reorganize secrets

2025-01-19 20:46:38 +01:00 · 2025-01-19 20:46:38 +01:00 · 76e043171c
commit 76e043171c
parent 42128ebbe1
14 changed files with 49 additions and 58 deletions
--- a/hosts/minime/default.nix
+++ b/hosts/minime/default.nix
@ -1,10 +1,18 @@
-{ ... }:
+{ config, ... }:
 {
  imports = [
    ./configuration.nix
    ./hardware-configuration.nix
    ./networking
-    ./secrets.nix
    ./zfs.nix
  ];
+
+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  sops.secrets = {
+    "wg/0xa-mgmt" = {
+      owner = config.users.users.systemd-network.name;
+    };
+  };
 }
--- a/hosts/minime/secrets.nix
+++ b/hosts/minime/secrets.nix
@ -1,11 +0,0 @@
-{ config, ... }:
-{
-  sops.defaultSopsFile = ../../secrets/minime/secrets.yaml;
-  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-
-  sops.secrets = {
-    "wg/0xa-mgmt" = {
-      owner = config.users.users.systemd-network.name;
-    };
-  };
-}
--- a/hosts/minime/secrets.yaml
+++ b/hosts/minime/secrets.yaml
@ -0,0 +1,42 @@
+wg:
+    0xa-mgmt: ENC[AES256_GCM,data:ki7/S+BA3vXtv9FcHcfLvcLW7Gm8/88RiIeHUryrJHdRo3MeGAa/sFGSPp8=,iv:bsfjP2Le69u4MMA3ZzWJL0chmg9OD0hjSLRgdse1aJo=,tag:l6NNLzdpaKeX1/R52phaGw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1chq5k0t38882rtyljez8cwmvtcstu4tafzvveuhjrujvsqk72f9s9guc06
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKUTdwRzk4anJPTTMvOFk3
+            MXBTQTdLTTVXcklPL1VHeERrTTZTQUVNeTB3ClFWWmt1dy84VUhaSWlOcnBDZ1VU
+            STNKbVZTRVcrWC94WWtrV0ppL2ZDSVkKLS0tIDRxT0twSHUxN1dvcUJPb1F2aXBv
+            Y1hHaWlQVzdnbjlHeEgxTjdMNkpSM2sK41qX3+ggD5PSm4lR8kka3roYmiLco/55
+            HIHxHZhw1K+FaHGy2DxeGmXi8gnVSA5oyihqvAn7PDPi/L3sB0dLuQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-11T01:29:33Z"
+    mac: ENC[AES256_GCM,data:h7PY7X5uIykwnnocTU/cUQrZB0cRUgjY0cG6XeQelwZXPcPUDalptT0uim/E9xs9cUV2OepMYu+Wf1+YoRNHjsl5GZ6SgY8KxlJM6P37VY5h0L5a6HXTIJnr1Z5KeMZgh0c8kXBQNsn0YTWGI0OcFlpLlWsDNtJlupqlVbK82qo=,iv:P8TDZOJnVNK7ETD1pbJMrtGnDfSH52o9/dUVRIV/Yzc=,tag:lGD0h7am7rumn3PvRoWhdA==,type:str]
+    pgp:
+        - created_at: "2025-01-11T01:27:13Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA7zUOKwzpAE7AQ/8CuvFPV+eO0SG3zNZLsy/DNeqLDnMRJen/qOwXspjCSzI
+            mwl3Npdp1d9sX1MJYUvMZDby/EArrIs2MSkk9iAKLPTHf14ZxJfYTYbhRUn/SNuK
+            JJBj/hEL4GoOFNkEjUC53ywSpplP6TO+q7k48kYzPXuCA2EMBz2MHRbeiTdztRJv
+            r1dhpwNGwvcAWNLbEeqOgceYpQ6F3ou+FDI8W7873LMoUAXinN6I3f7XKP8ew/N4
+            8OOgvhfZOQqAaTqAaaz3ILQzrMTUzPM7cvYbtYL87OKYeezxgOmZhBmg6d62q4fD
+            lTc28GpMx0Xxycir8CImpcHL43J8b3WuYehk934tInaWH68TxvRAgvS9ZuMa1KhX
+            cVFFCwZAxnJZF0gbcE9OZCgI2VSH8u7Iys8mPwsEvUJtbDN4Qb+TpBaD+xxg6xBk
+            HGqxDeT9Lybzsn2wTxjUUfiwFZyDeYRlcU+UyGJzLQcPNvSaHWcwWKfRtBE4VNE0
+            8jwopfWE7pVYvABXC8hGLhYKT8OwIPzRWuXoDhw61XiMDnkN71afZLbpExi77lE6
+            39Wizb3KhRLbPdwPquwS2QLNIY/3gjGW1Ml4Hy0WC6S4MeCo9gOsdLJ+j7GeEA9Z
+            wtiy5LPHhYZuw81gzmDWsBvLAsPEWLHBdHsSZucaOPozMeS2VCglL6EH6liECkXS
+            XgGPtg8IY+YtmkX9maGKOz+GUsEVaQV7RhQfPxJSZrEyRb2SwEKHmuBROQFXgNdd
+            obcZeQQWizccZZO00ojD8K38MFf4m9WKePcNoV5iMvDzq2xISgFe8LW2osTf2BI=
+            =QTzx
+            -----END PGP MESSAGE-----
+          fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
+    unencrypted_suffix: _unencrypted
+    version: 3.9.2