diff options
author | Mark Nipper <nipsy@bitgnome.net> | 2024-10-14 03:12:31 -0700 |
---|---|---|
committer | Mark Nipper <nipsy@bitgnome.net> | 2024-10-14 03:12:31 -0700 |
commit | 4c6c26cdaf11a90ea77c0978a8478bcdffbd3df5 (patch) | |
tree | 3f14a49c0d6033dd15bd2c0c390140797c9872d3 | |
parent | 65358bb18a33c10bd216c93b61dcc5fc1e2c0fd1 (diff) | |
download | nix-4c6c26cdaf11a90ea77c0978a8478bcdffbd3df5.tar nix-4c6c26cdaf11a90ea77c0978a8478bcdffbd3df5.tar.gz nix-4c6c26cdaf11a90ea77c0978a8478bcdffbd3df5.tar.bz2 nix-4c6c26cdaf11a90ea77c0978a8478bcdffbd3df5.tar.lz nix-4c6c26cdaf11a90ea77c0978a8478bcdffbd3df5.tar.xz nix-4c6c26cdaf11a90ea77c0978a8478bcdffbd3df5.tar.zst nix-4c6c26cdaf11a90ea77c0978a8478bcdffbd3df5.zip |
Maybe fix SOPS
-rw-r--r-- | home/root/arrakis.nix | 9 | ||||
-rw-r--r-- | home/root/secrets/arrakis.yaml | 30 | ||||
-rw-r--r-- | hosts/arrakis/default.nix | 1 | ||||
-rw-r--r-- | hosts/secrets/arrakis.yaml | 5 |
4 files changed, 4 insertions, 41 deletions
diff --git a/home/root/arrakis.nix b/home/root/arrakis.nix index 9edd186..43c0bc3 100644 --- a/home/root/arrakis.nix +++ b/home/root/arrakis.nix @@ -76,13 +76,4 @@ nix.extraOptions = '' !include ${config.sops.secrets."nix-access-token-github".path} ''; - - sops = { - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - defaultSopsFile = ./secrets/arrakis.yaml; - - secrets = { - "nix-access-token-github".path = "%r/nix-access-token-github"; - }; - }; } diff --git a/home/root/secrets/arrakis.yaml b/home/root/secrets/arrakis.yaml deleted file mode 100644 index 6b5b3b5..0000000 --- a/home/root/secrets/arrakis.yaml +++ /dev/null @@ -1,30 +0,0 @@ -nix-access-token-github: ENC[AES256_GCM,data:xZYk/BVSRuQKZpBXWotT2yHthhYE3ZmiLJfoVeSkiRlDuPhZEbPYhHmDqqSeb/1jsERmKqmMMVUyXnjsrZ3CJvvZDQU=,iv:0p7A3Ke6IgLzp259JPaGNJ5Kb8E41c1//s/2MBIoAYU=,tag:scowbHsFxjww5rmuHaB/4g==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqSmR3ZDYzSGJYY3NYeVhJ - RUUwQU1nRWhxa0NPdU85V0RDZmc2NC9nRFcwCmE3TTlidWRFUENMd0NFWjJ1NldZ - REgyRnRsOFl4MHRRL0dibDkrN2psS0UKLS0tIG04MFlkTERzU284VUtnWHVYSzV4 - ZjJCUDJZNFo2MHVEQ1F5K3J1cVpkQWcKNQOTCwMghAxEEPje8QkGzJ8Wnsng9iCO - e8K9kgDYnf78ZtM0JFVeLal7WjeKbq3dn1rjX00w8d5ByR3oQEDyFg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXelNsTGlhcXF5dERGdHB3 - NmNhN0pkTWNmczBjVlRDT3NSYjAvendtbWk4CjRQWjNzTS9COXhOTW9tempjS2wy - c3hMTnFCdmlLd01ZbjdMcHkxa0xCK0kKLS0tIEF3NWh0RTJPZkNqb2J0cWlSaGxv - MUJsWEc0U3BjWW5RcGlQazBGbkM2MzQKs04xzaPXbgWARenoMmdMzy3MijR/Ln5r - wmwC6eaWU0TxKPHhyZDFdRXc8ec+5aUjfVeTOlOUBaoHPNCFeB9UHw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-14T09:18:10Z" - mac: ENC[AES256_GCM,data:/IWjv0OO4YCl4fjNfbW9MnlSM2fOoH9gvEOoyer1G1QSfLkNDd4/xgdCNif/kV3QkHzXom5eKUoSEOFS47l0xj+ZSlP1ZzA26a0MPxoC7wnTQuCbu9m268r7nUhVzPFhyLxtvKa+urSZGgRBWSFh1RrFccEZbgOV4Bhq3ljc6bI=,iv:81lOQWbx049bsGq8E+Q1P2YDjLAkxXxDhPJUqavfXPo=,tag:MP4RB7yvCQzB/W+tusqwOA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.1 diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix index a8d1cdd..2cd439c 100644 --- a/hosts/arrakis/default.nix +++ b/hosts/arrakis/default.nix @@ -216,6 +216,7 @@ secrets = { "nftables/ssh" = {}; + "nix-access-token-github" = {}; "wireguard/arrakis_key" = {}; "wireguard/black-sheep_psk" = {}; "wireguard/ginaz_psk" = {}; diff --git a/hosts/secrets/arrakis.yaml b/hosts/secrets/arrakis.yaml index 60677e1..5a5fee0 100644 --- a/hosts/secrets/arrakis.yaml +++ b/hosts/secrets/arrakis.yaml @@ -1,5 +1,6 @@ nftables: ssh: ENC[AES256_GCM,data:7XB18w9GPsqxT3MOjfxOyYIjgDZoPzWhKTJIGkhcRGXpf68OekCA0Jv3v5g81pxYNHQz5ky1//T5eEEhskBNT1dalScYXMm90CUOlYKHF975SW46p9ht357vUHngxnu4/Dh36Zmn7u4CMxUIeYsVXXVqujCFH+Ypuy7702hwyNJWa/u5Ik8rlsMMtO8aO+31xMf8MaCGVghDzXqXWaV9FJuuH69TJW0tW1Td2QD9yaMkH1kVSRXYi34Zbgcmf6MzGtWkytexjLqejegFUZ/7D6vQrGQIwYkTmtBvqlf0UUOKkZzXRp9e0ScWNnGJKbQSMes1ablDzwcuTzF6HS04Aykf0/CN8k71PxojWdd8HJEEKp1rL2CFW8LB/7CY8MD5zP4JcUilNiyzaFFQU93BRPg+7T6Dhk+qNIYCRaG/xLxzi4SxVSfMhI++/JwhOFatk9hOs3z8d4JgvMgTN0gKZJftt17CJMlAq3iDNvQC8aiIVaGHKoCSDUBBGS4zI75b8AcWRcSUNTixWnCx89KBBzQYTy4h3ZO0n6SsQvKyKdPWcVpnQtRqcToEJcCwvdwZXW3RfuRutmJb19yxIIagKEqWVYvgxIEZ19aV6HLJwUEnP761VsnskTVXbdPIctl4H5Mdg++K919ZVNZ56I0sE3c4TKukVsT+bn84ymoF/BUO+yvszptiCtpoJMLM/MPBbDT+3HB/rdi3gZKi1/MS3uj9cDTQJa6HeXd0PxxRXrBZnMJouUhMdrfVeUdLRpzZbVEcL7BYy3IBWAT5UUsJ+UrkOgK9nySe0NQ27gxSpooOIaxg8QRH0KB5p6hn2cwIHXT6GqbWdxE9T0G3hQmAvab7xpPA0oDRW4jb236vzBvBt7dWlw3QxRZXClaa2f1tYY7e499xQ+KqgC/zaBHJy74dStbc+aVQQwUyy8PqQ3OkaKL4uAsJHbjNmomTtt4OLwWfJvPY1QprfrbyXpFF5hNupi7aiItluKVpTvw+Sou7N1gmcNsbYunVJC6MMN7TGw+YL9kQ6h+5hDnyOt3sa31mZpIU95+PV6vpdxxkT1NC/HskJDPfcnoYnVj7PuyaRij2yRdmL+o6bN1NhEGl6dDuGy3gW5wos03bb9voMlhStuxrvRjUr/db3U1Z1O5winpWyRsDxkZR2EA4MweNbkWSS3FrZkuY1pYJd2RClrUIfuviB9gBXwntkaD06NJlXYlHr989cWuqrxIJ+tjHwThwozQ8knYs+Aa8bIFiw6BoBeOxl2d4QHml+4LmuWxaRSx4RLprgXCvJewqClbxk+4oyW5NqXxtXIHCQawCW+Z8my9j1hfNgM6Ct4L3hH0IRE2wZML3URRlkPI/FpvjitR0IauPl090mQa/kSfAjd0pcdJy37garUh9xIxkwmoyF6i2lmb3KSrK9G0rYmVMYIM2BVFTICr7yEguX/azw8uSLNdjENZ0D8bLvFhjoYrBf2WryqPrvtwh8nH2Q6XBGvPMgO2Aj9x0UgxVoHFrFi1qsoKqJpDrrIGGqYMKDS+m3VorQ3DAoCOMS6A739rOzjxFvi6ZtA03v1W4bDtldmydiMYpBEIA+ZVw0+1NwsSq+vEEIuyhiA05ev8KrexFyixmMvmqS2iGoJ/0MqpYPDnXwbQS66HY+ipn3Ds0RyZdH1cQEgi89p77nb6tjMLBRdsvkoVGwXQqVsmbMbtDsBX8wyzc5GMjG5oY5nO0FQcnudQuA3BBHWFL4Q+eaPGDx27s9sQxKBRaPfMgBBMV63/nmAcSYaqN8S4lVHWrpZvUCxehZ+5rx5tmI0625JODfN0GWK/ef0XRGNBW1I1KZAw3XmhAo+a0jaWTMaQz++JuV0MpVD8/xViOMBQdNHlBoWyUb9ArdkF2gzjOsWW1zeAFT+KPVPFXu/fQ1ZTN4aUnomC2uLpfKBYkQp1qkXx+BNAWFfzEmv6BJbtJaT432S7KnRJTCyQVyATlnMI1hOgkZO+y1OTXguhy4OBbxjmkib3OpUt0yLGI4cb1s8JtA1T4ZDlK6u70+rE1AlYtRAc3OotAhbOv9Uo071Pr8CA6eCzAt4Y/gGcss/AJ7LB0rG4OCXw/N+ic5N9n0YGn3Zp2XRqheLVWrgZiuN7gj+rORS3EpLUb6JnkanXWM5dAY/gWbRd8+iF7cCRCtnkaARp9Uch77SntUdllX+AGIMnRtcAU1cYkEBzKsDLF0PPZQzPXE4z5cRH7rnDSTLixATHS70vwGkBOe7NukiXBVzK7GBCXP1nzJevb7BeeUg9rDcsCxyejoc7YA8+pczMNxl4wjx3H2/x+JhMWrYcZQdhi8Vzaeoz0ulW8xZ6tO4JhLPA/Cb66B0tq9Za6f+uaJOIfqnl0xem6Rif2qUiKkSAZ4rN/2j8pRj9BMXCvKSttvG6hTTaprCe9Jn9rGi84rnIwZmN98C9KyHaTeKPC2NC4ooCsxOZtpeCCXNfFhqDVGL15NhwCravL/8pKf9bFhKW8DOkZRPy7jWtCCfIu0kkuZUkBLfT1lQ6eXKB6P6sC04IgBPV8Euw3woPOgGkJXCfLnxLljgvn70P3VQ==,iv:OnEBPu/havLABMuANjiKMEmhPX2tk/PlyDY0FwvQnsI=,tag:Qny6XbCXMhAr1AjZjr0ucw==,type:str] +nix-access-token-github: ENC[AES256_GCM,data:1kkcaybmrEUrU9lqjKpaEqBBqtmTU9Teh0sEh+7PmAYoJEkyngT48Zzo8zpxN+wHdD9l/XV0iT3tDT/xY0ZMtawdXUI=,iv:8XYmmL0Md3eVLkvW3YkxN3gzGwY6DBvPA2XBdC8ccQ0=,tag:La0H5RJIwV3Ed3jVfqxlog==,type:str] wireguard: arrakis_key: ENC[AES256_GCM,data:jJxltF+jMKMchavpXWKGFmFI3K/Qkgmroc68nUzYL71kKR+WFMPUzDjXW0Y=,iv:RESrP6zChCIMeDn65mu7ULvfeT5QRRX76TdyOAjE/fw=,tag:0QXp38YwTJZS8phv9ObrhQ==,type:str] black-sheep_psk: ENC[AES256_GCM,data:ZBR7CQJLBltt9lTeN16SUte0xt90oVoJfvWrdF8gVAPQgvGIp/t3i5L2+eA=,iv:ilqCFzHhjgxU7FRcj0Ymi/t53NPt8QMJD56azsNQMe4=,tag:i4TIQryxzJpGaM8KGCVXQA==,type:str] @@ -36,8 +37,8 @@ sops: ejRLb2Vkd1B3QmxLSE1wUzgrazZJT0UKz1IQxYm7hagYtBsWTpk+f6/79ArRUgNL MfhHMQAwuuXjBSmuFolyU3UoWnDYK6uGAv5nlTJxESqj5eQBafItSw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-13T09:11:08Z" - mac: ENC[AES256_GCM,data:WT5dVkvOFd8VH0s8INFIR6LBlxRFcTV34clbiYXZDziBXsffqOM6zABBEMM+a5frDtH3GRNVNPtX7mgYqUAtkTmAz/Nfhg1jSKbaA7bKTBJX3uqWn+03hojC0+whaji4nH5St70QY9rOOHzQ0J7prQZKvpBC1iBUJoRkqXnfqpo=,iv:qi1wliYqv1doBRqRj9vA8w3MxLF436qSK17OwqbCkUk=,tag:qiW8uXA8mW5u/lm1aaYuog==,type:str] + lastmodified: "2024-10-14T10:05:40Z" + mac: ENC[AES256_GCM,data:rOTi+Uw3aWQOKJYjaCZk1M7BBryUYyHXzodMVcEm1lAbZw3Np+wl7gg+aVSzZ5nFqStj/Wb65eUrGi5DdjPvoGSzg7REkqFUkvN7ULmQk8Fa9PBz0JzEU2TrxZ2FHflsXKMv71YZPX/VkQ90/vmivSb/edQZEOtf9sSzuT5v4q8=,iv:4mmY1XqiSMh2RVrUNzdn3HzxZo72MY9mnF51/YmhwDA=,tag:5+Z4vCSoI3nRAUzM7hCjZg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 |