From 22bc3e753aad927f43696e25229bbd317aceb310 Mon Sep 17 00:00:00 2001
From: materus <materus@podkos.pl>
Date: Sat, 30 Mar 2024 19:22:46 +0100
Subject: [PATCH] Old-materusPC: init secrets

---
 .../host/Old-materusPC/secrets/default.nix    |  25 +++++++++++++
 .../Old-materusPC/secrets/private/default.nix | Bin 0 -> 79 bytes
 .../host/Old-materusPC/secrets/secrets.yaml   |  33 ++++++++++++++++++
 3 files changed, 58 insertions(+)
 create mode 100644 configurations/host/Old-materusPC/secrets/default.nix
 create mode 100644 configurations/host/Old-materusPC/secrets/private/default.nix
 create mode 100644 configurations/host/Old-materusPC/secrets/secrets.yaml

diff --git a/configurations/host/Old-materusPC/secrets/default.nix b/configurations/host/Old-materusPC/secrets/default.nix
new file mode 100644
index 0000000..6820d84
--- /dev/null
+++ b/configurations/host/Old-materusPC/secrets/default.nix
@@ -0,0 +1,25 @@
+{ config, pkgs, lib, materusCfg, ... }:
+{
+  imports =
+    [
+
+    ] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
+
+  sops.age.generateKey = false;
+  sops.gnupg.home = null;
+  sops.gnupg.sshKeyPaths = [ ];
+  sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
+
+  services.openssh.hostKeys = [
+    {
+      bits = 4096;
+      path = "/materus/root/ssh_host_rsa_key";
+      type = "rsa";
+    }
+    {
+      path = "/materus/root/ssh_host_ed25519_key";
+      type = "ed25519";
+    }
+  ];
+
+}
diff --git a/configurations/host/Old-materusPC/secrets/private/default.nix b/configurations/host/Old-materusPC/secrets/private/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..19144af8d695f618e26fe46259415d2db85a2ca3
GIT binary patch
literal 79
zcmV-V0I>f6M@dveQdv+`0HRxLm!-w#=8*s<OBq(oPM2`%25&odCP2d6gXH+5{LrMo
lxodo@kwqr+2n+X0F_?2$_XNO|t~Nt32qlfr_VfDh%pjEXCX@gG

literal 0
HcmV?d00001

diff --git a/configurations/host/Old-materusPC/secrets/secrets.yaml b/configurations/host/Old-materusPC/secrets/secrets.yaml
new file mode 100644
index 0000000..34cde6d
--- /dev/null
+++ b/configurations/host/Old-materusPC/secrets/secrets.yaml
@@ -0,0 +1,33 @@
+wg-key: ENC[AES256_GCM,data:+z+Xxq6A1h5ceCOZry9PSz871zVZpd9Y6vtqpfoAulHCN03DjzZ/PLmRvYQ=,iv:7hdjnUuaRk30hFJ8rv4zXxI8v42RWC1iQb64LMNgBnQ=,tag:eUSTVygR+u9ERPU9gfhYIw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1el7zhjxkrlravpt7hw36fuac0xfgd42qkjjkvxzqmyl28u8csasqkd4a40
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsT2w4SCt2ZGdLYktHckMw
+            QVhza2tqU2M1Q3lsYnhld1dKcTdYUHcvSzFrCjMxT05yU01nUmFQK0FCUThUNDNN
+            V2EyTUhoVUNjNlNwTU9FeTlGRkxvVDgKLS0tIDBFYys1TmI0T0x0RnE2N3JCWWpq
+            VFVjMGUvRVBaY0JsR2lVcUFsdk4rYjQKEiiqEcTaQSVXSAm5c9uylaf2Tt/KJtPl
+            GDp+2YSBHHnVYjtYf7k9WqsIEe5/0AifDp3YA8jNhOXuZwZdvk+fLw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-03-30T18:21:12Z"
+    mac: ENC[AES256_GCM,data:0DMB+ukujc6PMU45n1QJGryGie25Bj2hXmia69QgYZNk2vgfO+nYmWSpmqK4Z00xXNtbsgejfDto5mrzU/OJ4FF3eOfwWfdIwxQLEQKoPF5U3niON3YO8FEA+JIn+/fNGF3fY1AgBfhberST5ikKnmff1Nwe5GOwQHSB3LU+CZE=,iv:V89EFUby3bwsoZKpoJRmJS9E/UheMBkKDq7j40IzBTA=,tag:aOJnFFGIuzQ3T7YrIFiWtw==,type:str]
+    pgp:
+        - created_at: "2024-03-30T18:20:23Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4D5fSX77p80GYSAQdAnUVLGsgIKd3EtSAGTPyXqSlsz1T8RnDvAtBz/XaH0y0w
+            pkp84zTe85FRZDnTO8a44WkpNIrUih0CYQSPPCZqSi/qnIxPWgx67HTC1bPAO9Iw
+            1GgBCQIQNcrKr4YNKSP5XxJqMXOyZD7rZ4g02Xdw5XplZ/y34m9c83S44XRgHwg4
+            0obXI1UlsqyHf/ZnTM1pbXO/kdTdFomWvWbfbuKDgDvyiJJ18mJ48GOsv/SBBJjJ
+            3877O+Ia5I8Chg==
+            =q58P
+            -----END PGP MESSAGE-----
+          fp: 28D140BCA60B4FD1
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1