update
This commit is contained in:
parent
943a6de453
commit
12e9615984
5 changed files with 97 additions and 11 deletions
15
.sops.yaml
15
.sops.yaml
|
@ -9,13 +9,14 @@ keys:
|
||||||
- &milan-linode-01 264f9137377eda3b95c82c86cebd6d17984b8d4e
|
- &milan-linode-01 264f9137377eda3b95c82c86cebd6d17984b8d4e
|
||||||
- &piaware-rpi4 4216b645667670a6130bb95a72a56f8269cd0818
|
- &piaware-rpi4 4216b645667670a6130bb95a72a56f8269cd0818
|
||||||
- &backups-rpi4 8b37122bb46dc98c208002d65e94778ecd94bd4e
|
- &backups-rpi4 8b37122bb46dc98c208002d65e94778ecd94bd4e
|
||||||
- &quitman-rpi4
|
|
||||||
- &bakersfield-rpi4 c93d5c2da5efe4ba4103c8f571faa392f202eed4
|
- &bakersfield-rpi4 c93d5c2da5efe4ba4103c8f571faa392f202eed4
|
||||||
|
- &quitman-rpi4
|
||||||
- &nixos-desktop
|
- &nixos-desktop
|
||||||
- &nuc-server
|
- &nuc-server
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
|
|
||||||
|
# Shared:
|
||||||
- path_regex: secrets\/yubikey\.yaml$
|
- path_regex: secrets\/yubikey\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
|
@ -43,12 +44,22 @@ creation_rules:
|
||||||
- *framework-server
|
- *framework-server
|
||||||
- *backups-rpi4
|
- *backups-rpi4
|
||||||
|
|
||||||
|
# Users
|
||||||
|
- path_regex: secrets\/users\/albert\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *albert
|
||||||
|
- *framework-server
|
||||||
|
- *nixos-framework
|
||||||
|
|
||||||
|
# Containers
|
||||||
- path_regex: secrets\/containers\/rdesktop\.yaml$
|
- path_regex: secrets\/containers\/rdesktop\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
- *albert
|
- *albert
|
||||||
- *framework-server
|
- *framework-server
|
||||||
|
|
||||||
|
# Machines
|
||||||
- path_regex: secrets\/hosts\/milan-linode-01\.yaml$
|
- path_regex: secrets\/hosts\/milan-linode-01\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
|
|
|
@ -12,9 +12,7 @@
|
||||||
|
|
||||||
programs.bash.sessionVariables = {
|
programs.bash.sessionVariables = {
|
||||||
# SOPS comma delimited list of GPG keys allowed to edit files
|
# SOPS comma delimited list of GPG keys allowed to edit files
|
||||||
# TODO Update old key fingerprints
|
|
||||||
SOPS_PGP_FP = "4A89D6B44B7E423B647C7AE848FBC3335A26DED6";
|
SOPS_PGP_FP = "4A89D6B44B7E423B647C7AE848FBC3335A26DED6";
|
||||||
TEST = "Hello World.";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.fish.shellInit = ''
|
programs.fish.shellInit = ''
|
||||||
|
@ -36,9 +34,9 @@
|
||||||
|
|
||||||
accounts = {
|
accounts = {
|
||||||
email = {
|
email = {
|
||||||
accounts."sysctl" = {
|
accounts."Albert Copeland" = {
|
||||||
thunderbird.enable = true;
|
thunderbird.enable = true;
|
||||||
neomutt.enable = true;
|
# neomutt.enable = true;
|
||||||
userName = "albert";
|
userName = "albert";
|
||||||
primary = true;
|
primary = true;
|
||||||
address = "albert@sysctl.io";
|
address = "albert@sysctl.io";
|
||||||
|
@ -73,4 +71,4 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -35,10 +35,15 @@ in {
|
||||||
# Used here instead of home-manager because HM randomly needs to restart sops-nix and I can't
|
# Used here instead of home-manager because HM randomly needs to restart sops-nix and I can't
|
||||||
# find a way to do so
|
# find a way to do so
|
||||||
sops.secrets.atuin_key = {
|
sops.secrets.atuin_key = {
|
||||||
sopsFile = ../../../secrets/secrets.yaml;
|
sopsFile = ../../../secrets/users/albert.yaml;
|
||||||
owner = "albert";
|
owner = "albert";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.secrets.email_password = {
|
||||||
|
sopsFile = ../../../secrets/users/albert.yaml;
|
||||||
|
owner = "albert";
|
||||||
|
};
|
||||||
|
|
||||||
# Make this user trusted
|
# Make this user trusted
|
||||||
nix.settings.trusted-users = [ "albert" ];
|
nix.settings.trusted-users = [ "albert" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,15 +2,14 @@ services:
|
||||||
promtail: ENC[AES256_GCM,data:NULM4o3ujFnx+/NKjMRQ5bi/nFViSNPjg0bmVlBDSt/1GWwxozHqeFwbbqC+cAOGRZvd3J5daqlB95nsPaBxrw==,iv:o2hvumFBQlkBrBV6qJrt9t3TF8oLiF3dByuILCandwE=,tag:CZbx+Ls5R8yrbBQMs1uewg==,type:str]
|
promtail: ENC[AES256_GCM,data:NULM4o3ujFnx+/NKjMRQ5bi/nFViSNPjg0bmVlBDSt/1GWwxozHqeFwbbqC+cAOGRZvd3J5daqlB95nsPaBxrw==,iv:o2hvumFBQlkBrBV6qJrt9t3TF8oLiF3dByuILCandwE=,tag:CZbx+Ls5R8yrbBQMs1uewg==,type:str]
|
||||||
telegraf: ENC[AES256_GCM,data:o8zXVQ42vV4dDg3rljBE5xmSRQDorj6/CCtzbo6gr+fxnF37MPpH+0MJfQrZEzY=,iv:z2gotp149hfl0mWBhiWWbNtU8v+L6gdv5EqkqgwF9s8=,tag:hkmtMds+iQ97pYwU9QubpQ==,type:str]
|
telegraf: ENC[AES256_GCM,data:o8zXVQ42vV4dDg3rljBE5xmSRQDorj6/CCtzbo6gr+fxnF37MPpH+0MJfQrZEzY=,iv:z2gotp149hfl0mWBhiWWbNtU8v+L6gdv5EqkqgwF9s8=,tag:hkmtMds+iQ97pYwU9QubpQ==,type:str]
|
||||||
forgejo_token: ENC[AES256_GCM,data:vAH8v82+WI/P0HhtLDfrK66B3u2H49XA1AglfL1LthM6Dm+znBlx4QaFmNk3ag==,iv:/jqtUejqNC9f9kXdUqxl1+LaxKsjXSZdU+I0u+ssmdQ=,tag:+2oWh6sgc7R1PXYxIz3oVQ==,type:str]
|
forgejo_token: ENC[AES256_GCM,data:vAH8v82+WI/P0HhtLDfrK66B3u2H49XA1AglfL1LthM6Dm+znBlx4QaFmNk3ag==,iv:/jqtUejqNC9f9kXdUqxl1+LaxKsjXSZdU+I0u+ssmdQ=,tag:+2oWh6sgc7R1PXYxIz3oVQ==,type:str]
|
||||||
atuin_key: ENC[AES256_GCM,data:pSRdTZG59hGKvG2zj0VU9oudugW7q3qz7JfN0r5Zts6DKB1sTszWKRKTODGdhKsoBs3WIWUfJbi7MixRk7ttrJDySWyFZMPYUDgn3g==,iv:B6/DN/akNliFVAhN4Hwk2BvwVStcbtRHRZi/SUkIEzY=,tag:kOwmgKaCQrGupJBiEWiC0g==,type:str]
|
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age: []
|
age: []
|
||||||
lastmodified: "2024-05-05T07:52:02Z"
|
lastmodified: "2024-05-07T00:20:01Z"
|
||||||
mac: ENC[AES256_GCM,data:xe5E4B0nIyAAEs7dJVlJOFiuC/xM8RCZ8/Gxj5C+kgcVRMqiL+UoaXMb6N4c5hAJDSbbF6SwDwqTy+bmZu7aV0NSoClICJl/zuyc1jPQrIFf/8GUWDe654mqSmsOijXPsNvPWWC+h2QDSEcut8fe1WQag6RA61ri4fL4ih4VukA=,iv:966NPVYUEdBspI7WhvutngvRs5SgwI+wyDVhldG9IqA=,tag:Pvmeir7NCw8mbN9rtoYsDg==,type:str]
|
mac: ENC[AES256_GCM,data:OPgvDyOnPNWzvVWsuAi0F/c95i0LXoK2ohPpDZnbbzSKin+pFhI2uWNSfGBr8ZLb31jlNcAATVNxcYEoqd8jHT1u45Bt0gEP4QQ+K/mkswcRI/5NbjLPAgkFrPDeLe6BlL1jwVRGWC/0+CGRfDJk4gmA1IOvxG+DZBfL3N74U1E=,iv:5/wlHM/UT8LGiksN6IlUlwI/13NoN6f/1ZJwkWRjuh4=,tag:DE/i/lvhAoP2ZHqRNInETg==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-05-06T12:29:59Z"
|
- created_at: "2024-05-06T12:29:59Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
73
secrets/users/albert.yaml
Normal file
73
secrets/users/albert.yaml
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
email_password: ENC[AES256_GCM,data:8gSaWe8MVQzd2cm+bqWI0jKhHzWLBe16gXj7+Ymxxj7Yq6eGwYeR+/Pgr5MdYL/Bw8GHZiM6lFticfFBGZcu9ar7tnDjLoI10EuflyvJkxc6pH1cFm4lvI9Y39j3Fc7TOf9EpX5NS74wTyiqAt4jC+sx1p+Uq3mbv6QZzMsI4Qo=,iv:SCpuPI5pd+wnKLrqTwlJkJsnPuOF0l6M92YtsdrwzxA=,tag:kTfu+JfqVIRCzwQhP/7eng==,type:str]
|
||||||
|
atuin_key: ENC[AES256_GCM,data:0qgmIwr+iTtsZC/XRmvqalz+dtF6QlfewCsWliiKLQnrYMDwQDtTi/x9a+mravCUfU/lMrW+uGP/S9+SaFqhivCR04+lhebVzudhSQ==,iv:noX6V2Cqm1yBL5IKIJkHW3sw9ztlOnxCGWoNIaUizEw=,tag:pb/kyV5KGUv8RjsnaZ5l8w==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2024-05-07T00:20:08Z"
|
||||||
|
mac: ENC[AES256_GCM,data:vnh6/A6wZxUMERGnlgUAIcv8x6VkMI/Ez1put16FcB71FSrYdcGFsJzFKZzqsZtFG0pubiCL83i2bp40lip6hhBeILmJ4TDUwtHBnHZ40l0nP3F0rAItIKQSaXFW2VLkTZbhqghSyVTywEZQ61Pr7B8/wJILmvDJc4+hfRSnBis=,iv:Afq67eyLjcJzvJchdBSLJKdeiFbmcOKpJd+fWVz6u+4=,tag:A81AbLm6ohXl0h6Q9vDkCA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-05-06T23:23:42Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAwAAAAAAAAAAAQ/9HSTn5/q6LBHkzcn+3CchpE54jWgrK9GT/iV7Mnucawr0
|
||||||
|
F6Cx23kK/E41v/MXE8GuBTmwHSIRBsP3d+PTtunc9eI7V0Whd376fIr1l6ImnynP
|
||||||
|
Yy9GmzIYYYAH7naII2GDsagLgf4iCxwOM13TxtqCrTOMBjNJAR6Ztrg9ynZmfE/E
|
||||||
|
KHScZW/n9TnMXpOUuwlUWUNFiX39Oj+w6zHeyfZ5gGth3zoSCMY9hAVVnogp9i7H
|
||||||
|
7XfoQkqtKgOufg/TgLknX7ooJg65gT1SZz5/nxOdKcUD/yAAE03YmGictIp4FybU
|
||||||
|
HtVn9IPtQ5n0Z5EhLY0KOOH+BD/JeqKiXEW6jLgwfPC8Q4BD73sLQpE22MdbAWCa
|
||||||
|
NPNaLvZduohzDFMClgAI3itq6hYRaG76nTDAaRDUQDET7y1Wl8LL2NnEFcljNhR1
|
||||||
|
wawsLbDqVjTisBRf1OA6l+Xz3OLCFxv2sYMHGSxO3oTUDO29sFdfdczQxasuQyvr
|
||||||
|
vdLqoj59YskAE2lVgE/qMCEqOeZ7UQno+H5YEaYSzrReR3kRxMGneiH5+XCwAaa8
|
||||||
|
0Q/GJ10uMAbo78jcPC0iC+8/uO246a++IZs8p5j0sjPwRwJ4iQxEpcTQislQpNv/
|
||||||
|
tEtzqJ4YBc+Zdm/QdyNan7a65yUpUzzOnIJnYugK2awpwAr/2IaqHWTXli3lwuzS
|
||||||
|
XAEeBkoXUR3Oy5UEik8BqP3b7VKgI4GSUpskKUdG+vP+JUVSX0P0+aEOt1E9HhVi
|
||||||
|
EPJMrgZZmBREWb9kuS5waAEPY9vd8lPcMzAUBiK+MHriXW0jz2e+3B8YZscw
|
||||||
|
=wAg4
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 4A89D6B44B7E423B647C7AE848FBC3335A26DED6
|
||||||
|
- created_at: "2024-05-06T23:23:42Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAwAAAAAAAAAAAQ//W+vqkVQrorKz1ahXVHeBzoqPBE+C0gbE8VX+pBX5/ELI
|
||||||
|
nL5AH9aWN1+oEU25TaYdSli/D5OFGr6M6QfKWDb/6RKYs7lX+/MZW9B+GL0OkD6Q
|
||||||
|
yLRacMnWwxuX3Ek1tvgCWnrtXoPFEPPFy6uBLpjG8dtbZJbghBC4l8UTiVlQLnuW
|
||||||
|
R83jOuASvv9VI97SWwYoYhSmfzveN8r01uVBi7opeBim1GH2lU4TmnvbccYRDrUH
|
||||||
|
amCgkPlXYfCdgw4ss3HhfqFAd7+qhXOHBUjwbJ25APH33m7ujOsiszLx4midQbyt
|
||||||
|
FDakG8bXXNtPs4vIXYTNXTj3deCoa40wkvg6Lb3iekFh4d2vI9j/4CUadrj8GCTG
|
||||||
|
dEFva1UgoUyHjQdEvwFxWbseZiOonDvTDw7uY2ov+pW+Zf5V6hU8joxXDesNXI9B
|
||||||
|
s+vcDzKBOmFIv23yWLO8Mc5q6oezp6KZ55H1ZMk38Nk2rQoWO/diLil3sGcTKD/B
|
||||||
|
c3MtF3iuub/qylWacGAy/o+cE5Gf0DBE124mGFFAco0EBtV/GCY9KXxAHWKAi2Hd
|
||||||
|
/G+Ns+oCW0+hO19+mqGwPNSIsBLxpmE/Yg2TrCpe6ljDxk9VO1R+o+C24nr8xNvP
|
||||||
|
xoZDsNhbpn3yB7MyHqmZo7q/pQW3JTCtEP1C5aoYVxye01RGewvlypJTmYCGKC/S
|
||||||
|
VgFejuQp2VVgly6FX6114HdqCa1pbjNZcFe1655njMvdHsVJwOnsQ74iMQaWUxAE
|
||||||
|
xieFjRAw943FMlTEdLlJy8SGJU2M3svrKEfJOx7v8P8CmIqnY6iT
|
||||||
|
=t+mE
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: dfd3a496aba156fa521e82ada77d68dc727cf52b
|
||||||
|
- created_at: "2024-05-06T23:23:42Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAwAAAAAAAAAAAQ//SPuNaZEJImK4AoAIr5Bj8bjOPDlJvGCsO51ktbQKSNN/
|
||||||
|
eOwYEzh8KksN5A+RVltaV67DOg7EL4lwQhplsBEewt2EdY4AfG2zZBuL0yb9HrPX
|
||||||
|
BXBj5g0AMfGVdiIibXBNNlB3zkEVieTyfPZrmlO4jb0g3Xkbtp61caZ47WWaQbiT
|
||||||
|
yg2GrvkkzA6FcOSbOdDVbjTKavJ3G3d9n1hXSM9h1ui1onOLlkRUznri/maZS3wd
|
||||||
|
03odq3u8dtLeJgEkF12N14wRhSltgdDTdpclDdOSuTjMmATrupM2Mdvnc5I9wraO
|
||||||
|
si6I19tsvDEZi/lzG+GuOPNjPoLwVqzMM2pC+0S8DMsC2x23EUWMPRR21shy+wDH
|
||||||
|
3nTBimbaFCjwLObZeWm5SdkiME15m0cxZxHNoz6VgKKaCnUafx4eVzeFmK7vWETh
|
||||||
|
ghXvxWePrbfrHv1f2ToBKr/3NMA/wTypM95IameFuhYt95XnM0PiF3NmBvmIGXJn
|
||||||
|
WJNAjIubnw9WQgCkww/LP88O0CWNX1FJHL8Mk1H7DX0f83WBnGA0WLBFQ12k95DL
|
||||||
|
slR320I7Hnx0m/PIcJJ/NonNYdChHGx9sO/+aEvx1sI6k8dyS193EKZ6Gt+JGgua
|
||||||
|
yJqB4MoLBIVvOYvCRFjGIIuhZIPWyjXRGU1dW/k3INTiu4fjHCKv6ZbBwo9A5L7S
|
||||||
|
VgFRvbshQMnZvZrPqcG/J0/ITEbXKdOCnbfIBu3Ip7mAqn7Bhd48kxT7kv6KGeO8
|
||||||
|
ede0aYSSzYYp3ouxbl73rUyaUmiLXo75/6dZ7Tw0oeWi2PFLtsS4
|
||||||
|
=I6BQ
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: aaec681e4fb9dcdd15d0d367a86615d17653d819
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
Loading…
Reference in a new issue