From 270ae591f573e470f951ab1dd1ae70bcbee9334b Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Wed, 29 May 2024 00:30:30 -0700 Subject: Add sops-nix for darkstar --- .sops.yaml | 7 ++++++- hosts/darkstar/default.nix | 9 +++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.sops.yaml b/.sops.yaml index 99731a8..affb283 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -19,7 +19,12 @@ keys: - &nipsy age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va creation_rules: - - path_regex: home/nipsy/secrets/ginaz.yaml$ + - path_regex: ^home/nipsy/secrets/ginaz.yaml$ key_groups: - age: - *nipsy + - path_regex: ^hosts/secrets/darkstar.yaml$ + key_groups: + - age: + - *darkstar + - *nipsy diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index e175588..5a08440 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -86,5 +86,14 @@ #}; }; + sops ={ + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/darkstar.yaml; + + secrets = { + "kea-dhcp4.conf" = {}; + }; + }; + system.stateVersion = "23.11"; } -- cgit v1.2.3