foglar/nixos-config
foglar/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sops update

Browse Source
This commit is contained in:
foglar 2025-03-02 12:43:33 +01:00
parent c80c446b91
commit 52025b5cbf
3 changed files with 25 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/system/packages/sops/secrets/secrets.yaml
View File

@ -5,6 +5,9 @@ ginoza:
password-hash: ENC[AES256_GCM,data:xqE0y3Z7+kasYFQLn4Wuo+/c9L8BEakf2HKgN5BsttC2iDuzYSvXrP8K6pe5Skdi5Aq0MVz9LixJFM3PBgLORL1C6k0iDSardw==,iv:bKL40h0rGNmnnkA7EieKAD5KyENXOiTNsTVH1V0B7HU=,tag:c1MsRuiOK/j2b0iKOyO8FQ==,type:str] password-hash: ENC[AES256_GCM,data:xqE0y3Z7+kasYFQLn4Wuo+/c9L8BEakf2HKgN5BsttC2iDuzYSvXrP8K6pe5Skdi5Aq0MVz9LixJFM3PBgLORL1C6k0iDSardw==,iv:bKL40h0rGNmnnkA7EieKAD5KyENXOiTNsTVH1V0B7HU=,tag:c1MsRuiOK/j2b0iKOyO8FQ==,type:str]
longinus_spear: ENC[AES256_GCM,data:MMXTgboz4yY=,iv:OCav/ZmFCKLTJ9YWAbu4692E4d/gc6T0yTs0viZFdSs=,tag:YW6WFG39eDwxkd+6xXwH/Q==,type:str] longinus_spear: ENC[AES256_GCM,data:MMXTgboz4yY=,iv:OCav/ZmFCKLTJ9YWAbu4692E4d/gc6T0yTs0viZFdSs=,tag:YW6WFG39eDwxkd+6xXwH/Q==,type:str]
cassius_spear: ENC[AES256_GCM,data:AwWRQOPlLoE=,iv:DACo6Xrr/3ZPMhR9Oq4bxvU02FF0k9z8WVZdqfqaD8Y=,tag:mVK1OB8I0M1Uq00QV7hyVQ==,type:str] cassius_spear: ENC[AES256_GCM,data:AwWRQOPlLoE=,iv:DACo6Xrr/3ZPMhR9Oq4bxvU02FF0k9z8WVZdqfqaD8Y=,tag:mVK1OB8I0M1Uq00QV7hyVQ==,type:str]
wakapi:
salt: ENC[AES256_GCM,data:rE/uqqWog1XoSAq+,iv:mLfjliXChj57nGbPAGhTwv5HG07npZzDCgka84Vubrk=,tag:uVMQwzTHnYh5pbua0K9SKA==,type:str]
api_key: ENC[AES256_GCM,data:Haaw84nHmBK2+/A7y0wp0AnZi342LYUvOaWMDQ2TRn1VkbYg,iv:Lnxeu0MTmyPFTm+WM9kwScdMmqplU3wBSRF+EoNa2Zk=,tag:WYvGQfT4FkcYL3piKiHidA==,type:str]
ssh_keys: ssh_keys:
masaoka_private: ENC[AES256_GCM,data:3xiESl2Lc9EEsTCnr9K+CUMPgpQgnH0LC/wTInuLDrsRXuBXTHUzIZT1P8DwZ520M5NeGO0qDkiF4gH9rwm2Jzp3KKR7S1aruS51mouQUnr3e965RI9jeCdogQYkXMbpGVDk0eWApUx/iQz/hKWvaCRMBWOnnsTKRgDRRBNry8MJAFlypBbpr5aGnkJYzVCRH+c8b1tY8HYuZJtQpbeI5PK3YMhyD9AiUcl3j4LduY/GGcsX1so6EeNeYwzEWG7Qh9dEO2iFGwYhqtlPs3HgY9UrKUrFht6aDP+g6uzuK2Sg5iuKgygPviN0pbFcyKUWzqpecoOaMMFuf9GpDsqtDaE+I1c8XP4Fa4Nmql5P/0LVu2ozZwvUt179oo+8GboQunr0XdLSErUZwFMZ2uAaG5ej/5xaCLmaoM9Ukj804+6LWZ6ty595LmJhYREn1C8Dvka2IBEQk7pWfC3Y0eOFfUPqcsRG6VX1Aw0a7PSPaTCK7ZBLOqaNRihn1/AZd/4yGWmh+8eHoxh+/5mMXcv3nUS/nzxUDt6AxBhJP3LXbY+XDpWU+qdlF3sibcpfwzFcffO4g6ehQ6Jsbd7kbt5CefCp2uUamHvNHXSV41s1DCPtcKzKZ+RItPLa+6GM7KvqB0GN3G56MaiTbKtXzwUPzSzZHnKK2gN3GWd9VDTWQrMlh1Zre0PhdmYtjrvBGXDcmhfftowkzZZCT3Ml76356gjszs331ddXJ9v3gRh/TX2Q,iv:8Ls+tDol+PeNCJP+sy4qwTIDFMZJA9dF4x31pygUIXk=,tag:rGqgoyYu+Nd4d3KQ8XnlfA==,type:str] masaoka_private: ENC[AES256_GCM,data:3xiESl2Lc9EEsTCnr9K+CUMPgpQgnH0LC/wTInuLDrsRXuBXTHUzIZT1P8DwZ520M5NeGO0qDkiF4gH9rwm2Jzp3KKR7S1aruS51mouQUnr3e965RI9jeCdogQYkXMbpGVDk0eWApUx/iQz/hKWvaCRMBWOnnsTKRgDRRBNry8MJAFlypBbpr5aGnkJYzVCRH+c8b1tY8HYuZJtQpbeI5PK3YMhyD9AiUcl3j4LduY/GGcsX1so6EeNeYwzEWG7Qh9dEO2iFGwYhqtlPs3HgY9UrKUrFht6aDP+g6uzuK2Sg5iuKgygPviN0pbFcyKUWzqpecoOaMMFuf9GpDsqtDaE+I1c8XP4Fa4Nmql5P/0LVu2ozZwvUt179oo+8GboQunr0XdLSErUZwFMZ2uAaG5ej/5xaCLmaoM9Ukj804+6LWZ6ty595LmJhYREn1C8Dvka2IBEQk7pWfC3Y0eOFfUPqcsRG6VX1Aw0a7PSPaTCK7ZBLOqaNRihn1/AZd/4yGWmh+8eHoxh+/5mMXcv3nUS/nzxUDt6AxBhJP3LXbY+XDpWU+qdlF3sibcpfwzFcffO4g6ehQ6Jsbd7kbt5CefCp2uUamHvNHXSV41s1DCPtcKzKZ+RItPLa+6GM7KvqB0GN3G56MaiTbKtXzwUPzSzZHnKK2gN3GWd9VDTWQrMlh1Zre0PhdmYtjrvBGXDcmhfftowkzZZCT3Ml76356gjszs331ddXJ9v3gRh/TX2Q,iv:8Ls+tDol+PeNCJP+sy4qwTIDFMZJA9dF4x31pygUIXk=,tag:rGqgoyYu+Nd4d3KQ8XnlfA==,type:str]
masaoka_public: ENC[AES256_GCM,data:g6L2wZth2SaKDrD8hKlVkVWJa6WFi0XE2ra+9HF2uhTH1llCYmLab5CEhDsjTHyh65U4IAfsrYrMwlJH2iQXn/L6SLQmR00pn6qYfQ6sURCwZvSxKoJuHTuTNv7AH8J5Nxq/u6SMjYGVKhw/6ewHEOygVs0/a+rDFcn4x2WXPgRGKLa1CEyncfvslyYL,iv:dNDGDU0ZUuRDzcUTWh4SGnbfzuRUoDL4i1j/mLwQ1Gc=,tag:E8yzoyBee3uAgit9aoOeLA==,type:str] masaoka_public: ENC[AES256_GCM,data:g6L2wZth2SaKDrD8hKlVkVWJa6WFi0XE2ra+9HF2uhTH1llCYmLab5CEhDsjTHyh65U4IAfsrYrMwlJH2iQXn/L6SLQmR00pn6qYfQ6sURCwZvSxKoJuHTuTNv7AH8J5Nxq/u6SMjYGVKhw/6ewHEOygVs0/a+rDFcn4x2WXPgRGKLa1CEyncfvslyYL,iv:dNDGDU0ZUuRDzcUTWh4SGnbfzuRUoDL4i1j/mLwQ1Gc=,tag:E8yzoyBee3uAgit9aoOeLA==,type:str]
@ -23,8 +26,8 @@ sops:
T0cxV21SN0hJaFg3R3hpTjIxa3lJNVEKdIrR5XDHxpCojk2A1pxc4dYtSJRrObbY T0cxV21SN0hJaFg3R3hpTjIxa3lJNVEKdIrR5XDHxpCojk2A1pxc4dYtSJRrObbY
JS/nDgu74LugEchiOhuIJ7nh3MS5XBOmmt2GTHrqxZEZFoIykjIGug== JS/nDgu74LugEchiOhuIJ7nh3MS5XBOmmt2GTHrqxZEZFoIykjIGug==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-19T15:03:13Z" lastmodified: "2025-02-25T20:03:32Z"
mac: ENC[AES256_GCM,data:JfzYwtQJE7jq9QE79EJDYnN69vEe5WJcPVbKto0a2no1bHIDxSBJpIgczO/fah6AqYeREZe+NiQUpnc110T9iZRQ3ouhKvlcxbov3nHkjTiVYSN1pP+5V0yeYKZ4W+ivRGpfchvgK4Oo8B8NKy+0oTHhY2C4Ms0h6uUeQsVikfo=,iv:YVrQNatL8G6MS0QeOVuD3zaUQp9C/Ju1i1C6+oCxXOc=,tag:zApfKtOdIUdr9HYU9Nk6RQ==,type:str] mac: ENC[AES256_GCM,data:9X7kF+18TGfsfI6S4Mwm8BzCnnksZpUK9L2dJmT3FUdOd+BhyuqUPTh+xxyhICRk1+Hle4NoeXSQEteoaZtRyCVN/JQ0qJbsUscG5xOHIe8XN+ypd53cSZETyeXK27/mRH46C1Ww2N+WsfkPRu6iEWAI5IWS66ZC0fJlqcTcr/A=,iv:/Je8+kjNzBZfPcws5UlkL5Th2pA3ftJveV7Q+fHMAaw=,tag:e+rE2tLZXSX90F6xY/VvLA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4

29
nixos/system/packages/sops/sops.nix
View File

@ -18,21 +18,10 @@
# SSH private keys # SSH private keys
secrets = { secrets = {
"ssh_keys/masaoka_private" = {
path = "/home/${userSettings.username}/.ssh/id_masaoka";
owner = userSettings.username;
group = "users";
};
"${userSettings.hostname}/password-hash" = { "${userSettings.hostname}/password-hash" = {
neededForUsers = true; neededForUsers = true;
}; };
"${userSettings.hostname}/syncthing" = {
owner = userSettings.username;
group = "users";
};
"longinus_spear" = { "longinus_spear" = {
owner = userSettings.username; owner = userSettings.username;
group = "users"; group = "users";
@ -42,6 +31,22 @@
owner = userSettings.username; owner = userSettings.username;
group = "users"; group = "users";
}; };
"ssh_keys/masaoka_private" = {
path = "/home/${userSettings.username}/.ssh/id_masaoka";
owner = userSettings.username;
group = "users";
};
"wakapi/salt" = {
owner = userSettings.username;
group = "users";
};
"${userSettings.hostname}/syncthing" = {
owner = userSettings.username;
group = "users";
};
}; };
templates = { templates = {
@ -68,5 +73,7 @@
# Syncthing password # Syncthing password
#services.syncthing.settings.gui.password = config.sops.templates."syncthing-password".content; #services.syncthing.settings.gui.password = config.sops.templates."syncthing-password".content;
services.wakapi.passwordSaltFile = "${config.sops.secrets."wakapi/salt".path}";
}; };
} }

2
nixos/system/packages/yubikey.nix
View File

@ -30,7 +30,7 @@
enable = true; enable = true;
debug = false; debug = false;
mode = "challenge-response"; mode = "challenge-response";
control = "sufficient"; control = "required";
#! id = [ "1234567890" ]; #! id = [ "1234567890" ];
#! YubiKey ID is stored in SOPS #! YubiKey ID is stored in SOPS
#! and is set in the module configuration #! and is set in the module configuration