From 8114c55a664494d71e9dcbf361e3da5e37fb37e7 Mon Sep 17 00:00:00 2001
From: Mark Nipper <nipsy@bitgnome.net>
Date: Sun, 19 May 2024 01:06:10 -0700
Subject: Add sops-nix for home-manager
---
.sops.yaml | 11 +++++++++++
flake.nix | 1 +
home/nipsy/ginaz.nix | 12 ++++++++++++
home/nipsy/secrets/ginaz.yaml | 41 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 65 insertions(+)
create mode 100644 .sops.yaml
create mode 100644 home/nipsy/secrets/ginaz.yaml
diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..ad779b2
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,11 @@
+keys:
+ - &nipsy D99ACFFD86041A016F82A3E2CA8B237AD460D97D
+ - &ginaz age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh
+
+creation_rules:
+ - path_regex: home/nipsy/secrets/ginaz.yaml$
+ key_groups:
+ - age:
+ - *ginaz
+ pgp:
+ - *nipsy
diff --git a/flake.nix b/flake.nix
index 9ba73b5..e828c7a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -51,6 +51,7 @@
modules = [
./hosts/ginaz
home-manager-unstable.nixosModules.home-manager {
+ home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ];
home-manager.users.root = import ./home/root/ginaz.nix;
home-manager.users.nipsy = import ./home/nipsy/ginaz.nix;
}
diff --git a/home/nipsy/ginaz.nix b/home/nipsy/ginaz.nix
index 746e846..e3f862d 100644
--- a/home/nipsy/ginaz.nix
+++ b/home/nipsy/ginaz.nix
@@ -5,5 +5,17 @@
common/optional/desktops
common/optional/desktops
common/optional/desktops/services/xscreensaver.nix
+ #inputs.sops-nix.homeManagerModules.sops
];
+
+ sops = {
+ age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+ defaultSopsFile = ./secrets/ginaz.yaml;
+
+ secrets = {
+ "ssh_config" = {
+ path = "/home/nipsy/.ssh/config";
+ };
+ };
+ };
}
diff --git a/home/nipsy/secrets/ginaz.yaml b/home/nipsy/secrets/ginaz.yaml
new file mode 100644
index 0000000..065f33b
--- /dev/null
+++ b/home/nipsy/secrets/ginaz.yaml
@@ -0,0 +1,41 @@
+ssh_config: ENC[AES256_GCM,data:CIaU/cbzPMR/pTQMYcHLtsbwQ9AjK+FxnbJi/Su3ZawwZC+okNOLbBO0gDU4v2vyXQVU6PSSCbNl5yNdgzlwlg9XjgtKlpZYtlHvZeNBOvCvZqFghYco71G2H6/9KQ4CeoXEpkWBybaL2SpqExi8uKllVv77VvWhggkJwxREjyw8IFKvzqmxg9hCAUbWMXY8M/Hj7uBtJivFCA77Wui2Bu1c6uMbmL1shauYXKy+6umc2LLcayrgmOkjAegpwcnEV9VTY6r29fLQiSbbtAS6vHq+qh6d/hw8U8uLD/qfA56TyYStkCPQVCeny47vINi/OhPzBth/9ejusHr/cIxolK6EVyROXY5OJIdFX+7P7wHxnKOfMLuOMnxK/6XYtBl20E2vWuadR7vIzdngzn8KW6s8p7vr97762S9Hq9TIyi/gP4+iw0gRgqcRVC0rKgexioNqlriK2JoND2LKdos3juNAzcoBlypwjDtzI4atPFKUg0c7ZN5BeoXLKyZKyFgdXzC5VrVT/F7iGY5+gRspArestRF2rH4A6O9G1w2q16CIK9fQURmkjtdP0LEE/BYeF3WXa4PKTVs7aZykX29nOEFwcKoYKTjkuuHiR9drn/wCVeA6IHjf2MHUM3b0LeNWEtK9MPc7p6RIdA5BVwP2TUNx/n5JalwJ7oMufR6gUz1+aj9zSapClcbNqy+ewH9OsaN2iuZjK1LsyQSTbuz/IilDccBRdduIQ4yho0WVd/qfMFd/Q6ErPFH0+YxCZkNrDng08igtYqylR2Qeo9nnytScUBGz1EURXazxGrNWiwUR46ZWwyVtyNa6Yyun2cEn6ifhgPSCfXlPMT4EkclvX6VfFYtSenhLe3hshjdHZ1C8UDbFJb03Jiifl3zgz5u82cElDS692JIEcpLG3L5TPjTiQ5CESwYqWin6omqxYgYQU+BL/Tur1+Uc5REYUig2IJQ7OIvTX2xawHW9HAvRleNLEQHb+y8v5B9m9ibREuAVlEo1xhoCpIrsPXpVVe2UVN3XonnX3MXApO6l7ht2BRH1Ss1vyryxWUlp4FnEmOxrL7R+s0Tr0YZDwXRaxoHUvZApfx1hFRgrWWbxpl8liNfD3KRNY+MmFRJRegSxC8s50JimzpDy8ZE98JnwoFd7B3mrABAmrAPLcxDBANl+0OC8rMS2vFIjILAgfZPE8URpaUQbRtzV1m6kU6Un7xC9gOwMNEprELVMUZ+qqEX34BTJjqvX2JiaWkFbGWNHvmCOBiGMc3hs8n6dvG9CFGHY7xu3Mn0ZB5im/QigbnbYGu54TryUwL80V8wEWVe5+7DYg1MCY1c/ABpiMITYBtgM1VmRR0/Tjth956CryDGcVKvL7oP2cRAksahYbkeMt6U83XYHkfcSNFFUTI+KpfTNloB0BsLN7yoooQWyK91M7eLsC58hILiqesIC6fiq7Cwe5whWkxH3DgG6Uzd8a8wspQsdWAO1YwWz4T3bzbsoId6KtuIJZh8F5O6pMprqjMIAsS12tYTqZjkTi4C9Yv80qXXE1v3up0f57BGkMFIXkdInMgzny2lrXU14CJ4z1AuIt0/wFo7v11iMrwPmfTLrFHSn5YWxaZNTbXnWvhSQJlMtMKZ6I2CC0KFbdV/0kStMnt/dNT31+WxbtUEPFA==,iv:p0FWdIjopnt8GjAOFIsNgld/ZgS2BwjYVFdl0xWVYUM=,tag:Blqm/i/CvyrrSKbWjLWR8w==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCYVZCK05STDZxekRsWmt3
+ TDNYNENmQVRVUmw4VkJ5d3Vka1pFQXZtQmpZCkk1M0VIeW9kRUFCRlN2UGxWVGNs
+ Vk1NQnRtbGE5b0hZdS90UndnNEJqaWsKLS0tIDB3WVkzWC9WM0RTWVNDUjZuQXAr
+ NFN6NFdIMFV6eDh5VVNIMTNSU2RCcGcKI9Gzruyyc+UIeegc38ZroPH4OTlJDXyw
+ nw8D69LxMbSp5PqJny0h9gPW5xWnLrlKpv6HbhPZbcLFdN135ZHMwQ==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2024-05-16T09:15:27Z"
+ mac: ENC[AES256_GCM,data:lNGrL2+O3UADFElmjIZ9cg/lQ85PyGbmAooHGhAnIaoJ0+zEP77cUaGduqn1qRm8xixCowdTbhK8lVwbO+pHuf8nESJVSTaOUuMQSpXrBecCXpnGe127miHWRsGSLG9+9WTX1vb7Sy9YMgEhDB0ni1xQpQkGdN8hIdDrNtYDd+Q=,iv:OYD6G+TuW6TpNVVf6R0fzjwDMV+zIbN1C/awdz9lWos=,tag:pzDZ02QkYQK/f2chvth61A==,type:str]
+ pgp:
+ - created_at: "2024-05-16T09:15:01Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2trMau7CRZmAQ//Z5GZzsnSDrHluCBagtTqb6NMabr14lzXRq0o+qzOMllS
+ aE4wbjbsAP/HnpH031xXw8B4LmBWvvF5m4o4QHIPMtOZk/P9cv+hKse9ij2xeqYy
+ y1BAx1yFuQ4TNXL3plHUJAGbdTyGypgvGRjENnPw4UQwVyXrR/tLd77XB0YsC6uI
+ dqSbpQN8mLweT7WHgsf4oy3FzaFPvv29Nb9qdgTdxl82cgjENq0iK3uw0jB3e3Ye
+ vtKfntamf/8+CcUb0N5FSw7vdpSZYeZtcS6QyC9oZRvDDOx60GGy0o721oXhNNxy
+ /naAWvbJU7LZnldsmDnuPe5uOPcsTuzPnM43j7ODy8+DGSKCEUXumfYyrxTVrdcb
+ 3dpjKz+zR/JO8VIGodV02CLAO5V7AhShKV2gyXUK1Fm5AMw9XMCnu1fkm5gR9qGC
+ FRCFfl2gAz8LIGDpwOwfrWQ4rL0aLLwwT6v137ROBEQ8y8caVNSTrrv+b/e4hDXn
+ KwmI2ZMR5K46FHeAmQRpJ3dPhTVRjptM2D2Qx4UI+N9w+VybmuxWjT9mfjVNyXiV
+ beeEfCD31rH6PBC9ecMzzRhhBlSkisAYlLLpXTe70e8Zr0QZ3sFGRSh1E0boKJM3
+ rpV3W28wEUzB4LqODUc9XHKBXRFxmqzWUpNw4N8rgHUxRxu7sw38EwvVP+1I6XjS
+ XgEEwW3v6132R+lDFsnqAmmh/WxvIcBhor55XFRsSH+Q5x4izc0UkZ7GBG+DoMfG
+ sczfIg/5a27yZeWANiRehxY3SVNkLZsxDwuXuKM3cZwO0opWSyYOo35FG33m0vs=
+ =eQOb
+ -----END PGP MESSAGE-----
+ fp: D99ACFFD86041A016F82A3E2CA8B237AD460D97D
+ unencrypted_suffix: _unencrypted
+ version: 3.8.1
--
cgit v1.2.3