aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2024-05-29 00:30:30 -0700
committerMark Nipper <nipsy@bitgnome.net>2024-05-29 00:30:30 -0700
commit270ae591f573e470f951ab1dd1ae70bcbee9334b (patch)
tree3577efe14b346214c261c2062258a14db5fae407
parent660895110f247c0ac3a76709a38ca5f5ea2fbfcb (diff)
downloadnix-270ae591f573e470f951ab1dd1ae70bcbee9334b.tar
nix-270ae591f573e470f951ab1dd1ae70bcbee9334b.tar.gz
nix-270ae591f573e470f951ab1dd1ae70bcbee9334b.tar.bz2
nix-270ae591f573e470f951ab1dd1ae70bcbee9334b.tar.lz
nix-270ae591f573e470f951ab1dd1ae70bcbee9334b.tar.xz
nix-270ae591f573e470f951ab1dd1ae70bcbee9334b.tar.zst
nix-270ae591f573e470f951ab1dd1ae70bcbee9334b.zip
Add sops-nix for darkstar
-rw-r--r--.sops.yaml7
-rw-r--r--hosts/darkstar/default.nix9
2 files changed, 15 insertions, 1 deletions
diff --git a/.sops.yaml b/.sops.yaml
index 99731a8..affb283 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -19,7 +19,12 @@ keys:
- &nipsy age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va
creation_rules:
- - path_regex: home/nipsy/secrets/ginaz.yaml$
+ - path_regex: ^home/nipsy/secrets/ginaz.yaml$
key_groups:
- age:
- *nipsy
+ - path_regex: ^hosts/secrets/darkstar.yaml$
+ key_groups:
+ - age:
+ - *darkstar
+ - *nipsy
diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix
index e175588..5a08440 100644
--- a/hosts/darkstar/default.nix
+++ b/hosts/darkstar/default.nix
@@ -86,5 +86,14 @@
#};
};
+ sops ={
+ age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+ defaultSopsFile = ../secrets/darkstar.yaml;
+
+ secrets = {
+ "kea-dhcp4.conf" = {};
+ };
+ };
+
system.stateVersion = "23.11";
}