daylin/oizys
1
0
Fork 0
mirror of https://github.com/daylinmorgan/oizys.git synced 2024-12-21 21:50:43 -06:00
Code Issues Projects Releases Packages Wiki Activity

try first secret

Browse source
This commit is contained in:
Daylin Morgan 2024-11-28 17:54:36 -06:00
parent dba19e95f0
commit f29fcf634b
Signed by: daylin
GPG key ID: 950D13E9719334AD
3 changed files with 48 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
.sops.yaml Normal file
View file

@ -0,0 +1,13 @@
# This document uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
- &admin_daylin age10ft5tkswydhmassqeqzr8frpx6vc07g4rwam09rs8agvgfrsn95q9ml7u3
- &host_othalan age1t4k04mjltmmhljnwugm6y4dejtu72vv4fd4anxxfsdpkapfnfauqe765gy
creation_rules:
- path_regex: hosts/othalan/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *admin_daylin
- *host_othalan

5
hosts/othalan/default.nix
View file

@ -25,4 +25,9 @@
|> listify |> listify
|> enableAttrs |> enableAttrs
); );
sops.defaultSopsFile = ./secrets.yaml;
# This will automatically import SSH keys as age keys
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets.restic-othalan = {};
} }

30
hosts/othalan/secrets.yaml Normal file
View file

@ -0,0 +1,30 @@
restic-othalan: ENC[AES256_GCM,data:HNIya1Rp,iv:8QkDewpXoy+3ahuuaCN/HfbGOgfQQ0Ud5emD7zVPE2s=,tag:bDfumEnt20lun5hnLY+eVA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age10ft5tkswydhmassqeqzr8frpx6vc07g4rwam09rs8agvgfrsn95q9ml7u3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCK3pzZ3hXdG40L1JyK281
NDJ4WWEyWFBPeERabXpSUXYzOWMxdWJlMGdFCmQydi8rbVZCUFBzM0NUbWJlZzZ3
anV6a2FCL1BRTWg2V1RBZFJXUUNRUEkKLS0tIHIwTzl5NEdoTWRaUm9LR3I1MFph
TFJjQndHQUJZdEZsSElmY0xDMTMvc2MKCO9BP1jccmFXqLjJQyk5a1/QC69/WPaV
xl8U7gFoiOf6ZIESk/fADVtnG+thEYF1vwEMI8ClUfs+8kWgwBqoGw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1t4k04mjltmmhljnwugm6y4dejtu72vv4fd4anxxfsdpkapfnfauqe765gy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWnBYVFRKMVJPVEQ1VlAy
Y000L1lHM2JyN0oyeTFROXh6OTVlTkc5RlVBCkdqU20yeGtVcWo3cmRoQmFKVG91
d3RQazc1UTJBdWQwUEdzNkNPYXZ3SmsKLS0tIHdzd0Q0a1pPeEJqS1Rrckt6aUdt
UmE2Mk4yV21TNTF2NjBqZ0txYThRRzAKgyWCwmF4mhX8lmfslmBf2UrcFqzT8m11
AqhJsG2LRU/9/6FXOYn2rYeCIDpTkPoQ4ez7F4m/zp+RvOc2eW3g2g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-29T00:41:44Z"
mac: ENC[AES256_GCM,data:4+H5OmCCTrMrkz9sLHcdwu8EFc+iS3MUTfhLgH6crfE0QSmV87b4JKQTVtdoYnzB8f2hRS/DeAImaLs68NQ/c7raLKwKmX1Bx2htV92MEOhoEjnZ6IbpCzY9FhrtRFjjBrg/nAuMpK0ktYW3w9C/v/jq/YEnP+pabkPhsUav8GU=,iv:LtBd2nj21ZCOXmvfbCIz/lvYC4neRk7ZTnY/rbJnATU=,tag:o9K/TxIp/NLmcvpXHYPHoQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1