mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deck sops

Browse Source
This commit is contained in:
mjallen18
2025-05-27 15:16:43 -05:00
parent 6420b9127a
commit 65e1d5ee28
4 changed files with 85 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.sops.yaml
View File

@@ -8,6 +8,8 @@ keys:
- &jallen-nas age1mn2afyp9my7y7hcyzum0wdwt49zufnkt8swnyy8pj30cwzs4zvgsthj0lt
- &pi4 age1ykkjw57t3z3deup3gtp7dujyaslskn74e0d9hsmqaha2pj3rvazqgndw5a
- &pi5 age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje
- &deck age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg
- &steamdeck age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
@@ -20,3 +22,5 @@ creation_rules:
- *jallen-nas
- *pi4
- *pi5
- *deck
- *steamdeck

1
hosts/deck/configuration.nix
View File

@@ -11,6 +11,7 @@
./boot.nix
./jovian.nix
./hardware-configuration.nix
./sops.nix
];
nixpkgs.config.allowUnfree = true;

44
hosts/deck/sops.nix
View File

@@ -36,28 +36,28 @@ in
# ------------------------------
# SSH keys
# ------------------------------
"ssh-keys-public/desktop-nixos" = {
mode = "0644";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos" = {
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-public/desktop-nixos-root" = {
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos-root" = {
path = "/root/.ssh/id_ed25519";
mode = "0600";
restartUnits = [ "sshd.service" ];
};
# "ssh-keys-public/desktop-nixos" = {
# mode = "0644";
# owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-private/desktop-nixos" = {
# mode = "0600";
# owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-public/desktop-nixos-root" = {
# path = "/root/.ssh/id_ed25519.pub";
# mode = "0600";
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-private/desktop-nixos-root" = {
# path = "/root/.ssh/id_ed25519";
# mode = "0600";
# restartUnits = [ "sshd.service" ];
# };
# ------------------------------
# Secureboot keys

98
secrets/secrets.yaml
View File

@@ -103,74 +103,92 @@ sops:
- recipient: age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRFQyQWVDYnd6MlNHUU83
SUlvQ05FZDBMNmxRdkZpMS9vN1E1S0w1TW1ZCnN2Mm16Vyt0ZzRTQmhGbUNZeDNW
eDcwa0FtQlQvYkc0UUVybnpyWHN6Tk0KLS0tIFR0SHByc3BoVzI3QmJKT1dINjBN
ZXRoeS9TUGZDSzIzYy9qdHRXUWN6TVkK/BWAbun7pwW9dqKQ7SuTyRlri6ttBlR4
j6kovkyqLNPdcZCZ8Sgxqo7RGdCHFmkmjms06tsfjFNxrNMySIbdhQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHczFweU5Zb0g3a0JNY0E2
ODU2TnYrZFl6UHZub0IrZ3ZDTmZzb2NtaFhFCmxCYUU0bnVNaFgzd0VYM1F0YWc1
TnVVN2l0a3pydDdLR21mK0VrYURicTgKLS0tIC9BSnBRLzJQQVJweFRZYXdvQkRH
UU95ZDdIZ1kzN29oMmRDcFV2WmVnSU0KRb6msqKVymmbPomXb3nk91TE/cFz2Ghp
L75yiYHSmTjWkCN3XbTETxvCBUkPCVWq4Eeiac4XKbTCZfy8thzYmA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13g9a4d4jrvckfddpgn8sm4kjtzajr67le56pfdg78ktr5pd09phq32j89u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCcU5lbUMzU04wZUNaUkph
QjdtUHRsK0VqNU1WT3Zja1Avdlk4UTQrWHlRCkYwRXMySHBJRVhycGF3N2dzSTB0
RVl5enpxZE1sSnBxTm5jR3dXRk8xNVEKLS0tIFdZOGNQZHJnTWM2VTJ3MjNkTi9m
eFFId1B4Q0FXWWxaM3lXcnF0ZWFLSzgKj1mt6ogp+c81mQPK+j0wvD+7YdHxxixB
uWOHd8zNTFIruRfOU9sYf7Ghwahbag2MWdRyH4ytRjgM5qxct2MPKg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWGhHdDhmc2x0TE5BN1VT
TVR2QWNnWEQ3ODI3eTdtN2doNmFvWDhGUUJBClkveWZYRFNJNTduUHpSSVR4eHVO
K2Nzam5QU0IxQi84cHVEM253MmlmTHMKLS0tIDQ2bnRlV2VWOVhRR1E1NW53VzFp
V0ZWN0ZPOGtKYjlpOGpSWU9aTmRjeWcKqa+D/8Y4X+40WryFSEUGcOe2w8Id+K94
2S4TsSpNpuFQoZ5VrF29J2VdAhbhoDNCZAMy3QiwMDiUoOa+CfRA2A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wpvfpv5n32lruk7c0da4uaeapsmhjxdvg8z4ljehn06l6g2y0e0sum404l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQmo4aWU4SGlBZWZ4Ynpm
YVNydHRjNmJVR0R6SnNIK0szWXFGUmJTeEhRCjZIU1htVGQxTFp2bGZHeFpzSlJL
elhwVUhIZjEvT1Q0aUtjbU15ZGU5S2cKLS0tIHE4SmR4Mm9jM0ROcnF5Wnl6MWpP
azFoc0h3U1dNa3Z6ZU5FdXE3UVZYSzAK4Ge42ceCmP0PA8cSJRp7bRTb5iLA/TWN
Z4cD8Azdn1Xx9HYZJ+T7cLmqXzi5as2p4nf7O7y+UV5KI1+VV/oboQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSCtpT2t6VGcrYjRsbEJ3
OXdUZzdzeWNFTGhWMUpjU1RMWjBpZ2R0U0RZCjJFWWJjdkpyNGVGZXA1Tmpka2VV
UGdEY1hlKzQ0YVRKUEdyeW1ZVkpOVzAKLS0tIHArWnR6c1ptaFlHZkUxaFRCVWsv
NzcyVkdqcHJ3L0lNSXVZSGtxdE5tL1EKSv+iig3l6ffZTnPR+SDaffQOJDOiF1Ss
E7MC7V5mAZxeMyzZ5A7boiKBLIJkpLAFUunLuzOeM0ifUy7B/Vrr1Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1K2Y0QzFxdWg2N3lDNVYz
TzZ2WTRBMjRFWjUxOHhjTUZNQW4vQ29aZmdjCnhTb2J3RDlsbmNGWmRzYlFueFpB
NDJXMC9aRXVrcVAzeG56S0hEVGgrQVEKLS0tIHlMZ0NkdzNYNURYbGtrK0Ywb05W
b3dweDR6b3pHUGxNTUZJTnluVXkwTDgKbIUMRg2OuEhlJNLDHZHHnCydMWiUaDbG
noSFkVPlb51LKU1kge5Vo6xGAul3tH0CAww/5kG60LbHKeQS76onQQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkY2QvODdCTjF5UjMweTdO
RVpMUGs3dE0wZGVWN2FlYjJKRkF0WUhZekJjCklWOVJJaVduZmlYeHVYL1lJWXov
OURVenpDaHVtM3dmd3NjTmE2Smg4S3cKLS0tIG8yLzZrdXdqcmppUmRwdHlJOUFL
cVJxOG1ZN2VJWExRTjlzN3N5L1c5U0kKRz8+om//JIQ3+0bLvQfsdmb9wj0lxJdi
BCLcDrTyf/QKZtecXaU+eJV4OZb5JFYTt/5eEoqXxliYxXmgEpjSqQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pm3fehmmk0vmnrscz9vm96rakn46aaldr5ydpscmde3v9x0k3faswwdzxs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMVHprYzlFVWc4RWhDdnlr
ampReXFFZGduOCtiV0FGT3YzVVFWaGhGMFZFCm85aXBWM0JvSnU0WEJmb0xkQ2Yx
Qm5NYUViMzhWVFJFcGhKYmoyWUJsV28KLS0tIEQyRFlhMGVLUGhZTi9rRUNCWExQ
T2MrTGVmTjhSVDVibHg1L084VFIydVUKibkSm36F2eXo3h7Naj7+h3rMVn8vfJns
1j9B4eWi7nh/B0INK8Si6mgSTAx/3sOUw+OWHjG1y1GAA1xF+bEJ1A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0OUVCWENST3B2N2VadStC
UGtjR08xUmxiQThPTm9vSHk2MzNWLzFyOG1rClI3Y2doMGtSWWJvSVZ6aHB1UUdr
SVlYbWNSejEvR0k5czZBa1VNTDhmODAKLS0tIDB6NmhsbHdMTm1nYnJkTnA1OXdp
U2VwZVBrTmRDZ1UxNW90TFI5V3BYc0UKnQt1MC30gqSvXq3hrTxZDt83qm4ImSyF
lK0iJZnEMy7aU7HA9+TYLspxQeQDS9AR7KJipfpERg8q1VhQloIsCQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mn2afyp9my7y7hcyzum0wdwt49zufnkt8swnyy8pj30cwzs4zvgsthj0lt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWWkwTjdzZ2N1cEFHWmV6
Ukk5dnBaalA2SkJ2SzVrcHlIdWFUQ3dtUEJJClIzandJcktkZ3VIZXRQblBja1p1
TWtVbmtJSWl0dmpFa2RIQmdkclVuOE0KLS0tIElrc05tNGY1dndIUlJmZXlkbmZF
a1dnR1ZCTHEzbUljdVl3QXBaTThPVHMKi4rHbmK9mhmTuCvuM1HidnR9hU1ykncc
5etozYpcyaPLELZr29zPlCIMnlPW12blz2kGA1qlKdoKm1PIIQ0Pdw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDaUhmSEtTTm5TeVFDcW10
Ly9NekdXcjVxNmNYZVpBS2UvcEt0azRWNURFCmVDbExRMkVQRXNGTU5MZGdDNElM
THMwY3poaEhSN1MzaFdMRVF6N3dZYnMKLS0tIFdwdU9RVnZ0NTRZdzFtckI5c3NW
TXY1OFFBa1M3ODh2cHlpMzlFV2trU00KrS2Z7GeFJMz1DLtWdsBivkCN9lwePUxq
+d6HPbrOHL+djKWnmTY4Q2Q811WYFZSccZKdBM5nz4YvtFV1utewQQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ykkjw57t3z3deup3gtp7dujyaslskn74e0d9hsmqaha2pj3rvazqgndw5a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdFVhVHk1Q2ZFS3d5SFN4
SWxRdUxXQTZQdWRnMDhVK2RqOW5Xd0dnZUFNCmNTdzF4clMrRitIZFRMOGZFaXdB
VXJDZTNKZ2tKOThveGRzYnY0UGFwZEEKLS0tIFlwdnNJa0gwYU9GWnBvYndhVTFD
bWRNcnVCMWJFa2VUbmxtMGFPcWpDVTQKwdJJA/5Ko5dXEbP2sUJbjOddIkYs6G4L
CURKzdVmfvXu1nvJ4C+jDXnZ9YZNv7iTQRrhOnK2a6j4HEd/lQUD9Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cnpaeFR2aGVUL0RrVzdZ
eENHQ0RMdE9RYkh4d2tlL1BzR2VEenRhVGtJCndXWG45VFVJYkN0TmducmxkUU8z
c3RNQTZYOTZDcTJ4ZkFoMk9RN1B4UEEKLS0tIEt4alAxbE1nOTJ4UGRHSzdSMFQy
V3hrQ2R3UEJNNStYMjV6Wjh4d0M5ZkkKwHBbJCSVh5wFeyNGEkeR0SWr8RSI0IL/
GYlSgizXf7rnQa1lrepAw11EsP37OmBAw9ywt/YgI/GiIo0iKb+2ZA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBETkZVVGxHcUlaZnBoZGxH
YkNjQVEwZ3JxTEp3dG5lUlRJUFNGRitQRXo4CkR3NG83MlY5SGhQNkhFaFVjWWR1
M0V0MkxOU0hod0luQ1B0YlEvWml4UTQKLS0tIHVyL09mWjE1MEcyczQ0OGp3WXYv
TkdNc25CSGVkSmJsZW0xc0hRK05SV1kK9kKvR2slhnKAUUQcQ/3mJ79PfrrTLyfL
IuEG3xwGQvwIISdSM5KOFEVYLe98N1+W3GYRPwqGTac8MG+vyXlirw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6Z2tzaDNnNkVLSDc3RG91
enpWMG13UDZmSlRJWUU5UzNYOEI3SXQ5SFNzClFZdWMwWXA5TWltMDZhRTlaeDRo
Vk4wcGc4RVZ1SnMrNExFQkhIRVlxRFUKLS0tIEI0Vy94QjU3bEg2dHdXNWZoWnJz
ZDZLMDNYOHJjMm9IWXExMnpvUFNPRmcKHjJbGTig7VCjtsgIwdBVNdxLCywWu297
T3UP8w30Vv4P3FGo7FbiC0GYX1zVrY47bi0RgcJS0/7EcvRF63u7MA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCdzBJVEtKclNqTHZ6bzN0
RzRxN1ZuMGUvcnRDakIvalFMRGtUL0VSTGtnCnpQZERVZWF6RmVvTHlrTUNYU002
ZjYyNmpOV0IwUHBpQ2lldHFULzhYR0UKLS0tIE16TGpNWGdMNU5jZTl1Zm80OWw3
Z1VCTHcvbnIwTDhJNTNqUmVCdjlsRm8KReUkvf6QUcQ2v7c2P+4ArxghuSBwHzs8
vx///NUPViautzBaMBiOyw318aG1I/ThnutYTBqBSqHWsb7A1sf+Yg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUSWkyZzdwNDJuSmdHeERi
YXN2aXRyUE9UTFl3aWg0WHozTnBEeGNUZnp3CnpEUXUvbHJtajVXTDhqbFIxYVk5
NG9LQ0Q2NG9HNVFBQklOaU9RdVNHamsKLS0tIEh1YnFrUXBVZGlNcDc5WkVndjk4
THgvY1JGS3gwNUdhSXVEd25kcndFbEUKvTRzMYgIsYxK0Kmbq8JhpwAjqzX5AC87
5pnLllSogskDIHNmKga+WiL2FyZtkFXW7x4jGW+oOLdZ5mWxAt8yJg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-18T23:58:00Z"
mac: ENC[AES256_GCM,data:nvQuAwSP2We341SLYBsMIVGwHFtog1Qd0Bpm5mCsiET9aMFV0xsXcdxJiHg+xo2dxdkW6l/H0eQRQnRk1RJ0XK7QsxpJebWy4ryRFXmdn8dCwybtROIQyHuB8ict97mlhDNigu9q6h+e97J0Uvo5E8qNbn76S9L54E5IPJOzlvI=,iv:L4uhNCeRZ7va6LrL/vDEvUDHfa2E6OFJnhE4+TyKw14=,tag:r3UXhMl1EWCaRRjI2q4gcA==,type:str]