Add secrets @caladan

2 files changed, 59 insertions, 44 deletions

diff --git a/hosts/caladan/default.nix b/hosts/caladan/default.nix
index f203d46..84fe060 100644
--- a/hosts/caladan/default.nix
+++ b/hosts/caladan/default.nix
@@ -77,32 +77,32 @@
   ];
 
   networking = {
-  #  defaultGateway = {
-  #    address = "192.168.1.1";
-  #    interface = "wlp15s0";
-  #  };
+    defaultGateway = {
+      address = "192.168.1.1";
+      interface = "wlp15s0";
+    };
     domain = "bitgnome.net";
     hostId = "8981d1e5";
     hostName = "caladan";
-  #  interfaces = {
-  #    wlp15s0 = {
-  #      ipv4.addresses = [
-  #        { address = "192.168.1.3"; prefixLength = 24; }
-  #      ];
-  #    };
-  #  };
-  #  nameservers = [ "192.168.1.1" ];
-  #  nftables.enable = true;
-  #  useDHCP = false;
-  #  wireless = {
-  #    enable = true;
-  #    networks = {
-  #      "Crystal Palace" = {
-  #        pskRaw = "ext:psk_crystal_palace";
-  #      };
-  #    };
-  #    secretsFile = "${config.sops.secrets."wpa_supplicant".path}";
-  #  };
+    interfaces = {
+      wlp15s0 = {
+        ipv4.addresses = [
+          { address = "192.168.1.3"; prefixLength = 24; }
+        ];
+      };
+    };
+    nameservers = [ "192.168.1.1" ];
+    nftables.enable = true;
+    useDHCP = false;
+    wireless = {
+      enable = true;
+      networks = {
+        "Crystal Palace" = {
+          pskRaw = "ext:psk_crystal_palace";
+        };
+      };
+      secretsFile = "${config.sops.secrets."wpa_supplicant".path}";
+    };
   };
 
   nixpkgs = {
@@ -123,28 +123,16 @@
   services.openssh.settings.X11Forwarding = true;
   services.xserver.videoDrivers = [ "amdgpu" ];
 
-  #sops = {
-  #  age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-  #  defaultSopsFile = ../secrets/arrakis.yaml;
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    defaultSopsFile = ../secrets/caladan.yaml;
 
-  #  secrets = {
-  #    "nftables/ssh" = {};
-  #    "nix-access-token-github" = {};
-  #    "ssh_config".path = "/root/.ssh/config";
-  #    "wireguard/arrakis_key" = {};
-  #    "wireguard/black-sheep_psk" = {};
-  #    "wireguard/fangorn_psk" = {};
-  #    "wireguard/ginaz_psk" = {};
-  #    "wireguard/homer_psk" = {};
-  #    "wireguard/lilnasx_psk" = {};
-  #    "wireguard/lolli_psk" = {};
-  #    "wireguard/ramped_psk" = {};
-  #    "wireguard/timetrad_psk" = {};
-  #    "wireguard/treebeard_psk" = {};
-  #    "wireguard/wg1_conf" = {};
-  #    "wpa_supplicant" = {};
-  #  };
-  #};
+    secrets = {
+      "nix-access-token-github" = {};
+      "ssh_config".path = "/root/.ssh/config";
+      "wpa_supplicant" = {};
+    };
+  };
 
   system.stateVersion = "23.11";
 }
diff --git a/hosts/secrets/caladan.yaml b/hosts/secrets/caladan.yaml
new file mode 100644
index 0000000..b806f0a
--- /dev/null
+++ b/hosts/secrets/caladan.yaml
@@ -0,0 +1,27 @@
+nix-access-token-github: ENC[AES256_GCM,data:9+Yal5PsrtrQmpEmYp48dUs8i6U+ZBl2fm3WMz0ElKbFm8HvWaANgpxNoVUChj/GejqRtmJVkUR11m75Gh/Y4RhRa40=,iv:xffltN4QMFPCIUdVBA+ZzZJwMV1aiR+ZalGEUM6zxb4=,tag:nmM4RpKfFonvGgOMVeT9rg==,type:str]
+ssh_config: ENC[AES256_GCM,data:qMDJjyV6RD8ABY1Rf5+4m+MAk6yfHk0zctr7eCJf/aSjZWWUZmGxl1BpwA6LTaCz+K0y7oWm1RGt9zUpmNEgWOI878a3qf///kdfi7ef4X11N1lZx3r3JhYYMnkbesfQumOdcYXJXS4jzPS3d5HcNZ4VtHazYnZFUWgxj6jFIGLEsJ00iWWf1tyFbAKYT1prDwRICtv9PptYv5siiFGtsEwXV3IQqzgnpU4aPCJfkZO3SUiAxzlne3ttz4rk9oIRBzG5kCxnTwHHBO3w2SU6DoBiBv16yThPrHLw0dIXKRWiF8pzGRvIRuJkmNJBfOFrqKnFlykfkyl4k9AB2lCZT6sft7PjyO8FPSzemW0hqTXM7l43VsnGh4lB6d507bHorXvb61cr/vUWbKeuJ8aX/xCB6xdrqWxBWwxQyQurHn9QgFGErIUQPkbdbOIzi4J4jHk8uEiJNGToRLdmm2qISaKe18M/me/VO7Wwih0pCJsh7l1vtYwGUYCiOJPJ7+8qJcSirLzi3wCh4K1JCXLESCVpfDtr+p9v7gXyYznEflSfTNNDtfRONXU8O1/xoC/aaPkY51cAjV/zbIkQM7SX,iv:R70efny9S1uXZ0NT/zMPmQyT5M6dYLGQF/G5bH4L7Oo=,tag:B0BrKfQR0uCHKRJRdrltUg==,type:str]
+wpa_supplicant: ENC[AES256_GCM,data:UtDgnfUMvMyDeYLhOTvLYRj6Wm7uX9rm6Iuxg5o=,iv:lidCvrXwm3gCg7eTCLtOyyooDF+9eZ3bYdmK7cx9NAM=,tag:VpLfKf5onTg087n5ZeuWqA==,type:str]
+sops:
+    age:
+        - recipient: age1rpjhlmc9sf3kcagg2fq4850vcxnvhmrrfggs30jckffjxxr89smsukj0f3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRWR2MUxlYmlXaFpsN2c4
+            dU51ajY0czg5QmtDOU40YnByV0VWbUpzb2xRCnUwK3Zra0NrWWRybC9TNmt3cVVD
+            ejhza3Mvay8zNUlPVUJjSkUxQzAzd00KLS0tIEtqNCsvKzR2eXNIVTRvRWZVT0g4
+            a3NMZC9xYlRlc2RxU1h6Q3VCUi80TkEKSCs6Y4l0McbmNmN1JX/B4xlk3kCpzUxH
+            vXCmtdm6ab6xYjPfRXvci9Z3Pxibi+s4hchiUi9EMRJk1YfXrOzbwg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwdVNLSkNXQUNpeXVMVkhY
+            RHlMOVlSb2xnOFJnUTYwTHg4aVlEb3VDRWdBCkIrSXZGZHdYUVhlTU40Z29ROUd0
+            ZVhCMzAwNVZ6UDVvOWU5RXYyaW9kVFUKLS0tIFZhcG90VzI1TnFEY0Q3ejB6SUJH
+            enMwY2xGMkRBNU1jenp5MWhBY1NmSkEKK8cpEKoyOQLEyA3TUqaRprTxbJH7lhur
+            E2V8leAbO4FLR7Qp3+9ymK1HIO/lcynktLlBHZtJLc+IrmyUguxqeA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-06-03T04:29:07Z"
+    mac: ENC[AES256_GCM,data:xR0AEzqixABtn31SLVLYCh86cqrEXyNRh6f7ATY1LzOtU4vF/ympcnSYDCAWFVwAS8KeeeHhb+ahClBE+KEI9lmjSmGNpZ5FWnKdo1issfKC9Xs83X2+kTHOiVlscpUF1aHI7qctKDsN/XHU6shT8SWZBeOc4jROfhkDXuR/6Wc=,iv:dSPtH8cDcbYwmWj41wufbcuyBp3uV7Ioly7roTT/ZGo=,tag:KIPSev+kZTG55c7YmeRtmw==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2