john/dotfiles
1
0
Fork 0
mirror of https://github.com/jbowdre/dotfiles.git synced 2025-01-15 05:29:13 +00:00
Code Issues Projects Releases Packages Wiki Activity

initial sops secrets config

Browse source
This commit is contained in:
John Bowdre 2025-01-08 22:55:31 -06:00
parent 7688854d95
commit e17c09dacf
Signed by: john
SSH key fingerprint: SHA256:cZYnOxaLdo+MhBNMX38ihO/p2Kek6fBykSFoJwHBhUo
3 changed files with 41 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.sops.yaml Normal file
View file

@ -0,0 +1,9 @@
keys:
- &users:
- &john age1uspm4tsmv5tehenn23pahcahj49dzege7zqfeg9y36awmjsa5exqldhykt
creation_rules:
- path_regex: home/global/secrets.ya?ml$
key_groups:
- age:
- *john

15
home/global/default.nix
View file

@ -1,6 +1,9 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ../modules/tui inputs.catppuccin.homeManagerModules.catppuccin ]
++ (builtins.attrValues outputs.homeManagerModules);
imports = [
../modules/tui
inputs.catppuccin.homeManagerModules.catppuccin
inputs.sops-nix.homeManagerModules.sops
] ++ (builtins.attrValues outputs.homeManagerModules);
nixpkgs = {
overlays = builtins.attrValues outputs.overlays;
@ -22,13 +25,15 @@
username = lib.mkDefault "john";
homeDirectory = lib.mkDefault "/home/${config.home.username}";
stateVersion = lib.mkDefault "24.11";
sessionVariables = { EDITOR = "nvim"; };
};
programs = {
home-manager.enable = true;
programs = { home-manager.enable = true; };
sops = {
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
secrets.tempest-station = { sopsFile = ./secrets.yaml; };
secrets.tempest-token = { sopsFile = ./secrets.yaml; };
};
catppuccin = {

22
home/global/secrets.yaml Normal file
View file

@ -0,0 +1,22 @@
tempest-station: ENC[AES256_GCM,data:FaDaqpLl,iv:PTPeOhDZwYIJspirN/9Ncw4KI70oBvNtYHVeGc/Lo/c=,tag:qrdJLRGe16V2NAwDlIozWw==,type:str]
tempest-token: ENC[AES256_GCM,data:mSpZdECMQWn9DLYADnfVPyc6oR1m1R7bf4PYLH/F6YFmxPfW,iv:mNH4oyDY/DOlXO5uj/HemfaVK6CqG0RIp6G9ywC+eNY=,tag:uba+AYAUY8r+1z242/8Tgw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1uspm4tsmv5tehenn23pahcahj49dzege7zqfeg9y36awmjsa5exqldhykt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZEplR3YyT3crQi9BeW5I
aUhkMmpiTkxiQk5qOEFpL2NEaWxYSVRpMHhZClRkbTBjajVoRE1ldVZDV1ZWZndm
S0J2YU91VzlZZHFmdmtZejhsSU1kQUkKLS0tIC9HZHFOUXBRaDB5K0ZSTW16KzZF
OXNIL1RLL2JuMURTenhaUUkvbDl1d0kK+xHbc67E9NNNDelKuKfBB/59taJyuon+
YpftfBZRmvONdl3eWNPSDygEuAP7uP8/APsI0SThZBDyL6KLk515tA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-09T03:36:30Z"
mac: ENC[AES256_GCM,data:WHu28jAhHHOaNURxCN5PKFeBNgXq2DGixKsdpLyj1N+5wHCuNDMW4a6qWsNfbZ589d0J6UBZp0lPzze/VzGtH2OLZUx0Ai75ALCm44mJwTnzHcECK0rTQoAECoOWd5O0UBP1rbCLT43JOEaVNzN1pe62kNj+x+PkQt5HRqCMyLo=,iv:5JLsPOjjlL7iDM0Fnm1z1/c+mSK/FVIWsB3Z73m9HvA=,tag:9Ffw2cusPYfJIrYCR74D+Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2