so many sops

2025-03-17 21:34:52 -05:00
parent 7741fc575f
commit 32eadb044d
53 changed files with 801 additions and 591 deletions
--- a/hosts/desktop/sops.nix
+++ b/hosts/desktop/sops.nix
@@ -17,4 +17,57 @@
  '';

  sops.secrets."wifi" = { };
+
+  sops.secrets."ssh-keys-public/desktop-nixos" = {
+    mode = "0644";
+  };
+
+  sops.secrets."ssh-keys-private/desktop-nixos" = {
+    mode = "0600";
+  };
+
+  sops.secrets."ssh-keys-public/desktop-nixos-root" = {
+    path = "/root/.ssh/id_ed25519.pub";
+    mode = "0600";
+  };
+
+  sops.secrets."ssh-keys-private/desktop-nixos-root" = {
+    path = "/root/.ssh/id_ed25519";
+    mode = "0600";
+  };
+
+  sops.secrets."secureboot/GUID" = {
+    path = "/etc/secureboot/GUID";
+    mode = "0600";
+  };
+
+  sops.secrets."secureboot/keys/db-key" = {
+    path = "/etc/secureboot/keys/db/db.key";
+    mode = "0600";
+  };
+
+  sops.secrets."secureboot/keys/db-pem" = {
+    path = "/etc/secureboot/keys/db/db.pem";
+    mode = "0600";
+  };
+
+  sops.secrets."secureboot/keys/KEK-key" = {
+    path = "/etc/secureboot/keys/KEK/KEK.key";
+    mode = "0600";
+  };
+
+  sops.secrets."secureboot/keys/KEK-pem" = {
+    path = "/etc/secureboot/keys/KEK/KEK.pem";
+    mode = "0600";
+  };
+
+  sops.secrets."secureboot/keys/PK-key" = {
+    path = "/etc/secureboot/keys/PK/PK.key";
+    mode = "0600";
+  };
+
+  sops.secrets."secureboot/keys/PK-pem" = {
+    path = "/etc/secureboot/keys/PK/PK.pem";
+    mode = "0600";
+  };
 }