commit fe1f34102ecd4c1f54d400f1938ffb057848ac2e · soopy.moe/gensokyo

+23

.sops.yaml

···

       1
       1
       +
       keys:

     

       2
       2
       +
         # maintainers

     

       3
       3
       +
         - &soopyc_mpxl7a age10rkyshu0lswdqyvun4cs9cekm9zt4fw5c8ssa38tn3lukgcahcvsltnqx2

     

       4
       4
       +
         - &soopyc_pgp302 8F3B277901484C6EA7E63F82D539637D518022C6

     

       5
       5
       +
         # - &soopyc_age302 age1yubikey1qgmfcf0vddslyza7djdekjjk3t3u29d474c5xscmcdye8x3spvhlxxj23xz

     

       6
       6
       +
         # failed to parse input as Bech32-encoded age public key: malformed recipient "age1yubikey1qgmfcf0vddslyza7djdekjjk3t3u29d474c5xscmcdye8x3spvhlxxj23xz": invalid type "age1yubikey"

     

       7
       7
       +
       

     

       8
       8
       +
         # Hosts

     

       9
       9
       +
         - &koumakan_ssh age18h7hya5terghrwawgpny28swlat2nqkdrfd4clk0svujqlz9xfusd3zeqt

     

       10
       10
       +
       

     

       11
       11
       +
       default_group: &default_group

     

       12
       12
       +
         pgp:

     

       13
       13
       +
           - *soopyc_pgp302

     

       14
       14
       +
         age:

     

       15
       15
       +
           # - *soopyc_age302

     

       16
       16
       +
           - *soopyc_mpxl7a

     

       17
       17
       +
       

     

       18
       18
       +
       creation_rules:

     

       19
       19
       +
         - path_regex: creds/sops/koumakan.yaml

     

       20
       20
       +
           key_groups:

     

       21
       21
       +
             - <<: *default_group

     

       22
       22
       +
               age:

     

       23
       23
       +
                 - *koumakan_ssh

creds/sops/.gitattributes

···

       1
       1
       +
       # to use, make sure `sops` is in your path and run

     

       2
       2
       +
       #  git config diff.sopsdiff.textconv "sops -d"

     

       3
       3
       +
       *.yaml diff=sopsdiff

+42

creds/sops/koumakan.yaml

···

       1
       1
       +
       example_key: ENC[AES256_GCM,data:oMExig==,iv:dlHKkmKBNZBM3izQyv1P/wuZyPPqutUM4pK/vANYEYY=,tag:PQVnsIQAwdbEDGDxtjTV9Q==,type:str]

     

       2
       2
       +
       synapse.yaml: ENC[AES256_GCM,data:s7ck7gkMOiC1piRtMzIt7LqxLGb42w==,iv:eIPXO9DfK5x3hdP9vLrqO9X726OjD0UXOVFxxbEHyHQ=,tag:H9KSXDrpN0B8pU3k8zyNaw==,type:str]

     

       3
       3
       +
       sops:

     

       4
       4
       +
           kms: []

     

       5
       5
       +
           gcp_kms: []

     

       6
       6
       +
           azure_kv: []

     

       7
       7
       +
           hc_vault: []

     

       8
       8
       +
           age:

     

       9
       9
       +
               - recipient: age10rkyshu0lswdqyvun4cs9cekm9zt4fw5c8ssa38tn3lukgcahcvsltnqx2

     

       10
       10
       +
                 enc: |

     

       11
       11
       +
                   -----BEGIN AGE ENCRYPTED FILE-----

     

       12
       12
       +
                   YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQzlpOS9lRnpNZGJkbzV3

     

       13
       13
       +
                   ODRLT1BVcHJWL3NJM00vbC90QTVEUTZvOURZClg0aHd5YzZmdlpCalNDUEZDOW4r

     

       14
       14
       +
                   ajQ5S1NLSEMrbmVhQXpnV1IxZ1J4OVkKLS0tIHBQL2dvcmtNcUVWWXBYc2RYbFll

     

       15
       15
       +
                   YnFTRFY0TmdubElIUkdNdTU4czJPaFkK5pRl+R+yYkRb5dd4T0GfC2C/WXWU4EhM

     

       16
       16
       +
                   hTi+rg82rQBZLyp0zbBNBLOGl+dcjkJEqlBoxbcm1TShon6briQwmQ==

     

       17
       17
       +
                   -----END AGE ENCRYPTED FILE-----

     

       18
       18
       +
               - recipient: age18h7hya5terghrwawgpny28swlat2nqkdrfd4clk0svujqlz9xfusd3zeqt

     

       19
       19
       +
                 enc: |

     

       20
       20
       +
                   -----BEGIN AGE ENCRYPTED FILE-----

     

       21
       21
       +
                   YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVlBBcGFUY3UzaVlnMG1w

     

       22
       22
       +
                   cSt6WDZiMThaNGtYdEY5a0VSY3U3Rm5xODNRClVLdEdWTzF5R3dYYVdMUFpDMzBo

     

       23
       23
       +
                   TWY0S0I2d2NaSFFWd0RsOTQyaWhxOUkKLS0tIGhkWWhib3Y0cEhVeUYxWWNFT3ZM

     

       24
       24
       +
                   eVdKdDN0OStLOTVZanNZcmpUdTdKRzAKqzwo11HXixF3bEWPF/G/sDhwujqZoL06

     

       25
       25
       +
                   R8uWaLzl/PLBWjcgGTwR2NwnfgusW4PwWJesM0lyK6Y/tH9epm/sXQ==

     

       26
       26
       +
                   -----END AGE ENCRYPTED FILE-----

     

       27
       27
       +
           lastmodified: "2023-09-09T06:06:55Z"

     

       28
       28
       +
           mac: ENC[AES256_GCM,data:rpmUP05t2ldtk/j0LOa2egGyyyUppfP1AQAJCjHzYmQnbCDFdLv9PB72AZXnLOU42mPZvyCsbDgAvBDrxVk3vF8mDfOtIDQgBCgGfODFCeAWoIZu6PjwBAKVMoAcmv1+jruZLlW18Y4GaqHg+sj7+oDRieNPr3JCvF1HWN7lr4c=,iv:1On6YmNHUirVozmllRJV4GAdEqk2CMo8P2Jk904St9w=,tag:o10NPIT4UetR/ThMF43GZw==,type:str]

     

       29
       29
       +
           pgp:

     

       30
       30
       +
               - created_at: "2023-09-08T14:11:19Z"

     

       31
       31
       +
                 enc: |-

     

       32
       32
       +
                   -----BEGIN PGP MESSAGE-----

     

       33
       33
       +
       

     

       34
       34
       +
                   wV4DAxCcDC4ukRQSAQdAPp7f7lEc5aKN8AMfqL++7Vb7nd8lcMpqYPFLXgAeREcw

     

       35
       35
       +
                   TQSNq/QEGQBD7ajzC0EOSrQy6cbnfkcm24RSPIe1jq3DPX0kWzzfT/z37EAb7QjD

     

       36
       36
       +
                   0lEBXLip/22Y/iP9auv27kcdm8j8/jZKAOdkjg1iJVBNhAdDDV3VE51akkSo8/7x

     

       37
       37
       +
                   pgEi2iyU9jgEp9gCw8B07eQUB7hunS5MXjz+D1E3U3ZoqdA=

     

       38
       38
       +
                   =VLNe

     

       39
       39
       +
                   -----END PGP MESSAGE-----

     

       40
       40
       +
                 fp: 8F3B277901484C6EA7E63F82D539637D518022C6

     

       41
       41
       +
           unencrypted_suffix: _unencrypted

     

       42
       42
       +
           version: 3.7.3

systems/koumakan/configuration.nix

···

       41
       41
        
           # packages = with pkgs; [];

     

       42
       42
        
         };

     

       43
       43
        
       

     

       44
       44
       +
         sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];

     

       45
       45
       +
         sops.defaultSopsFile = ../../creds/sops/koumakan.yaml;

     

       46
       46
       +
         sops.secrets."synapse.yaml" = {}; # test only

     

       47
       47
       +
       

     

       44
       48
        
         # Just don't change this :p

     

       45
       49
        
         system.stateVersion = "23.05"; # Did you read the comment?

     

       46
       50
        
       }

systems/koumakan/default.nix

···

       16
       16
        
         modules = [

     

       17
       17
        
           inputs.lanzaboote.nixosModules.lanzaboote

     

       18
       18
        
           inputs.attic.nixosModules.atticd

     

       19
       19
       +
           inputs.sops-nix.nixosModules.sops

     

       19
       20
        
       

     

       20
       21
        
           ./configuration.nix

     

       21
       22
        
         ];