update
This commit is contained in:
parent
943a6de453
commit
12e9615984
5 changed files with 97 additions and 11 deletions
15
.sops.yaml
15
.sops.yaml
|
@ -9,13 +9,14 @@ keys:
|
|||
- &milan-linode-01 264f9137377eda3b95c82c86cebd6d17984b8d4e
|
||||
- &piaware-rpi4 4216b645667670a6130bb95a72a56f8269cd0818
|
||||
- &backups-rpi4 8b37122bb46dc98c208002d65e94778ecd94bd4e
|
||||
- &quitman-rpi4
|
||||
- &bakersfield-rpi4 c93d5c2da5efe4ba4103c8f571faa392f202eed4
|
||||
- &quitman-rpi4
|
||||
- &nixos-desktop
|
||||
- &nuc-server
|
||||
|
||||
creation_rules:
|
||||
|
||||
|
||||
# Shared:
|
||||
- path_regex: secrets\/yubikey\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
|
@ -43,12 +44,22 @@ creation_rules:
|
|||
- *framework-server
|
||||
- *backups-rpi4
|
||||
|
||||
# Users
|
||||
- path_regex: secrets\/users\/albert\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *albert
|
||||
- *framework-server
|
||||
- *nixos-framework
|
||||
|
||||
# Containers
|
||||
- path_regex: secrets\/containers\/rdesktop\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *albert
|
||||
- *framework-server
|
||||
|
||||
# Machines
|
||||
- path_regex: secrets\/hosts\/milan-linode-01\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
|
|
|
@ -12,9 +12,7 @@
|
|||
|
||||
programs.bash.sessionVariables = {
|
||||
# SOPS comma delimited list of GPG keys allowed to edit files
|
||||
# TODO Update old key fingerprints
|
||||
SOPS_PGP_FP = "4A89D6B44B7E423B647C7AE848FBC3335A26DED6";
|
||||
TEST = "Hello World.";
|
||||
};
|
||||
|
||||
programs.fish.shellInit = ''
|
||||
|
@ -36,9 +34,9 @@
|
|||
|
||||
accounts = {
|
||||
email = {
|
||||
accounts."sysctl" = {
|
||||
accounts."Albert Copeland" = {
|
||||
thunderbird.enable = true;
|
||||
neomutt.enable = true;
|
||||
# neomutt.enable = true;
|
||||
userName = "albert";
|
||||
primary = true;
|
||||
address = "albert@sysctl.io";
|
||||
|
@ -73,4 +71,4 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
}
|
||||
|
|
|
@ -35,10 +35,15 @@ in {
|
|||
# Used here instead of home-manager because HM randomly needs to restart sops-nix and I can't
|
||||
# find a way to do so
|
||||
sops.secrets.atuin_key = {
|
||||
sopsFile = ../../../secrets/secrets.yaml;
|
||||
sopsFile = ../../../secrets/users/albert.yaml;
|
||||
owner = "albert";
|
||||
};
|
||||
|
||||
sops.secrets.email_password = {
|
||||
sopsFile = ../../../secrets/users/albert.yaml;
|
||||
owner = "albert";
|
||||
};
|
||||
|
||||
# Make this user trusted
|
||||
nix.settings.trusted-users = [ "albert" ];
|
||||
}
|
||||
|
|
|
@ -2,15 +2,14 @@ services:
|
|||
promtail: ENC[AES256_GCM,data:NULM4o3ujFnx+/NKjMRQ5bi/nFViSNPjg0bmVlBDSt/1GWwxozHqeFwbbqC+cAOGRZvd3J5daqlB95nsPaBxrw==,iv:o2hvumFBQlkBrBV6qJrt9t3TF8oLiF3dByuILCandwE=,tag:CZbx+Ls5R8yrbBQMs1uewg==,type:str]
|
||||
telegraf: ENC[AES256_GCM,data:o8zXVQ42vV4dDg3rljBE5xmSRQDorj6/CCtzbo6gr+fxnF37MPpH+0MJfQrZEzY=,iv:z2gotp149hfl0mWBhiWWbNtU8v+L6gdv5EqkqgwF9s8=,tag:hkmtMds+iQ97pYwU9QubpQ==,type:str]
|
||||
forgejo_token: ENC[AES256_GCM,data:vAH8v82+WI/P0HhtLDfrK66B3u2H49XA1AglfL1LthM6Dm+znBlx4QaFmNk3ag==,iv:/jqtUejqNC9f9kXdUqxl1+LaxKsjXSZdU+I0u+ssmdQ=,tag:+2oWh6sgc7R1PXYxIz3oVQ==,type:str]
|
||||
atuin_key: ENC[AES256_GCM,data:pSRdTZG59hGKvG2zj0VU9oudugW7q3qz7JfN0r5Zts6DKB1sTszWKRKTODGdhKsoBs3WIWUfJbi7MixRk7ttrJDySWyFZMPYUDgn3g==,iv:B6/DN/akNliFVAhN4Hwk2BvwVStcbtRHRZi/SUkIEzY=,tag:kOwmgKaCQrGupJBiEWiC0g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2024-05-05T07:52:02Z"
|
||||
mac: ENC[AES256_GCM,data:xe5E4B0nIyAAEs7dJVlJOFiuC/xM8RCZ8/Gxj5C+kgcVRMqiL+UoaXMb6N4c5hAJDSbbF6SwDwqTy+bmZu7aV0NSoClICJl/zuyc1jPQrIFf/8GUWDe654mqSmsOijXPsNvPWWC+h2QDSEcut8fe1WQag6RA61ri4fL4ih4VukA=,iv:966NPVYUEdBspI7WhvutngvRs5SgwI+wyDVhldG9IqA=,tag:Pvmeir7NCw8mbN9rtoYsDg==,type:str]
|
||||
lastmodified: "2024-05-07T00:20:01Z"
|
||||
mac: ENC[AES256_GCM,data:OPgvDyOnPNWzvVWsuAi0F/c95i0LXoK2ohPpDZnbbzSKin+pFhI2uWNSfGBr8ZLb31jlNcAATVNxcYEoqd8jHT1u45Bt0gEP4QQ+K/mkswcRI/5NbjLPAgkFrPDeLe6BlL1jwVRGWC/0+CGRfDJk4gmA1IOvxG+DZBfL3N74U1E=,iv:5/wlHM/UT8LGiksN6IlUlwI/13NoN6f/1ZJwkWRjuh4=,tag:DE/i/lvhAoP2ZHqRNInETg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-05-06T12:29:59Z"
|
||||
enc: |-
|
||||
|
|
73
secrets/users/albert.yaml
Normal file
73
secrets/users/albert.yaml
Normal file
|
@ -0,0 +1,73 @@
|
|||
email_password: ENC[AES256_GCM,data:8gSaWe8MVQzd2cm+bqWI0jKhHzWLBe16gXj7+Ymxxj7Yq6eGwYeR+/Pgr5MdYL/Bw8GHZiM6lFticfFBGZcu9ar7tnDjLoI10EuflyvJkxc6pH1cFm4lvI9Y39j3Fc7TOf9EpX5NS74wTyiqAt4jC+sx1p+Uq3mbv6QZzMsI4Qo=,iv:SCpuPI5pd+wnKLrqTwlJkJsnPuOF0l6M92YtsdrwzxA=,tag:kTfu+JfqVIRCzwQhP/7eng==,type:str]
|
||||
atuin_key: ENC[AES256_GCM,data:0qgmIwr+iTtsZC/XRmvqalz+dtF6QlfewCsWliiKLQnrYMDwQDtTi/x9a+mravCUfU/lMrW+uGP/S9+SaFqhivCR04+lhebVzudhSQ==,iv:noX6V2Cqm1yBL5IKIJkHW3sw9ztlOnxCGWoNIaUizEw=,tag:pb/kyV5KGUv8RjsnaZ5l8w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2024-05-07T00:20:08Z"
|
||||
mac: ENC[AES256_GCM,data:vnh6/A6wZxUMERGnlgUAIcv8x6VkMI/Ez1put16FcB71FSrYdcGFsJzFKZzqsZtFG0pubiCL83i2bp40lip6hhBeILmJ4TDUwtHBnHZ40l0nP3F0rAItIKQSaXFW2VLkTZbhqghSyVTywEZQ61Pr7B8/wJILmvDJc4+hfRSnBis=,iv:Afq67eyLjcJzvJchdBSLJKdeiFbmcOKpJd+fWVz6u+4=,tag:A81AbLm6ohXl0h6Q9vDkCA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-05-06T23:23:42Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwAAAAAAAAAAAQ/9HSTn5/q6LBHkzcn+3CchpE54jWgrK9GT/iV7Mnucawr0
|
||||
F6Cx23kK/E41v/MXE8GuBTmwHSIRBsP3d+PTtunc9eI7V0Whd376fIr1l6ImnynP
|
||||
Yy9GmzIYYYAH7naII2GDsagLgf4iCxwOM13TxtqCrTOMBjNJAR6Ztrg9ynZmfE/E
|
||||
KHScZW/n9TnMXpOUuwlUWUNFiX39Oj+w6zHeyfZ5gGth3zoSCMY9hAVVnogp9i7H
|
||||
7XfoQkqtKgOufg/TgLknX7ooJg65gT1SZz5/nxOdKcUD/yAAE03YmGictIp4FybU
|
||||
HtVn9IPtQ5n0Z5EhLY0KOOH+BD/JeqKiXEW6jLgwfPC8Q4BD73sLQpE22MdbAWCa
|
||||
NPNaLvZduohzDFMClgAI3itq6hYRaG76nTDAaRDUQDET7y1Wl8LL2NnEFcljNhR1
|
||||
wawsLbDqVjTisBRf1OA6l+Xz3OLCFxv2sYMHGSxO3oTUDO29sFdfdczQxasuQyvr
|
||||
vdLqoj59YskAE2lVgE/qMCEqOeZ7UQno+H5YEaYSzrReR3kRxMGneiH5+XCwAaa8
|
||||
0Q/GJ10uMAbo78jcPC0iC+8/uO246a++IZs8p5j0sjPwRwJ4iQxEpcTQislQpNv/
|
||||
tEtzqJ4YBc+Zdm/QdyNan7a65yUpUzzOnIJnYugK2awpwAr/2IaqHWTXli3lwuzS
|
||||
XAEeBkoXUR3Oy5UEik8BqP3b7VKgI4GSUpskKUdG+vP+JUVSX0P0+aEOt1E9HhVi
|
||||
EPJMrgZZmBREWb9kuS5waAEPY9vd8lPcMzAUBiK+MHriXW0jz2e+3B8YZscw
|
||||
=wAg4
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4A89D6B44B7E423B647C7AE848FBC3335A26DED6
|
||||
- created_at: "2024-05-06T23:23:42Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwAAAAAAAAAAAQ//W+vqkVQrorKz1ahXVHeBzoqPBE+C0gbE8VX+pBX5/ELI
|
||||
nL5AH9aWN1+oEU25TaYdSli/D5OFGr6M6QfKWDb/6RKYs7lX+/MZW9B+GL0OkD6Q
|
||||
yLRacMnWwxuX3Ek1tvgCWnrtXoPFEPPFy6uBLpjG8dtbZJbghBC4l8UTiVlQLnuW
|
||||
R83jOuASvv9VI97SWwYoYhSmfzveN8r01uVBi7opeBim1GH2lU4TmnvbccYRDrUH
|
||||
amCgkPlXYfCdgw4ss3HhfqFAd7+qhXOHBUjwbJ25APH33m7ujOsiszLx4midQbyt
|
||||
FDakG8bXXNtPs4vIXYTNXTj3deCoa40wkvg6Lb3iekFh4d2vI9j/4CUadrj8GCTG
|
||||
dEFva1UgoUyHjQdEvwFxWbseZiOonDvTDw7uY2ov+pW+Zf5V6hU8joxXDesNXI9B
|
||||
s+vcDzKBOmFIv23yWLO8Mc5q6oezp6KZ55H1ZMk38Nk2rQoWO/diLil3sGcTKD/B
|
||||
c3MtF3iuub/qylWacGAy/o+cE5Gf0DBE124mGFFAco0EBtV/GCY9KXxAHWKAi2Hd
|
||||
/G+Ns+oCW0+hO19+mqGwPNSIsBLxpmE/Yg2TrCpe6ljDxk9VO1R+o+C24nr8xNvP
|
||||
xoZDsNhbpn3yB7MyHqmZo7q/pQW3JTCtEP1C5aoYVxye01RGewvlypJTmYCGKC/S
|
||||
VgFejuQp2VVgly6FX6114HdqCa1pbjNZcFe1655njMvdHsVJwOnsQ74iMQaWUxAE
|
||||
xieFjRAw943FMlTEdLlJy8SGJU2M3svrKEfJOx7v8P8CmIqnY6iT
|
||||
=t+mE
|
||||
-----END PGP MESSAGE-----
|
||||
fp: dfd3a496aba156fa521e82ada77d68dc727cf52b
|
||||
- created_at: "2024-05-06T23:23:42Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwAAAAAAAAAAAQ//SPuNaZEJImK4AoAIr5Bj8bjOPDlJvGCsO51ktbQKSNN/
|
||||
eOwYEzh8KksN5A+RVltaV67DOg7EL4lwQhplsBEewt2EdY4AfG2zZBuL0yb9HrPX
|
||||
BXBj5g0AMfGVdiIibXBNNlB3zkEVieTyfPZrmlO4jb0g3Xkbtp61caZ47WWaQbiT
|
||||
yg2GrvkkzA6FcOSbOdDVbjTKavJ3G3d9n1hXSM9h1ui1onOLlkRUznri/maZS3wd
|
||||
03odq3u8dtLeJgEkF12N14wRhSltgdDTdpclDdOSuTjMmATrupM2Mdvnc5I9wraO
|
||||
si6I19tsvDEZi/lzG+GuOPNjPoLwVqzMM2pC+0S8DMsC2x23EUWMPRR21shy+wDH
|
||||
3nTBimbaFCjwLObZeWm5SdkiME15m0cxZxHNoz6VgKKaCnUafx4eVzeFmK7vWETh
|
||||
ghXvxWePrbfrHv1f2ToBKr/3NMA/wTypM95IameFuhYt95XnM0PiF3NmBvmIGXJn
|
||||
WJNAjIubnw9WQgCkww/LP88O0CWNX1FJHL8Mk1H7DX0f83WBnGA0WLBFQ12k95DL
|
||||
slR320I7Hnx0m/PIcJJ/NonNYdChHGx9sO/+aEvx1sI6k8dyS193EKZ6Gt+JGgua
|
||||
yJqB4MoLBIVvOYvCRFjGIIuhZIPWyjXRGU1dW/k3INTiu4fjHCKv6ZbBwo9A5L7S
|
||||
VgFRvbshQMnZvZrPqcG/J0/ITEbXKdOCnbfIBu3Ip7mAqn7Bhd48kxT7kv6KGeO8
|
||||
ede0aYSSzYYp3ouxbl73rUyaUmiLXo75/6dZ7Tw0oeWi2PFLtsS4
|
||||
=I6BQ
|
||||
-----END PGP MESSAGE-----
|
||||
fp: aaec681e4fb9dcdd15d0d367a86615d17653d819
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
Loading…
Reference in a new issue