try to add secrets

This commit is contained in:
xinyangli 2023-04-19 14:16:39 +08:00
parent 9dd2c42726
commit 71b20209b2
4 changed files with 19 additions and 3 deletions

View file

@ -7,6 +7,11 @@ creation_rules:
- age: - age:
- *xin - *xin
- *host-laptop - *host-laptop
- path_regex: machines/laptop/secrets.yaml
key_groups:
- age:
- *xin
- *host-laptop
- path_regex: secrets/common/[^/]+\.yaml$ - path_regex: secrets/common/[^/]+\.yaml$
kay_groups: kay_groups:
- age: - age:

View file

@ -13,6 +13,7 @@
../vscode.nix ../vscode.nix
# ../dnscrypt.nix # ../dnscrypt.nix
./secret.nix ./secret.nix
../sops.nix
]; ];
# Bootloader. # Bootloader.
@ -33,6 +34,14 @@
resolvconf.useLocalResolver = true; resolvconf.useLocalResolver = true;
}; };
sops = {
defaultSopsFile = ./secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
age.keyFile = "/var/lib/sops-nix/keys.txt";
age.generateKey = true;
};
# Setup wireguard # Setup wireguard
# Set your time zone. # Set your time zone.
time.timeZone = "Asia/Shanghai"; time.timeZone = "Asia/Shanghai";
@ -270,7 +279,7 @@
# Open ports in the firewall. # Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; networking.firewall.allowedUDPPorts = [ 41641 ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; # networking.firewall.enable = false;

View file

@ -23,8 +23,8 @@ sops:
eXNvMElBbnkxaEVJZ1hRZnZDUmp0WE0KmjdpdtWkxNgwcm3GuGAhO2p8rH/UyGSW eXNvMElBbnkxaEVJZ1hRZnZDUmp0WE0KmjdpdtWkxNgwcm3GuGAhO2p8rH/UyGSW
iJMXAD/FIbbB9e50oSVixg5PFZuqL6ryxFDrj8UgUZozBVXFrlZfBw== iJMXAD/FIbbB9e50oSVixg5PFZuqL6ryxFDrj8UgUZozBVXFrlZfBw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-12T14:46:17Z" lastmodified: "2023-04-16T05:37:57Z"
mac: ENC[AES256_GCM,data:2OxHuP8xjwuS999XylcyAXEOhJJY2OGcPbYzE5/9GJZVOv/C5FWV1zRhdauByTcODjUeUYx3n0N4VsT7PlPBLTnKGuW7K9n2Dou0PsPxTOy/NgtUpB4cmpIr/Kflf7uTHTahzRMT5lRmZOA0Z7HggiAYq1fSAo+uRfldkQtk5R0=,iv:t8Oyqrl3XWtgh8IbZzjEyXWRmudLgOeZQgIsFjQBODI=,tag:n0yZMiR1htdYwld3LarK3Q==,type:str] mac: ENC[AES256_GCM,data:XX17bbc+hGPcsfg7t3S93X22fpydT0N+P8DTpLB4SkVi9anRbNTrldJkIxKNuN3LXKZmdON/BO6x4TMe+wh45yAW1Ds8OD6VTr6IdXYIvvYC5IKt27qd30Cqbed0Q4LSq9mZ97YiRCyxVsNSf+n4rJV+Ufc24LS35Kb3qR5Pia8=,iv:T5BPf9fCLroreDqHGBrWyI1fFYNTWtYx557AnMReQnU=,tag:8qC/yN/erx4mDDO949oppA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3

2
machines/sops.nix Normal file
View file

@ -0,0 +1,2 @@
{
}