From 8114c55a664494d71e9dcbf361e3da5e37fb37e7 Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Sun, 19 May 2024 01:06:10 -0700 Subject: Add sops-nix for home-manager --- .sops.yaml | 11 +++++++++++ flake.nix | 1 + home/nipsy/ginaz.nix | 12 ++++++++++++ home/nipsy/secrets/ginaz.yaml | 41 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 65 insertions(+) create mode 100644 .sops.yaml create mode 100644 home/nipsy/secrets/ginaz.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..ad779b2 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,11 @@ +keys: + - &nipsy D99ACFFD86041A016F82A3E2CA8B237AD460D97D + - &ginaz age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh + +creation_rules: + - path_regex: home/nipsy/secrets/ginaz.yaml$ + key_groups: + - age: + - *ginaz + pgp: + - *nipsy diff --git a/flake.nix b/flake.nix index 9ba73b5..e828c7a 100644 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,7 @@ modules = [ ./hosts/ginaz home-manager-unstable.nixosModules.home-manager { + home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ]; home-manager.users.root = import ./home/root/ginaz.nix; home-manager.users.nipsy = import ./home/nipsy/ginaz.nix; } diff --git a/home/nipsy/ginaz.nix b/home/nipsy/ginaz.nix index 746e846..e3f862d 100644 --- a/home/nipsy/ginaz.nix +++ b/home/nipsy/ginaz.nix @@ -5,5 +5,17 @@ common/optional/desktops common/optional/desktops common/optional/desktops/services/xscreensaver.nix + #inputs.sops-nix.homeManagerModules.sops ]; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ./secrets/ginaz.yaml; + + secrets = { + "ssh_config" = { + path = "/home/nipsy/.ssh/config"; + }; + }; + }; } diff --git a/home/nipsy/secrets/ginaz.yaml b/home/nipsy/secrets/ginaz.yaml new file mode 100644 index 0000000..065f33b --- /dev/null +++ b/home/nipsy/secrets/ginaz.yaml @@ -0,0 +1,41 @@ +ssh_config: ENC[AES256_GCM,data:CIaU/cbzPMR/pTQMYcHLtsbwQ9AjK+FxnbJi/Su3ZawwZC+okNOLbBO0gDU4v2vyXQVU6PSSCbNl5yNdgzlwlg9XjgtKlpZYtlHvZeNBOvCvZqFghYco71G2H6/9KQ4CeoXEpkWBybaL2SpqExi8uKllVv77VvWhggkJwxREjyw8IFKvzqmxg9hCAUbWMXY8M/Hj7uBtJivFCA77Wui2Bu1c6uMbmL1shauYXKy+6umc2LLcayrgmOkjAegpwcnEV9VTY6r29fLQiSbbtAS6vHq+qh6d/hw8U8uLD/qfA56TyYStkCPQVCeny47vINi/OhPzBth/9ejusHr/cIxolK6EVyROXY5OJIdFX+7P7wHxnKOfMLuOMnxK/6XYtBl20E2vWuadR7vIzdngzn8KW6s8p7vr97762S9Hq9TIyi/gP4+iw0gRgqcRVC0rKgexioNqlriK2JoND2LKdos3juNAzcoBlypwjDtzI4atPFKUg0c7ZN5BeoXLKyZKyFgdXzC5VrVT/F7iGY5+gRspArestRF2rH4A6O9G1w2q16CIK9fQURmkjtdP0LEE/BYeF3WXa4PKTVs7aZykX29nOEFwcKoYKTjkuuHiR9drn/wCVeA6IHjf2MHUM3b0LeNWEtK9MPc7p6RIdA5BVwP2TUNx/n5JalwJ7oMufR6gUz1+aj9zSapClcbNqy+ewH9OsaN2iuZjK1LsyQSTbuz/IilDccBRdduIQ4yho0WVd/qfMFd/Q6ErPFH0+YxCZkNrDng08igtYqylR2Qeo9nnytScUBGz1EURXazxGrNWiwUR46ZWwyVtyNa6Yyun2cEn6ifhgPSCfXlPMT4EkclvX6VfFYtSenhLe3hshjdHZ1C8UDbFJb03Jiifl3zgz5u82cElDS692JIEcpLG3L5TPjTiQ5CESwYqWin6omqxYgYQU+BL/Tur1+Uc5REYUig2IJQ7OIvTX2xawHW9HAvRleNLEQHb+y8v5B9m9ibREuAVlEo1xhoCpIrsPXpVVe2UVN3XonnX3MXApO6l7ht2BRH1Ss1vyryxWUlp4FnEmOxrL7R+s0Tr0YZDwXRaxoHUvZApfx1hFRgrWWbxpl8liNfD3KRNY+MmFRJRegSxC8s50JimzpDy8ZE98JnwoFd7B3mrABAmrAPLcxDBANl+0OC8rMS2vFIjILAgfZPE8URpaUQbRtzV1m6kU6Un7xC9gOwMNEprELVMUZ+qqEX34BTJjqvX2JiaWkFbGWNHvmCOBiGMc3hs8n6dvG9CFGHY7xu3Mn0ZB5im/QigbnbYGu54TryUwL80V8wEWVe5+7DYg1MCY1c/ABpiMITYBtgM1VmRR0/Tjth956CryDGcVKvL7oP2cRAksahYbkeMt6U83XYHkfcSNFFUTI+KpfTNloB0BsLN7yoooQWyK91M7eLsC58hILiqesIC6fiq7Cwe5whWkxH3DgG6Uzd8a8wspQsdWAO1YwWz4T3bzbsoId6KtuIJZh8F5O6pMprqjMIAsS12tYTqZjkTi4C9Yv80qXXE1v3up0f57BGkMFIXkdInMgzny2lrXU14CJ4z1AuIt0/wFo7v11iMrwPmfTLrFHSn5YWxaZNTbXnWvhSQJlMtMKZ6I2CC0KFbdV/0kStMnt/dNT31+WxbtUEPFA==,iv:p0FWdIjopnt8GjAOFIsNgld/ZgS2BwjYVFdl0xWVYUM=,tag:Blqm/i/CvyrrSKbWjLWR8w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCYVZCK05STDZxekRsWmt3 + TDNYNENmQVRVUmw4VkJ5d3Vka1pFQXZtQmpZCkk1M0VIeW9kRUFCRlN2UGxWVGNs + Vk1NQnRtbGE5b0hZdS90UndnNEJqaWsKLS0tIDB3WVkzWC9WM0RTWVNDUjZuQXAr + NFN6NFdIMFV6eDh5VVNIMTNSU2RCcGcKI9Gzruyyc+UIeegc38ZroPH4OTlJDXyw + nw8D69LxMbSp5PqJny0h9gPW5xWnLrlKpv6HbhPZbcLFdN135ZHMwQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-16T09:15:27Z" + mac: ENC[AES256_GCM,data:lNGrL2+O3UADFElmjIZ9cg/lQ85PyGbmAooHGhAnIaoJ0+zEP77cUaGduqn1qRm8xixCowdTbhK8lVwbO+pHuf8nESJVSTaOUuMQSpXrBecCXpnGe127miHWRsGSLG9+9WTX1vb7Sy9YMgEhDB0ni1xQpQkGdN8hIdDrNtYDd+Q=,iv:OYD6G+TuW6TpNVVf6R0fzjwDMV+zIbN1C/awdz9lWos=,tag:pzDZ02QkYQK/f2chvth61A==,type:str] + pgp: + - created_at: "2024-05-16T09:15:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2trMau7CRZmAQ//Z5GZzsnSDrHluCBagtTqb6NMabr14lzXRq0o+qzOMllS + aE4wbjbsAP/HnpH031xXw8B4LmBWvvF5m4o4QHIPMtOZk/P9cv+hKse9ij2xeqYy + y1BAx1yFuQ4TNXL3plHUJAGbdTyGypgvGRjENnPw4UQwVyXrR/tLd77XB0YsC6uI + dqSbpQN8mLweT7WHgsf4oy3FzaFPvv29Nb9qdgTdxl82cgjENq0iK3uw0jB3e3Ye + vtKfntamf/8+CcUb0N5FSw7vdpSZYeZtcS6QyC9oZRvDDOx60GGy0o721oXhNNxy + /naAWvbJU7LZnldsmDnuPe5uOPcsTuzPnM43j7ODy8+DGSKCEUXumfYyrxTVrdcb + 3dpjKz+zR/JO8VIGodV02CLAO5V7AhShKV2gyXUK1Fm5AMw9XMCnu1fkm5gR9qGC + FRCFfl2gAz8LIGDpwOwfrWQ4rL0aLLwwT6v137ROBEQ8y8caVNSTrrv+b/e4hDXn + KwmI2ZMR5K46FHeAmQRpJ3dPhTVRjptM2D2Qx4UI+N9w+VybmuxWjT9mfjVNyXiV + beeEfCD31rH6PBC9ecMzzRhhBlSkisAYlLLpXTe70e8Zr0QZ3sFGRSh1E0boKJM3 + rpV3W28wEUzB4LqODUc9XHKBXRFxmqzWUpNw4N8rgHUxRxu7sw38EwvVP+1I6XjS + XgEEwW3v6132R+lDFsnqAmmh/WxvIcBhor55XFRsSH+Q5x4izc0UkZ7GBG+DoMfG + sczfIg/5a27yZeWANiRehxY3SVNkLZsxDwuXuKM3cZwO0opWSyYOo35FG33m0vs= + =eQOb + -----END PGP MESSAGE----- + fp: D99ACFFD86041A016F82A3E2CA8B237AD460D97D + unencrypted_suffix: _unencrypted + version: 3.8.1 -- cgit v1.2.3