Testing sops

This commit is contained in:
iFargle 2023-08-15 12:29:23 +09:00
parent 530ce274cb
commit af12998913
3 changed files with 65 additions and 26 deletions

View file

@ -10,6 +10,10 @@
enable = true;
enableCompletion = true;
bashrcExtra = ''
sops-edit() {
nix-shell -p sops --run "sops $1"
}
nix-clean-all() {
nix-channel --update
nix-env -u --always

37
home-manager/shell.nix Normal file
View file

@ -0,0 +1,37 @@
# shell.nix
with import <nixpkgs> {};
let
sops-nix = builtins.fetchTarball {
url = "https://github.com/Mic92/sops-nix/archive/master.tar.gz";
};
in
mkShell {
# imports all files ending in .asc/.gpg
sopsPGPKeyDirs = [
"${toString ./.}/keys/hosts"
"${toString ./.}/keys/users"
];
# Also single files can be imported.
#sopsPGPKeys = [
# "${toString ./.}/keys/users/mic92.asc"
# "${toString ./.}/keys/hosts/server01.asc"
#];
# This hook can also import gpg keys into its own seperate
# gpg keyring instead of using the default one. This allows
# to isolate otherwise unrelated server keys from the user gpg keychain.
# By uncommenting the following lines, it will set GNUPGHOME
# to .git/gnupg.
# Storing it inside .git prevents accedentially commiting private keys.
# After setting this option you will also need to import your own
# private key into keyring, i.e. using a a command like this
# (replacing 0000000000000000000000000000000000000000 with your fingerprint)
# $ (unset GNUPGHOME; gpg --armor --export-secret-key 0000000000000000000000000000000000000000) | gpg --import
#sopsCreateGPGHome = true;
# To use a different directory for gpg dirs set sopsGPGHome
#sopsGPGHome = "${toString ./.}/../gnupg";
nativeBuildInputs = [
(pkgs.callPackage sops-nix {}).sops-import-keys-hook
];
}

View file

@ -1,30 +1,28 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: A20F 7BD3 9673 AEA2 E929 3E35 4E71 A215 3513 42A6
Comment: nixos-laptop
xsFNBAAAAAABEADOHuEyjp0I7RgvVmmijYMW1DS6+sGpfIZH9Emte2nQ4RmzJ4hy
lN6ib8/FN2ywkl0pYhXIcAimuyqI48nV+f16ckjKNpZZH/0xgRYhmARen/behOeH
BTUyaY44Of/hzOFaIceQfXy8oRpFd6tnhzeHrMFu56bnAbbcCdQYCqtgcS37v4tv
cdXZPgcQeRNUC74ml+jO/rNxpxHW8waSI0qr6+UbQ7pe9PzVZVuBdPGjwHCM3O8S
gytAKyIMSfSa0lej43FESUrdjxsuAtOsJPjibeoAC4nas+oagq8DpYnhRkx0kbvY
P8s/FRty1yFw3Fke4QHX1TTDXU4rffayu9koYsdCpxGljOn/8IiuXcQWAf/cQIcq
nI4DAh3mIQWa7O2xnHw2K3iRxBxz7MhtyqR+yK7uRi2QYWmARumsSl7RT6hbYCxy
pbhdauhHYl1wulmn0h2HYpNeU127LFm0wGHDckqWLvlk/GTDv/+NOM2z92PbCX9A
Af73oy8ZT6m5zE6hBWcWtviPBvaW21+2CeZ3wbUAEgsdTARDQxSG8M8EJfr2McIT
3gyhiCQA//yBZOnDsk79SQXz4SgX6Bc3Mk6fxt2qhWewnebteDje6GGuFReWnvuW
jOwrIdJeVxMliD2qjX9yrv5fpN+aWM12nb35/k4atUh5Ou8fmNkl1KnG7wARAQAB
xsFNBAAAAAABEACuO/0sMege8N4c08GCN2b1UyMVm9Qcn5gr7lT3szNvMX3IvM1O
nluIr8mOHxKv5En0XOWEV1dOSauJ0eOhucFvt4w5ReKO24k8ng6vfxK3EktSnBd9
Xly+CBvXxA9Mq4Te4MMvnI7Zv9qW6Gy0XjEly+rAS4Pk+BzZVjRNmZ04uLsXPQO6
xGtANzvDQdT5IQT9n71vOYNyMYBDdAOnOJJcKbLBlq2sMiO+iq0qGk/cahKRWN0l
kRxJQnTjlZhwIsrANxOBVgkkVeG1K22lL72+Ju+2DR1Vccx1xsZQmSM7TJAvsQ7r
4Yw2KqqYcWCcYr/lQmKj8QM4mVpA73yKS4SBdSdkPHwa6fowQp3QRaZNt3hyTOYU
iBDcTojphL2yVK+QIpQyFdplDvBvzTR6W+mMOvYbie7JwaO8agb6TQ3+s7DrOhmv
7zE+8fDHjLcLf6DVaGLkl3J9tg6Ks85/2PvAbsCxjPMh90BpikK1f7oFSb+/yHrG
y1q0ii7wviIQZzrbazW7GToxAeorjUjh3SNqtmPI4jAGjJS+Sj4YBNfUvCsqOzB5
vTGe960atUkvrX/lbKdzPi8NM6JGIPO1QCKvAY1xgR1UoIj9fF/nrd4HutCMr9lY
AjyzsCtuB40aGmTYlEgLuWOp8JCGsnZYhlmk6QmNUSswXpTrto/xiS4PkwARAQAB
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
AQgAFgUCAAAAAAkQTnGiFTUTQqYCGw8CGQEAACQLEAA3GUIH8GjssDr0a5PJ4BpJ
8K9jzT24Yo0vegyhWdH3Y6XRsOqHEBHe5M2u4dgAt3H48o3ac0PhPqaUvMRqrM6X
qrq3CkIX2wzDc5XqSzyjBGTjAf+LUU6o+IU/bJuqJLnLWjZTLxQ53l3UCBYhSj1+
93dR/0Ffy+cbMDJV1d02Bhlt2qND9WYz/tlMkf4mlMqYFqq8Qs26iuNnlD1nCn+I
cTQ2zHy4tjxgnTBQcSaNjviMF0OJI30OLbaQWu7LUYRAPG1NyObLfuU+1amz4YRd
pU/LakEcXxEV5o37mUWFc7yktItM2XWnr87M+8fr/2EgrVN36nKw0NeQY5hgcfWw
y/rnE7MGPdepU+HmqQgFsRTyGAy0erPqwvsm4mZ5x1bfVNE6DpAXaaHNhmNAgyfj
AB5/deHtnnCDoCOv8po3K5kDpIDEVcBg8NKPYrsuTdoad9jGogTLYMdN+WkbUJ/A
l4kB7e1yPUh2jQ2XuQjHJUkoFUTZ2KW/vOk5UTRUNY2hta4uDB7NQB7byrlWIwZ8
1iwiZXxlf4vFMd3mQUVWwS2LkbC2MhHPUed4R2uCLszGkXrkEREwBUlRBM+/nkxU
O9ILXbOuaBWYv8iOhRyyvImWuq94sy5xHCXxhOg0TcoDLh6/rBMztZYRpdqIxCRU
KudAkJ6XaiMqaPE/hs+6qw==
=Jg5R
AQgAFgUCAAAAAAkQmWI2lXyIcWgCGw8CGQEAAJXPEAAIcePUuNMdkDBa2Fhtagpl
tKF/6lJo+TlXW41+O4AqWrkTZWbII5pi7Mx4WEraRQyx1vpGzktySvsgomM8ngkZ
wNuWX0XKQW8WHBfQCqSRgXZXVF20KjTy7GWXW4b4cbb29fKs5Qx3Pl+lwwA0wlLD
QwJBbtZr9ZnIvksCjr3RGweqdcejAkUWJXPkC11I6GZtsWZeN+2wklDKUeSCAjVx
+tmmlP3IAXZtBaV7WyNuBoIkAPnxvP6IFnp3YdtQC/L/yTGEZkXoiJAZ6LEPG0Cd
BS8hB9C2+pA78IOd4tbCNsI7hVBV/VfoxLQGDCyXjHovGU9CKkYo9DL9r5au6f6k
YOqlgEHnF5lkyLD3N1QdOrUIAKQrp9C0BirgU/ntaSuB5WjFsRuJUMxYPs5VOFU5
/zyt1+rkrJB34m9cViifDIakeCIyF8V4/ksXH2GBEag3HQzUc8zXUrZpY4PZHShN
VWt1fjJ7BnVdbhJVLlHXF84A23EkcXieW+I1PwIRtnE6oyZEla9JXRZd/dxHd6W7
EOkNRV62Y6V2FOd3t1DV3xQoZWZuYnFWiW47N3gzcoZ4hXzNxFYlyiD2GEhUgrAg
/Ib2VnHKkF0Rq0Dso67OcJX38+Q3BfKbGJj2TZw2uey/dJiuIx1LXsaHP3SYjxs/
PwBtTGrZ9h1Hi57KNlTwTw==
=ckFg
-----END PGP PUBLIC KEY BLOCK-----