diff options
| author | Mark Nipper <nipsy@bitgnome.net> | 2025-03-18 13:45:13 -0700 |
|---|---|---|
| committer | Mark Nipper <nipsy@bitgnome.net> | 2025-03-18 13:45:13 -0700 |
| commit | 6834f745e7b522cbd7c5ab9e196c3e297de38583 (patch) | |
| tree | b1561c3d4f8c24e6c633233eaa96ce78b9e88766 | |
| parent | 94ddfd568e263e787f2ead03e2bcd8998fef5e51 (diff) | |
| download | nix-6834f745e7b522cbd7c5ab9e196c3e297de38583.tar nix-6834f745e7b522cbd7c5ab9e196c3e297de38583.tar.gz nix-6834f745e7b522cbd7c5ab9e196c3e297de38583.tar.bz2 nix-6834f745e7b522cbd7c5ab9e196c3e297de38583.tar.lz nix-6834f745e7b522cbd7c5ab9e196c3e297de38583.tar.xz nix-6834f745e7b522cbd7c5ab9e196c3e297de38583.tar.zst nix-6834f745e7b522cbd7c5ab9e196c3e297de38583.zip | |
Migrate away from SOPS under home manager for root@arrakis
| -rw-r--r-- | .sops.yaml | 5 | ||||
| -rw-r--r-- | home/root/arrakis.nix | 11 | ||||
| -rw-r--r-- | home/root/secrets/arrakis.yaml | 30 | ||||
| -rw-r--r-- | hosts/arrakis/default.nix | 1 | ||||
| -rw-r--r-- | hosts/secrets/arrakis.yaml | 7 |
5 files changed, 5 insertions, 49 deletions
@@ -30,11 +30,6 @@ creation_rules: key_groups: - age: - *nipsy - - path_regex: ^home/root/secrets/arrakis.yaml$ - key_groups: - - age: - - *arrakis - - *nipsy - path_regex: ^hosts/secrets/arrakis.yaml$ key_groups: - age: diff --git a/home/root/arrakis.nix b/home/root/arrakis.nix index 47c9552..d9d9162 100644 --- a/home/root/arrakis.nix +++ b/home/root/arrakis.nix @@ -87,15 +87,4 @@ nix.extraOptions = '' !include /run/secrets/nix-access-token-github ''; - - sops = { - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - defaultSopsFile = ./secrets/arrakis.yaml; - - secrets = { - "ssh_config" = { - path = "/root/.ssh/config"; - }; - }; - }; } diff --git a/home/root/secrets/arrakis.yaml b/home/root/secrets/arrakis.yaml deleted file mode 100644 index 334deda..0000000 --- a/home/root/secrets/arrakis.yaml +++ /dev/null @@ -1,30 +0,0 @@ -ssh_config: ENC[AES256_GCM,data:0fJ/mNzw0w4vMvpsae+2DrCGfpXSPZgbzehRURg+HewXLsj1Ir03d3o10qoxQxUGIn4NlFN7DCHSyifjdqdqYnLebTgDrZJI4/3Hv0SnIcaDNEQb30iNHlH95911RB5uPi3eCkHmOZSjS7Td21dPAhr026ntRR1TDb8MXC2L2K453qamUiE9M74WP0BTvXLucjNmvwdgUaw8ChXjiwCOG7DSar3upjv9FDuPproLGIFAfi6dl7PFBzNvhJmfoiRgkf8OUNCV61pysXi1uFl/bewPT/D5zBPL8OR/IKLm23MGbFSWuCX26ArvlbwDxtMQM7lXTw+o5muH3OWGHxUj7e8MV19fjqGY8Sx9jXZ9g/d+8ica8kQy2HyNQuGnT0jf3V49Dw6wrdUGvqtLFgbaCdKKssJjARrE8Knzg/8eDJvQhAwTKGlJLXmK9LOBCfmJZEZTTLpx50WHjy4Y0HkpMQjfdPJhRLYI58b0emvqWOt+FQOnBHNqtZV8ii3P7/3o0GtQMi6bBKGVZxzvS3zoeH9llAL3Ia1UnC3qz9xy6rT5DK6w68/LBRkI32VYxBfn0seIAwhwvrRbHt/kgXHR,iv:kKJHSQxvWxMRIo5xm2xEuoz9Pmj2UkZRUq5cRFhi2oE=,tag:rQLxqDgIXjl0NcqXylnfkg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVDdSd3VwZ1Q5ay9tbGZJ - c1R2ck5MSjNDemVxZ09ZT3QxeW13ZnJWdm5zCngyQTIxOWwyMG00VFlGYmtzS0w5 - MC95S3dHVEFWQUxkb1cxeFFTamxWeUEKLS0tIEx4Z1E5NWlLLyt0MVo1WDFZekZn - TCtXUkFuS0d4Q0VmczlrM0RkaVVNVUUKz8Oh6Ob2KWH2Gn0sNSdBmIbvVyA3PsxZ - /16ZwBAbe3DnPEIe7K94V3fTUoAmQw249xiOJKPAJjo/DfohqM5x3Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsK3R3YldHdmZJYUVkV1RD - Z2dxVmZVUnlab0FHQU9XOEZQeS90WGxTM1hjCjhGVmRLblhMUG40ZmZSWHhLMkFp - MzVMbW9CRjA0REd2bXI2T040RXJJaVUKLS0tIHlqZCtrSk96WFB0MUhTUFNCdUZh - Z3FXd0I3N3dsT0xRMnpvZEhsNUllQXMKP1r2fp4sNcV0UNBDJboyFSGxfTIFl7TH - bB/9+R9jcRjTNqphJNYygqtmLDp8ZNUMmveF9RK3Q7D3GTDn4Ghxzg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-18T20:00:40Z" - mac: ENC[AES256_GCM,data:vtlITboaRa+1Y3YehJmxtcjSHU3sr5tgOUMQFaqKdel2O1XwHP2R66pPdXa5BIuGHSO4DJOMniIaE7BLsbwQETWELfhM3QORP1S12p+GWdf2tli50bMdlmNtHYBS5dUXEQpaA/csojYCpTvSbMFlZglGBUgNdgtjN+ivu7Q+oTE=,iv:v4skQ5lMKKtLeltwiPsmCYH0F8E2y5HlXio23aXugQs=,tag:i0eWvwG0J5fv0r+6e0zsvw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.4 diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix index 3230968..7385eaf 100644 --- a/hosts/arrakis/default.nix +++ b/hosts/arrakis/default.nix @@ -240,6 +240,7 @@ secrets = { "nftables/ssh" = {}; "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; "wireguard/arrakis_key" = {}; "wireguard/black-sheep_psk" = {}; "wireguard/ginaz_psk" = {}; diff --git a/hosts/secrets/arrakis.yaml b/hosts/secrets/arrakis.yaml index 6ec5283..5261c80 100644 --- a/hosts/secrets/arrakis.yaml +++ b/hosts/secrets/arrakis.yaml @@ -1,6 +1,7 @@ nftables: ssh: ENC[AES256_GCM,data:7XB18w9GPsqxT3MOjfxOyYIjgDZoPzWhKTJIGkhcRGXpf68OekCA0Jv3v5g81pxYNHQz5ky1//T5eEEhskBNT1dalScYXMm90CUOlYKHF975SW46p9ht357vUHngxnu4/Dh36Zmn7u4CMxUIeYsVXXVqujCFH+Ypuy7702hwyNJWa/u5Ik8rlsMMtO8aO+31xMf8MaCGVghDzXqXWaV9FJuuH69TJW0tW1Td2QD9yaMkH1kVSRXYi34Zbgcmf6MzGtWkytexjLqejegFUZ/7D6vQrGQIwYkTmtBvqlf0UUOKkZzXRp9e0ScWNnGJKbQSMes1ablDzwcuTzF6HS04Aykf0/CN8k71PxojWdd8HJEEKp1rL2CFW8LB/7CY8MD5zP4JcUilNiyzaFFQU93BRPg+7T6Dhk+qNIYCRaG/xLxzi4SxVSfMhI++/JwhOFatk9hOs3z8d4JgvMgTN0gKZJftt17CJMlAq3iDNvQC8aiIVaGHKoCSDUBBGS4zI75b8AcWRcSUNTixWnCx89KBBzQYTy4h3ZO0n6SsQvKyKdPWcVpnQtRqcToEJcCwvdwZXW3RfuRutmJb19yxIIagKEqWVYvgxIEZ19aV6HLJwUEnP761VsnskTVXbdPIctl4H5Mdg++K919ZVNZ56I0sE3c4TKukVsT+bn84ymoF/BUO+yvszptiCtpoJMLM/MPBbDT+3HB/rdi3gZKi1/MS3uj9cDTQJa6HeXd0PxxRXrBZnMJouUhMdrfVeUdLRpzZbVEcL7BYy3IBWAT5UUsJ+UrkOgK9nySe0NQ27gxSpooOIaxg8QRH0KB5p6hn2cwIHXT6GqbWdxE9T0G3hQmAvab7xpPA0oDRW4jb236vzBvBt7dWlw3QxRZXClaa2f1tYY7e499xQ+KqgC/zaBHJy74dStbc+aVQQwUyy8PqQ3OkaKL4uAsJHbjNmomTtt4OLwWfJvPY1QprfrbyXpFF5hNupi7aiItluKVpTvw+Sou7N1gmcNsbYunVJC6MMN7TGw+YL9kQ6h+5hDnyOt3sa31mZpIU95+PV6vpdxxkT1NC/HskJDPfcnoYnVj7PuyaRij2yRdmL+o6bN1NhEGl6dDuGy3gW5wos03bb9voMlhStuxrvRjUr/db3U1Z1O5winpWyRsDxkZR2EA4MweNbkWSS3FrZkuY1pYJd2RClrUIfuviB9gBXwntkaD06NJlXYlHr989cWuqrxIJ+tjHwThwozQ8knYs+Aa8bIFiw6BoBeOxl2d4QHml+4LmuWxaRSx4RLprgXCvJewqClbxk+4oyW5NqXxtXIHCQawCW+Z8my9j1hfNgM6Ct4L3hH0IRE2wZML3URRlkPI/FpvjitR0IauPl090mQa/kSfAjd0pcdJy37garUh9xIxkwmoyF6i2lmb3KSrK9G0rYmVMYIM2BVFTICr7yEguX/azw8uSLNdjENZ0D8bLvFhjoYrBf2WryqPrvtwh8nH2Q6XBGvPMgO2Aj9x0UgxVoHFrFi1qsoKqJpDrrIGGqYMKDS+m3VorQ3DAoCOMS6A739rOzjxFvi6ZtA03v1W4bDtldmydiMYpBEIA+ZVw0+1NwsSq+vEEIuyhiA05ev8KrexFyixmMvmqS2iGoJ/0MqpYPDnXwbQS66HY+ipn3Ds0RyZdH1cQEgi89p77nb6tjMLBRdsvkoVGwXQqVsmbMbtDsBX8wyzc5GMjG5oY5nO0FQcnudQuA3BBHWFL4Q+eaPGDx27s9sQxKBRaPfMgBBMV63/nmAcSYaqN8S4lVHWrpZvUCxehZ+5rx5tmI0625JODfN0GWK/ef0XRGNBW1I1KZAw3XmhAo+a0jaWTMaQz++JuV0MpVD8/xViOMBQdNHlBoWyUb9ArdkF2gzjOsWW1zeAFT+KPVPFXu/fQ1ZTN4aUnomC2uLpfKBYkQp1qkXx+BNAWFfzEmv6BJbtJaT432S7KnRJTCyQVyATlnMI1hOgkZO+y1OTXguhy4OBbxjmkib3OpUt0yLGI4cb1s8JtA1T4ZDlK6u70+rE1AlYtRAc3OotAhbOv9Uo071Pr8CA6eCzAt4Y/gGcss/AJ7LB0rG4OCXw/N+ic5N9n0YGn3Zp2XRqheLVWrgZiuN7gj+rORS3EpLUb6JnkanXWM5dAY/gWbRd8+iF7cCRCtnkaARp9Uch77SntUdllX+AGIMnRtcAU1cYkEBzKsDLF0PPZQzPXE4z5cRH7rnDSTLixATHS70vwGkBOe7NukiXBVzK7GBCXP1nzJevb7BeeUg9rDcsCxyejoc7YA8+pczMNxl4wjx3H2/x+JhMWrYcZQdhi8Vzaeoz0ulW8xZ6tO4JhLPA/Cb66B0tq9Za6f+uaJOIfqnl0xem6Rif2qUiKkSAZ4rN/2j8pRj9BMXCvKSttvG6hTTaprCe9Jn9rGi84rnIwZmN98C9KyHaTeKPC2NC4ooCsxOZtpeCCXNfFhqDVGL15NhwCravL/8pKf9bFhKW8DOkZRPy7jWtCCfIu0kkuZUkBLfT1lQ6eXKB6P6sC04IgBPV8Euw3woPOgGkJXCfLnxLljgvn70P3VQ==,iv:OnEBPu/havLABMuANjiKMEmhPX2tk/PlyDY0FwvQnsI=,tag:Qny6XbCXMhAr1AjZjr0ucw==,type:str] nix-access-token-github: ENC[AES256_GCM,data:1kkcaybmrEUrU9lqjKpaEqBBqtmTU9Teh0sEh+7PmAYoJEkyngT48Zzo8zpxN+wHdD9l/XV0iT3tDT/xY0ZMtawdXUI=,iv:8XYmmL0Md3eVLkvW3YkxN3gzGwY6DBvPA2XBdC8ccQ0=,tag:La0H5RJIwV3Ed3jVfqxlog==,type:str] +ssh_config: ENC[AES256_GCM,data:OjZ79joE5H4vcPpgC8o7u65Z96kpc36k+wA76/+aedb1O0oAEZFa/4imtJl88bB9LwvGMitqcvr0WOZ7nakY2y9kEKoVyEYQfkM61h7U8SazZsgHcuuR7JQ03TqUTYw66H/7qvHOcOftHTlp09HKvePuUOS22sPjU20JsV43TdrVcSICSLe8FgLMbojiWzM3uepKN1/7XBQWm1ntkhG7OTRJOvtsCsoE+lJX1Q0xN1NgwjvQotEpjC16m82f4wfq1Kv2RKyafJxTQRjhlxy4TtIYJ6UEM3aBL666+lGKuT6gbqFInVprIhqj/FAKKWmKrw9mqm3LCOQVcNJS4byfUfozMyBMzIlhusMHuqp6x0lR0y3Cfg3EvOWIGdrcu8uwQt2XkqrfFD3/jDfL+bf4CNZD2wHT9mdQXJyhzbTo2V8P3I9VifB0bLAvb8XFb16bcjyO2L7+eb5UA0c1fBKsF6Rol8p5SKwWu2y21B/gVlNOb5YYQn2fDLgTjg0DFQs2dW7uYlfVc4PS37KNQaxXT7qd3COCnuJ5/OVvWZK4hDAs8dEnYgD/bixdl8k8QiB5F2P7sTXFrfGsxaXaUGeG,iv:FQLz3J/+o4TeWsq7dF358DErIMbF9Fq2bJaz5vEwpdI=,tag:PDvywy9MasIrDAyrC3Ge8A==,type:str] wireguard: arrakis_key: ENC[AES256_GCM,data:jJxltF+jMKMchavpXWKGFmFI3K/Qkgmroc68nUzYL71kKR+WFMPUzDjXW0Y=,iv:RESrP6zChCIMeDn65mu7ULvfeT5QRRX76TdyOAjE/fw=,tag:0QXp38YwTJZS8phv9ObrhQ==,type:str] black-sheep_psk: ENC[AES256_GCM,data:ZBR7CQJLBltt9lTeN16SUte0xt90oVoJfvWrdF8gVAPQgvGIp/t3i5L2+eA=,iv:ilqCFzHhjgxU7FRcj0Ymi/t53NPt8QMJD56azsNQMe4=,tag:i4TIQryxzJpGaM8KGCVXQA==,type:str] @@ -37,8 +38,8 @@ sops: ejRLb2Vkd1B3QmxLSE1wUzgrazZJT0UKz1IQxYm7hagYtBsWTpk+f6/79ArRUgNL MfhHMQAwuuXjBSmuFolyU3UoWnDYK6uGAv5nlTJxESqj5eQBafItSw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-23T22:22:25Z" - mac: ENC[AES256_GCM,data:2f0EwhcP70EDiEqsY8FmIZ3AfjazmdNYCGmz3f0D4EwNx0BxmnVMosWeLrZYrIucNlhqD7xCWhHxJAGM7P6m255sVXFipU0tkk0ZANsUXBc0qQUmH17YfH34kBoKnUUlDHHK0/Ep7ByBiCkzZACmxliZYRX4uvnsDf4hWTYUW6I=,iv:v8phL5vDHGEweS9NAAygiUNDHpXgx0vQkdwzfEn8eTY=,tag:MFdjpQN3PytxmtV4qCrsGQ==,type:str] + lastmodified: "2025-03-18T20:40:33Z" + mac: ENC[AES256_GCM,data:QTqow9+HbTDkMAfsVsiTIyac9xEU7kb+2z1u2oagUauCvtnCphCF0O+NzPwmOcFxhGn28AZ+K9EeKC5XGKcRI/bYY7wLhaz4DZVhYqTu2JSJ+2XweJOEA7JjgGa2rSEi8KTEe2adCHvf1zwyq1nmyFroJCqT5azvp91o11XwVZA=,iv:/WBKPz2TMw1S7+OVRpA5dPHNr7x18oi0NWXh3RcWOvM=,tag:bdfp9WF8X8FXFXjjaYpdKg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.4 |