materus
/
nixos-config
mirror of https://github.com/materusPL/nixos-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

waffentrager: add secrets

This commit is contained in:
Mateusz Słodkowicz 2024-03-21 19:30:54 +01:00
parent 114c2e93be
commit 15cf859638
Signed by: materus
GPG Key ID: 28D140BCA60B4FD1
4 changed files with 63 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configurations/host/waffentrager/configuration.nix
View File

@ -26,6 +26,7 @@
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPEDY+H8Hc/RSLE064AAh8IojvqxPd8BE5gec2aOfYMh materus@podkos.pl"
];
hashedPasswordFile = config.sops.secrets."users/materus".path;
};
nix = {

27
configurations/host/waffentrager/secrets/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, pkgs, lib, materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
sops.secrets.wireguard = { };
sops.secrets."users/materus" = { neededForUsers = true; };
}

BIN
configurations/host/waffentrager/secrets/private/default.nix Normal file
View File

Binary file not shown.

35
configurations/host/waffentrager/secrets/secrets.yaml Normal file
View File

@ -0,0 +1,35 @@
wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str]
users:
materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1j34lqh0z6ak2c94n564wgyjeykn9srma34f5e5e7xvf498fwk3rqxvwx0l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvejRrcGVwZHNkTVB5dkYr
RnhVVjNEblFVd0xXSStqdjFhWVVNS3ljUTNZCnBFVmRRVVVENGhJUVg2L1lSM1NO
dkQydVhOaFVxd0p0aFhVcmp6eXdGeVEKLS0tIFIvRDlvZDdsbm1USEZUZ3FYMmla
eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-21T18:19:14Z"
mac: ENC[AES256_GCM,data:W+DPXTyAZCMawijkbvNNe6UItS4ZVHY4qZ7hDOGkaMlziu9+e1awkvgmqg7H7gM0DgoAz17UE4uVIGB9Y/fnSc80Rk9sPZoNP8wnTwqzujmCyYIroi570aNQuNc6riTgaNcrSEefkzoATRUJvjbv63m+Sp5Vbl1kXepD3qaDDAU=,iv:HLOBwzemB8kqAE2DLoWeIIUUmp9i913bTG0onNdHAWY=,tag:cW0gP2TlUPY42NkWiWqICg==,type:str]
pgp:
- created_at: "2024-03-21T18:15:00Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAWetrf0jhs/b9qcQc4b21+PJUPdSjk372BjokfwJ2oXQw
4LaIaNB3LRmY4FF3UOqk28NwkwBw6n0AzYKC/k1G4ntaNBMI9eDtFJ1c1+KkxSl2
1GYBCQIQMCKcu2aBEMiIGOyG08vcRW2T23DUAfTQqQdRKD/SgSTqAZLSICVJ91xU
TBsdiPBKO2cRDfPc7DlVLbPNe/SUqVUX9N4GTGPUocXc1s6lvgx3NBP5cGoSNx+A
xCmXl373IDc=
=uSyc
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1