From e17c09dacff90b5a3dca3cd597adbbd238ace98d Mon Sep 17 00:00:00 2001 From: John Bowdre Date: Wed, 8 Jan 2025 22:55:31 -0600 Subject: [PATCH] initial sops secrets config --- .sops.yaml | 9 +++++++++ home/global/default.nix | 15 ++++++++++----- home/global/secrets.yaml | 22 ++++++++++++++++++++++ 3 files changed, 41 insertions(+), 5 deletions(-) create mode 100644 .sops.yaml create mode 100644 home/global/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..d786831 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,9 @@ +keys: + - &users: + - &john age1uspm4tsmv5tehenn23pahcahj49dzege7zqfeg9y36awmjsa5exqldhykt + +creation_rules: + - path_regex: home/global/secrets.ya?ml$ + key_groups: + - age: + - *john diff --git a/home/global/default.nix b/home/global/default.nix index d711de3..f02bda1 100644 --- a/home/global/default.nix +++ b/home/global/default.nix @@ -1,6 +1,9 @@ { inputs, outputs, lib, config, pkgs, ... }: { - imports = [ ../modules/tui inputs.catppuccin.homeManagerModules.catppuccin ] - ++ (builtins.attrValues outputs.homeManagerModules); + imports = [ + ../modules/tui + inputs.catppuccin.homeManagerModules.catppuccin + inputs.sops-nix.homeManagerModules.sops + ] ++ (builtins.attrValues outputs.homeManagerModules); nixpkgs = { overlays = builtins.attrValues outputs.overlays; @@ -22,13 +25,15 @@ username = lib.mkDefault "john"; homeDirectory = lib.mkDefault "/home/${config.home.username}"; stateVersion = lib.mkDefault "24.11"; - sessionVariables = { EDITOR = "nvim"; }; }; - programs = { - home-manager.enable = true; + programs = { home-manager.enable = true; }; + sops = { + age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; + secrets.tempest-station = { sopsFile = ./secrets.yaml; }; + secrets.tempest-token = { sopsFile = ./secrets.yaml; }; }; catppuccin = { diff --git a/home/global/secrets.yaml b/home/global/secrets.yaml new file mode 100644 index 0000000..7f94d32 --- /dev/null +++ b/home/global/secrets.yaml @@ -0,0 +1,22 @@ +tempest-station: ENC[AES256_GCM,data:FaDaqpLl,iv:PTPeOhDZwYIJspirN/9Ncw4KI70oBvNtYHVeGc/Lo/c=,tag:qrdJLRGe16V2NAwDlIozWw==,type:str] +tempest-token: ENC[AES256_GCM,data:mSpZdECMQWn9DLYADnfVPyc6oR1m1R7bf4PYLH/F6YFmxPfW,iv:mNH4oyDY/DOlXO5uj/HemfaVK6CqG0RIp6G9ywC+eNY=,tag:uba+AYAUY8r+1z242/8Tgw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1uspm4tsmv5tehenn23pahcahj49dzege7zqfeg9y36awmjsa5exqldhykt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZEplR3YyT3crQi9BeW5I + aUhkMmpiTkxiQk5qOEFpL2NEaWxYSVRpMHhZClRkbTBjajVoRE1ldVZDV1ZWZndm + S0J2YU91VzlZZHFmdmtZejhsSU1kQUkKLS0tIC9HZHFOUXBRaDB5K0ZSTW16KzZF + OXNIL1RLL2JuMURTenhaUUkvbDl1d0kK+xHbc67E9NNNDelKuKfBB/59taJyuon+ + YpftfBZRmvONdl3eWNPSDygEuAP7uP8/APsI0SThZBDyL6KLk515tA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-09T03:36:30Z" + mac: ENC[AES256_GCM,data:WHu28jAhHHOaNURxCN5PKFeBNgXq2DGixKsdpLyj1N+5wHCuNDMW4a6qWsNfbZ589d0J6UBZp0lPzze/VzGtH2OLZUx0Ai75ALCm44mJwTnzHcECK0rTQoAECoOWd5O0UBP1rbCLT43JOEaVNzN1pe62kNj+x+PkQt5HRqCMyLo=,iv:5JLsPOjjlL7iDM0Fnm1z1/c+mSK/FVIWsB3Z73m9HvA=,tag:9Ffw2cusPYfJIrYCR74D+Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2