This commit is contained in:
albert 2024-05-07 09:49:50 +09:00
parent 943a6de453
commit 12e9615984
Signed by: albert
GPG key ID: 3895DD267CA11BA9
5 changed files with 97 additions and 11 deletions

View file

@ -9,13 +9,14 @@ keys:
- &milan-linode-01 264f9137377eda3b95c82c86cebd6d17984b8d4e - &milan-linode-01 264f9137377eda3b95c82c86cebd6d17984b8d4e
- &piaware-rpi4 4216b645667670a6130bb95a72a56f8269cd0818 - &piaware-rpi4 4216b645667670a6130bb95a72a56f8269cd0818
- &backups-rpi4 8b37122bb46dc98c208002d65e94778ecd94bd4e - &backups-rpi4 8b37122bb46dc98c208002d65e94778ecd94bd4e
- &quitman-rpi4
- &bakersfield-rpi4 c93d5c2da5efe4ba4103c8f571faa392f202eed4 - &bakersfield-rpi4 c93d5c2da5efe4ba4103c8f571faa392f202eed4
- &quitman-rpi4
- &nixos-desktop - &nixos-desktop
- &nuc-server - &nuc-server
creation_rules: creation_rules:
# Shared:
- path_regex: secrets\/yubikey\.yaml$ - path_regex: secrets\/yubikey\.yaml$
key_groups: key_groups:
- pgp: - pgp:
@ -43,12 +44,22 @@ creation_rules:
- *framework-server - *framework-server
- *backups-rpi4 - *backups-rpi4
# Users
- path_regex: secrets\/users\/albert\.yaml$
key_groups:
- pgp:
- *albert
- *framework-server
- *nixos-framework
# Containers
- path_regex: secrets\/containers\/rdesktop\.yaml$ - path_regex: secrets\/containers\/rdesktop\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *albert - *albert
- *framework-server - *framework-server
# Machines
- path_regex: secrets\/hosts\/milan-linode-01\.yaml$ - path_regex: secrets\/hosts\/milan-linode-01\.yaml$
key_groups: key_groups:
- pgp: - pgp:

View file

@ -12,9 +12,7 @@
programs.bash.sessionVariables = { programs.bash.sessionVariables = {
# SOPS comma delimited list of GPG keys allowed to edit files # SOPS comma delimited list of GPG keys allowed to edit files
# TODO Update old key fingerprints
SOPS_PGP_FP = "4A89D6B44B7E423B647C7AE848FBC3335A26DED6"; SOPS_PGP_FP = "4A89D6B44B7E423B647C7AE848FBC3335A26DED6";
TEST = "Hello World.";
}; };
programs.fish.shellInit = '' programs.fish.shellInit = ''
@ -36,9 +34,9 @@
accounts = { accounts = {
email = { email = {
accounts."sysctl" = { accounts."Albert Copeland" = {
thunderbird.enable = true; thunderbird.enable = true;
neomutt.enable = true; # neomutt.enable = true;
userName = "albert"; userName = "albert";
primary = true; primary = true;
address = "albert@sysctl.io"; address = "albert@sysctl.io";
@ -73,4 +71,4 @@
}; };
}; };
}; };
} }

View file

@ -35,10 +35,15 @@ in {
# Used here instead of home-manager because HM randomly needs to restart sops-nix and I can't # Used here instead of home-manager because HM randomly needs to restart sops-nix and I can't
# find a way to do so # find a way to do so
sops.secrets.atuin_key = { sops.secrets.atuin_key = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = ../../../secrets/users/albert.yaml;
owner = "albert"; owner = "albert";
}; };
sops.secrets.email_password = {
sopsFile = ../../../secrets/users/albert.yaml;
owner = "albert";
};
# Make this user trusted # Make this user trusted
nix.settings.trusted-users = [ "albert" ]; nix.settings.trusted-users = [ "albert" ];
} }

View file

@ -2,15 +2,14 @@ services:
promtail: ENC[AES256_GCM,data:NULM4o3ujFnx+/NKjMRQ5bi/nFViSNPjg0bmVlBDSt/1GWwxozHqeFwbbqC+cAOGRZvd3J5daqlB95nsPaBxrw==,iv:o2hvumFBQlkBrBV6qJrt9t3TF8oLiF3dByuILCandwE=,tag:CZbx+Ls5R8yrbBQMs1uewg==,type:str] promtail: ENC[AES256_GCM,data:NULM4o3ujFnx+/NKjMRQ5bi/nFViSNPjg0bmVlBDSt/1GWwxozHqeFwbbqC+cAOGRZvd3J5daqlB95nsPaBxrw==,iv:o2hvumFBQlkBrBV6qJrt9t3TF8oLiF3dByuILCandwE=,tag:CZbx+Ls5R8yrbBQMs1uewg==,type:str]
telegraf: ENC[AES256_GCM,data:o8zXVQ42vV4dDg3rljBE5xmSRQDorj6/CCtzbo6gr+fxnF37MPpH+0MJfQrZEzY=,iv:z2gotp149hfl0mWBhiWWbNtU8v+L6gdv5EqkqgwF9s8=,tag:hkmtMds+iQ97pYwU9QubpQ==,type:str] telegraf: ENC[AES256_GCM,data:o8zXVQ42vV4dDg3rljBE5xmSRQDorj6/CCtzbo6gr+fxnF37MPpH+0MJfQrZEzY=,iv:z2gotp149hfl0mWBhiWWbNtU8v+L6gdv5EqkqgwF9s8=,tag:hkmtMds+iQ97pYwU9QubpQ==,type:str]
forgejo_token: ENC[AES256_GCM,data:vAH8v82+WI/P0HhtLDfrK66B3u2H49XA1AglfL1LthM6Dm+znBlx4QaFmNk3ag==,iv:/jqtUejqNC9f9kXdUqxl1+LaxKsjXSZdU+I0u+ssmdQ=,tag:+2oWh6sgc7R1PXYxIz3oVQ==,type:str] forgejo_token: ENC[AES256_GCM,data:vAH8v82+WI/P0HhtLDfrK66B3u2H49XA1AglfL1LthM6Dm+znBlx4QaFmNk3ag==,iv:/jqtUejqNC9f9kXdUqxl1+LaxKsjXSZdU+I0u+ssmdQ=,tag:+2oWh6sgc7R1PXYxIz3oVQ==,type:str]
atuin_key: ENC[AES256_GCM,data:pSRdTZG59hGKvG2zj0VU9oudugW7q3qz7JfN0r5Zts6DKB1sTszWKRKTODGdhKsoBs3WIWUfJbi7MixRk7ttrJDySWyFZMPYUDgn3g==,iv:B6/DN/akNliFVAhN4Hwk2BvwVStcbtRHRZi/SUkIEzY=,tag:kOwmgKaCQrGupJBiEWiC0g==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2024-05-05T07:52:02Z" lastmodified: "2024-05-07T00:20:01Z"
mac: ENC[AES256_GCM,data:xe5E4B0nIyAAEs7dJVlJOFiuC/xM8RCZ8/Gxj5C+kgcVRMqiL+UoaXMb6N4c5hAJDSbbF6SwDwqTy+bmZu7aV0NSoClICJl/zuyc1jPQrIFf/8GUWDe654mqSmsOijXPsNvPWWC+h2QDSEcut8fe1WQag6RA61ri4fL4ih4VukA=,iv:966NPVYUEdBspI7WhvutngvRs5SgwI+wyDVhldG9IqA=,tag:Pvmeir7NCw8mbN9rtoYsDg==,type:str] mac: ENC[AES256_GCM,data:OPgvDyOnPNWzvVWsuAi0F/c95i0LXoK2ohPpDZnbbzSKin+pFhI2uWNSfGBr8ZLb31jlNcAATVNxcYEoqd8jHT1u45Bt0gEP4QQ+K/mkswcRI/5NbjLPAgkFrPDeLe6BlL1jwVRGWC/0+CGRfDJk4gmA1IOvxG+DZBfL3N74U1E=,iv:5/wlHM/UT8LGiksN6IlUlwI/13NoN6f/1ZJwkWRjuh4=,tag:DE/i/lvhAoP2ZHqRNInETg==,type:str]
pgp: pgp:
- created_at: "2024-05-06T12:29:59Z" - created_at: "2024-05-06T12:29:59Z"
enc: |- enc: |-

73
secrets/users/albert.yaml Normal file
View file

@ -0,0 +1,73 @@
email_password: ENC[AES256_GCM,data:8gSaWe8MVQzd2cm+bqWI0jKhHzWLBe16gXj7+Ymxxj7Yq6eGwYeR+/Pgr5MdYL/Bw8GHZiM6lFticfFBGZcu9ar7tnDjLoI10EuflyvJkxc6pH1cFm4lvI9Y39j3Fc7TOf9EpX5NS74wTyiqAt4jC+sx1p+Uq3mbv6QZzMsI4Qo=,iv:SCpuPI5pd+wnKLrqTwlJkJsnPuOF0l6M92YtsdrwzxA=,tag:kTfu+JfqVIRCzwQhP/7eng==,type:str]
atuin_key: ENC[AES256_GCM,data:0qgmIwr+iTtsZC/XRmvqalz+dtF6QlfewCsWliiKLQnrYMDwQDtTi/x9a+mravCUfU/lMrW+uGP/S9+SaFqhivCR04+lhebVzudhSQ==,iv:noX6V2Cqm1yBL5IKIJkHW3sw9ztlOnxCGWoNIaUizEw=,tag:pb/kyV5KGUv8RjsnaZ5l8w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-05-07T00:20:08Z"
mac: ENC[AES256_GCM,data:vnh6/A6wZxUMERGnlgUAIcv8x6VkMI/Ez1put16FcB71FSrYdcGFsJzFKZzqsZtFG0pubiCL83i2bp40lip6hhBeILmJ4TDUwtHBnHZ40l0nP3F0rAItIKQSaXFW2VLkTZbhqghSyVTywEZQ61Pr7B8/wJILmvDJc4+hfRSnBis=,iv:Afq67eyLjcJzvJchdBSLJKdeiFbmcOKpJd+fWVz6u+4=,tag:A81AbLm6ohXl0h6Q9vDkCA==,type:str]
pgp:
- created_at: "2024-05-06T23:23:42Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ/9HSTn5/q6LBHkzcn+3CchpE54jWgrK9GT/iV7Mnucawr0
F6Cx23kK/E41v/MXE8GuBTmwHSIRBsP3d+PTtunc9eI7V0Whd376fIr1l6ImnynP
Yy9GmzIYYYAH7naII2GDsagLgf4iCxwOM13TxtqCrTOMBjNJAR6Ztrg9ynZmfE/E
KHScZW/n9TnMXpOUuwlUWUNFiX39Oj+w6zHeyfZ5gGth3zoSCMY9hAVVnogp9i7H
7XfoQkqtKgOufg/TgLknX7ooJg65gT1SZz5/nxOdKcUD/yAAE03YmGictIp4FybU
HtVn9IPtQ5n0Z5EhLY0KOOH+BD/JeqKiXEW6jLgwfPC8Q4BD73sLQpE22MdbAWCa
NPNaLvZduohzDFMClgAI3itq6hYRaG76nTDAaRDUQDET7y1Wl8LL2NnEFcljNhR1
wawsLbDqVjTisBRf1OA6l+Xz3OLCFxv2sYMHGSxO3oTUDO29sFdfdczQxasuQyvr
vdLqoj59YskAE2lVgE/qMCEqOeZ7UQno+H5YEaYSzrReR3kRxMGneiH5+XCwAaa8
0Q/GJ10uMAbo78jcPC0iC+8/uO246a++IZs8p5j0sjPwRwJ4iQxEpcTQislQpNv/
tEtzqJ4YBc+Zdm/QdyNan7a65yUpUzzOnIJnYugK2awpwAr/2IaqHWTXli3lwuzS
XAEeBkoXUR3Oy5UEik8BqP3b7VKgI4GSUpskKUdG+vP+JUVSX0P0+aEOt1E9HhVi
EPJMrgZZmBREWb9kuS5waAEPY9vd8lPcMzAUBiK+MHriXW0jz2e+3B8YZscw
=wAg4
-----END PGP MESSAGE-----
fp: 4A89D6B44B7E423B647C7AE848FBC3335A26DED6
- created_at: "2024-05-06T23:23:42Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ//W+vqkVQrorKz1ahXVHeBzoqPBE+C0gbE8VX+pBX5/ELI
nL5AH9aWN1+oEU25TaYdSli/D5OFGr6M6QfKWDb/6RKYs7lX+/MZW9B+GL0OkD6Q
yLRacMnWwxuX3Ek1tvgCWnrtXoPFEPPFy6uBLpjG8dtbZJbghBC4l8UTiVlQLnuW
R83jOuASvv9VI97SWwYoYhSmfzveN8r01uVBi7opeBim1GH2lU4TmnvbccYRDrUH
amCgkPlXYfCdgw4ss3HhfqFAd7+qhXOHBUjwbJ25APH33m7ujOsiszLx4midQbyt
FDakG8bXXNtPs4vIXYTNXTj3deCoa40wkvg6Lb3iekFh4d2vI9j/4CUadrj8GCTG
dEFva1UgoUyHjQdEvwFxWbseZiOonDvTDw7uY2ov+pW+Zf5V6hU8joxXDesNXI9B
s+vcDzKBOmFIv23yWLO8Mc5q6oezp6KZ55H1ZMk38Nk2rQoWO/diLil3sGcTKD/B
c3MtF3iuub/qylWacGAy/o+cE5Gf0DBE124mGFFAco0EBtV/GCY9KXxAHWKAi2Hd
/G+Ns+oCW0+hO19+mqGwPNSIsBLxpmE/Yg2TrCpe6ljDxk9VO1R+o+C24nr8xNvP
xoZDsNhbpn3yB7MyHqmZo7q/pQW3JTCtEP1C5aoYVxye01RGewvlypJTmYCGKC/S
VgFejuQp2VVgly6FX6114HdqCa1pbjNZcFe1655njMvdHsVJwOnsQ74iMQaWUxAE
xieFjRAw943FMlTEdLlJy8SGJU2M3svrKEfJOx7v8P8CmIqnY6iT
=t+mE
-----END PGP MESSAGE-----
fp: dfd3a496aba156fa521e82ada77d68dc727cf52b
- created_at: "2024-05-06T23:23:42Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ//SPuNaZEJImK4AoAIr5Bj8bjOPDlJvGCsO51ktbQKSNN/
eOwYEzh8KksN5A+RVltaV67DOg7EL4lwQhplsBEewt2EdY4AfG2zZBuL0yb9HrPX
BXBj5g0AMfGVdiIibXBNNlB3zkEVieTyfPZrmlO4jb0g3Xkbtp61caZ47WWaQbiT
yg2GrvkkzA6FcOSbOdDVbjTKavJ3G3d9n1hXSM9h1ui1onOLlkRUznri/maZS3wd
03odq3u8dtLeJgEkF12N14wRhSltgdDTdpclDdOSuTjMmATrupM2Mdvnc5I9wraO
si6I19tsvDEZi/lzG+GuOPNjPoLwVqzMM2pC+0S8DMsC2x23EUWMPRR21shy+wDH
3nTBimbaFCjwLObZeWm5SdkiME15m0cxZxHNoz6VgKKaCnUafx4eVzeFmK7vWETh
ghXvxWePrbfrHv1f2ToBKr/3NMA/wTypM95IameFuhYt95XnM0PiF3NmBvmIGXJn
WJNAjIubnw9WQgCkww/LP88O0CWNX1FJHL8Mk1H7DX0f83WBnGA0WLBFQ12k95DL
slR320I7Hnx0m/PIcJJ/NonNYdChHGx9sO/+aEvx1sI6k8dyS193EKZ6Gt+JGgua
yJqB4MoLBIVvOYvCRFjGIIuhZIPWyjXRGU1dW/k3INTiu4fjHCKv6ZbBwo9A5L7S
VgFRvbshQMnZvZrPqcG/J0/ITEbXKdOCnbfIBu3Ip7mAqn7Bhd48kxT7kv6KGeO8
ede0aYSSzYYp3ouxbl73rUyaUmiLXo75/6dZ7Tw0oeWi2PFLtsS4
=I6BQ
-----END PGP MESSAGE-----
fp: aaec681e4fb9dcdd15d0d367a86615d17653d819
unencrypted_suffix: _unencrypted
version: 3.8.1