Add SOPS
This commit is contained in:
parent
17af97957d
commit
b1f49ec488
GPG key ID:
198E9EB433DB1B28
8 changed files with 100 additions and 2 deletions
1
.envrc
Normal file
1
.envrc
Normal file
|
|
@ -0,0 +1 @@
|
|||
use flake
|
||||
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
.direnv
|
||||
14
.sops.yaml
Normal file
14
.sops.yaml
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
keys:
|
||||
- &laptop age1thulhunl9qf552rnlvhrdjrfy3udhfy43389thm5ehr09ycrwcsqdjd25q
|
||||
- &vpn age1emavxf6jydt0f8nt7y5xyagthhh0hcc3f0kthtt2yx0am7df3vdqw7uwk6
|
||||
- &vpn_ssh age1gqtj74kr2yumd7wkaf83j2ctlmltv6ykvkwna4thjjmr0v0tts6qnt5dc0
|
||||
- &builder age1emavxf6jydt0f8nt7y5xyagthhh0hcc3f0kthtt2yx0am7df3vdqw7uwk6
|
||||
creation_rules:
|
||||
- path_regex: secrets/*
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop
|
||||
- *vpn
|
||||
- *vpn_ssh
|
||||
- *builder
|
||||
|
||||
23
flake.lock
generated
23
flake.lock
generated
|
|
@ -204,7 +204,28 @@
|
|||
"lix-module": "lix-module",
|
||||
"nixgl": "nixgl",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nur": "nur"
|
||||
"nur": "nur",
|
||||
"sops-nix": "sops-nix"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1751606940,
|
||||
"narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
|
|
|
|||
14
flake.nix
14
flake.nix
|
|
@ -15,9 +15,13 @@
|
|||
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.1.tar.gz";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { nixpkgs, home-manager, nur, nixgl, lix-module, ... }:
|
||||
outputs = { nixpkgs, home-manager, nur, nixgl, lix-module, sops-nix, ... }:
|
||||
let
|
||||
system = "aarch64-linux";
|
||||
pkgs = import nixpkgs {
|
||||
|
|
@ -37,11 +41,19 @@
|
|||
modules = [
|
||||
./home.nix
|
||||
lix-module.nixosModules.default
|
||||
sops-nix.homeManagerModules.sops
|
||||
({ ... }: {
|
||||
nixpkgs.overlays = [ nur.overlays.default ];
|
||||
})
|
||||
];
|
||||
};
|
||||
};
|
||||
devShells.${system}.default = pkgs.mkShell {
|
||||
buildInputs = [
|
||||
pkgs.age
|
||||
pkgs.sops
|
||||
pkgs.just
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
14
secrets/Justfile
Normal file
14
secrets/Justfile
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
default:
|
||||
|
||||
generate-key:
|
||||
mkdir -p ~/.config/sops/age
|
||||
age-keygen -o ~/.config/sops/age/keys.txt
|
||||
cat ~/.config/sops/age/keys.txt
|
||||
|
||||
# use `sops edit` instead
|
||||
# encrypt:
|
||||
# sops --encrypt --in-place secrets.yaml
|
||||
|
||||
# decrypt:
|
||||
# sops --decrypt --in-place secrets.yaml
|
||||
|
||||
34
secrets/secrets.yaml
Normal file
34
secrets/secrets.yaml
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
openrouter_api_key: ENC[AES256_GCM,data:V/JK4bZb6ps22fseIz01AuXqHG+jGy1un3GzJNR5JL2y7WynHdVp9xsK01D4HoYApxYhbKG87VM2/40MSdfu46Rd7e6BwGCaiw==,iv:BMHPFzpu99911v3tBNvuZSzRiXpi+hJ+o/aGL3O/xPc=,tag:iXNV+chWGbUKUaghv6Rytw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1thulhunl9qf552rnlvhrdjrfy3udhfy43389thm5ehr09ycrwcsqdjd25q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbkV1UUo0b0FzSVZ6ZTUw
|
||||
cjdFNkpVOXFRanNuQkZWTlo4MjNVUTlyS1d3Ck9LVW9aemRTaFdLV0xnRGFuZUhT
|
||||
QW5ab29kWmFjOWpvOEdXWjRMUkZWYUUKLS0tIHcxbWVjMlFMR2p4eWFrL1o5U3RR
|
||||
akhEeWtRRHN5OG9ndzRVRS8rcm45RFEKa3Blj75nqr/tlzsHR4TIuGmUZiQvC2xI
|
||||
cS1Zaja1WlcdRw6S8YapYF3jpP9fCPLun4vDQTPfuqMTt2R38TrO1w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1emavxf6jydt0f8nt7y5xyagthhh0hcc3f0kthtt2yx0am7df3vdqw7uwk6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MmphS0kwMkh5eVAveGFy
|
||||
eVVqb3dITFRQQWx4cUdybXlNMGNEbUlDcVNRCkVkQlh5eGo0SkNVQ3k5c25LQUxU
|
||||
ZHlMdEEvRXBMQVFVVjZtK2U1cU9KRTQKLS0tIGtlMHJRbThhZHBvSHlFQlFIdEtT
|
||||
d25YNzhHekQrSUtyNklBcVIwalY3ek0KVYnN1qvmmcVPWZ1u+HwM8Ua+BbMOky7B
|
||||
qXLuKB7yz2/utw9ACm6kzd28CB5kBIELdsv0GvmexV73cYe7h/w71w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1gqtj74kr2yumd7wkaf83j2ctlmltv6ykvkwna4thjjmr0v0tts6qnt5dc0
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1QmJsOEJGM2JOV2FRQ0Y2
|
||||
Ui9uRGNmTkRneUpLR3ZRb0VqYWJvTlRzOHlJCkgwa0R6em1ndWMvVDZ6cW5idElz
|
||||
UG8zaVNNdWJiRStocHkzc1Z2T0dVVWMKLS0tIHhSTEgwRXpPdXR2b1BqQnF2RVp4
|
||||
bUZvN0pwdHBuYkN5M2JaOVExcXVFcmcKGPvIgMyzqBI2fUCU/83rPjnRHVKm0G43
|
||||
nCbcF+TwcvNzgS8rGD3of8OeyK3D03jIJla9zVFBSWZ/zA5YHIHkgg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-07-08T06:03:47Z"
|
||||
mac: ENC[AES256_GCM,data:QDbGVibN23+BYfPfpw49qPVKF2k76ANaaMaxcWDIaPHvNdIcT+CdNl6Y+HJgayZjBA8W03djnm7Sts+4ijt8+SWuw5pHBmSqs4h5cZ7Vb2SAKjTYz2vPKb3aBHChWLpeIeL9Ihcn2GKqAl8D7PUP7i+YvC8Owr+U5xND/zaHCJ8=,iv:5ERCUXnjVpiOBLeswkEYT/R3sHqBF6kyDZ78L8/pyTo=,tag:Dki4cKMF66MxqBLbjuItZg==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
1
secrets/secrets.yaml.example
Normal file
1
secrets/secrets.yaml.example
Normal file
|
|
@ -0,0 +1 @@
|
|||
openrouter_api_key: d4d...
|
||||
Loading…
Add table
Reference in a new issue