From 1f07f05504fc62438c7a1dce7ca64c868792ea44 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Thu, 12 Jun 2025 15:32:55 +0200 Subject: [PATCH] update sops --- .sops.yaml | 6 ++--- nixos-modules/nix/default.nix | 12 ++++++---- secrets/main.yaml | 44 ++++++++++++++++++++--------------- 3 files changed, 35 insertions(+), 27 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 8e1fff2..2f39cea 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - - &kuraokami age1q7tr77fyygpvlwenrj4zw9d4e59p66pz3vckelecgepectt9jvrq4qd6ll + - &main F22F4D554E1CD01D0BA66AE565EDFB9549D0A481 creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: - - age: - - *kuraokami + - pgp: + - *main diff --git a/nixos-modules/nix/default.nix b/nixos-modules/nix/default.nix index 169b862..fdb9561 100644 --- a/nixos-modules/nix/default.nix +++ b/nixos-modules/nix/default.nix @@ -159,12 +159,14 @@ in ]; }; - system.etc.overlay = { - mutable = false; - enable = true; - }; + #system.etc.overlay = { + # mutable = false; + # enable = true; + #}; - systemd.sysusers.enable = true; + #systemd.sysusers.enable = true; + + sops.defaultSopsFile = ../../secrets/main.yaml; systemd.services.nix-daemon.serviceConfig.LimitNOFILE = lib.mkForce 1048576000; diff --git a/secrets/main.yaml b/secrets/main.yaml index 0185abe..9b26934 100644 --- a/secrets/main.yaml +++ b/secrets/main.yaml @@ -1,21 +1,27 @@ -asf_key: ENC[AES256_GCM,data:NZqrDt8ajbVa,iv:4ynhNOIyERVKj8CND2TBW0frKeJXYkGNWigsxvLKAHQ=,tag:jwpAQx7YpiTcr34BEnRhGQ==,type:str] +isCat: ENC[AES256_GCM,data:/7UOqQ==,iv:Yvm3QRc/VP6MkHjCLgdXPWoH8KhaJhY0Aiwxx9qX8m0=,tag:N6LUErA3INlAzJY1kuAfTQ==,type:bool] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1q7tr77fyygpvlwenrj4zw9d4e59p66pz3vckelecgepectt9jvrq4qd6ll - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByaG1kZFU2dXo5L0s1ZDho - UXlmakhqdGtqWWlkTEZ6cUV6TEUzbytkOUI4CnZlN2lKWGc0aTB1Y2M0NHNOL0du - OEI0eGltWE1nYU0ybGtHUlN0VWlVTDAKLS0tIHJKblo5L05KU1V5eXhhUlYvWmkz - d0FxeEZhaDBxWjdiS21EWFVqR3NVMmsKgKtMEtrq06TdaP38zmZgm4/X4nREpWLx - InDOmjwR3fOysz+lTH2lGVqJVqdiJkveJRDodgcyodf5BqfD8oLgDQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-12T15:20:29Z" - mac: ENC[AES256_GCM,data:ncWyrFiP2htNovn43Uook3QtXvqhhPQwQkxa9cAiGvzSusae7rH1kN9ZYPYObZJvIKrFLPSqwagdNoCa8VhnGjpPg1LrwIjqvDudT+N7/ZM/i7PIpOGagbnPrMFln+zzcrp2ocJeo4ZXPJJOVmH6ncENszJ/VGOL41GXbPJT09M=,iv:pfgGj6SHMyAzGLScBTUfF6OGjiPnurIaRJltu7yWDBU=,tag:NW/m6mBCOCSriqdxPul/Iw==,type:str] - pgp: [] + lastmodified: "2025-06-12T13:00:04Z" + mac: ENC[AES256_GCM,data:5trsOD+flYH2nT3fM1kwg7Nc+aUBvllovSLVu/fkQQFUGB3dBlhVRl5LtDYQsn7L2Pu7GgiOBpgaxsvE/IF9Ba81kUI2wQWGNHq0FQkoXbOKpcflpuB3suzR/DrZn7QymD9m3Fo0492ifm8Req8/i9FsAPC0ua369Hv5sXKxPJA=,iv:M4PnHlLVl1E472wdOb1qK4IH4rsBpNtudBCPDuhEFB0=,tag:16d+bYiCkB7WibhpYfJ6Iw==,type:str] + pgp: + - created_at: "2025-06-12T12:59:08Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1LtYQYmkr9rAQ/+OnHQbXL8GOprBJIN2ruOxAJOa/Wnwwleh7sBZ0F5SXW9 + lnaGLMZ/DW3Zv2KhcknfYTOA6f5WgIOKi2Tt3qGMw2amDROT/RL+oIRb+DLBFZnh + p7IpW79vSf8gYgCtqAE6pT5jaDdFGnS+ULZ2bH/aKpxIezD7FrUAlYUZPhS2EAvF + m9HNzsjZ7yK8zh6XmHWVxHNqC146vYYS7sPp7kAVGpbcSbQM81idSElWIbYJbhB5 + JUiDOpp939AC7vdlwd8+8Fasbcs3xLjPNAGG3ZUxvIOHM+tJR+KUgRXT9ZR/UZ+U + N3tOfRsxNNFi/0Zezz1fspA2rpMt++gsRMvMo/79MAf85HrhUXZ5ZX9k3QjXEP74 + CvQJyiPF6gYX3GvVZgR3MfinUQjqe9k3pntYRf3P984dzrSYqbMice+yVmqlvRNB + 0ypq6fvUVy2mjGi1inIFPPrRkRCjI71ulvHIgpELPYEit3AfNgLcDp5NcKodr9/v + E1fee4CpM9pFchnXEerTDoMpLEJ6SVGT7ynBOpfwEWmRc7TluAzWYArDzG8w1kk8 + SLlwSECNI4pTUybl+8qf8UkizQ3b+50kLNgig+Y001SHmuI3FxGWOf8co14xcFv8 + fz2+KYZsgv5Jk7m8xNwKckcTgVa229/NAwgwIpSobp7lpXxfjL5F+c3hhQBbam/S + XAF2wIOX/P1//4DnsmJHWXydKtXYwesfn+no4f5EYXI3DNaS7rBI0ihgSYT/Y+5y + 3Q31IuLw+HXEYQSawEefBtS/75St1ZNSJU7D0y+wdZFh1ZqNrXp5iUoUaH3q + =kn7f + -----END PGP MESSAGE----- + fp: F22F4D554E1CD01D0BA66AE565EDFB9549D0A481 unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.10.2