVx1t3tHJvSsAwdYD
PF025X9U+yG2oIopwXEVBkxcD70eyuJn3OqH0xoVLBkbhNM9i8LHrA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-18T23:32:41Z"
mac: ENC[AES256_GCM,data:ZBxEwy4+Z+o+WjpiSyYoRl3yipE38WlosHdlCjSW6evwrgZtMhGqOjvYloKLMhWNdRdRbpmfQfXjsdaiLIkyWMYAQ4zv3GdVTwCzjFOEQV/1J/7yohBMT6zDd73go73/2jys4HPYp44AuLIMm5ngzmt+fszOUvnuOFUBogqJ/rY=,iv:qnFlQ5NKbnu96ZURN5t1dS0279Pid9D5reWX1xVkqeQ=,tag:61rKxPC1TnuAgOJy0090Pw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1