wip
This commit is contained in:
Leonardo Eugênio
parent
a46a304ae1
commit
6cb20d396c
18
.sops.yaml
18
.sops.yaml
|
|
@ -1,12 +1,18 @@
|
|||
keys:
|
||||
- &lelgenio 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
|
||||
- &lelgenio-age ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15
|
||||
- &monolith ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHESKhLPhvJIFW5S8rXweS2i6c13sk6h1Oo6SSJwEsNr root@monolith
|
||||
- &lelgenio-gpg 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
|
||||
- &lelgenio-ssh ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15
|
||||
- &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
|
||||
- &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
|
||||
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *lelgenio
|
||||
- *lelgenio-gpg
|
||||
age:
|
||||
- *lelgenio-ssh
|
||||
- *monolith-ssh
|
||||
- path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- age:
|
||||
- *lelgenio-age
|
||||
- *monolith
|
||||
- *phantom-ssh
|
||||
|
|
|
|||
|
|
@ -101,6 +101,7 @@
|
|||
{ nixpkgs.pkgs = pkgs; }
|
||||
./system/configuration.nix
|
||||
./system/secrets.nix
|
||||
./system/sops.nix
|
||||
./system/greetd.nix
|
||||
{ login-manager.greetd.enable = desktop == "sway"; }
|
||||
|
||||
|
|
|
|||
|
|
@ -2,12 +2,16 @@
|
|||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
inputs.vpsadminos.nixosConfigurations.container
|
||||
inputs.agenix.nixosModules.default
|
||||
inputs.sops-nix.nixosModules.default
|
||||
|
||||
../../system/sops.nix
|
||||
../../system/nix.nix
|
||||
./hardware-config.nix
|
||||
./mastodon.nix
|
||||
|
|
@ -57,6 +61,15 @@
|
|||
identityPaths = [ "/root/.ssh/id_rsa" ];
|
||||
};
|
||||
|
||||
sops = {
|
||||
secrets.hello = { };
|
||||
defaultSopsFile = lib.mkForce ../../secrets/phantom/default.yaml;
|
||||
};
|
||||
|
||||
environment.etc."teste-sops" = {
|
||||
text = config.sops.secrets.hello.path;
|
||||
};
|
||||
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
daemon.settings = {
|
||||
|
|
|
|||
|
|
@ -47,8 +47,6 @@ rec {
|
|||
demoji = inputs.demoji.packages.${prev.system}.default;
|
||||
tlauncher = inputs.tlauncher.packages.${prev.system}.tlauncher;
|
||||
wl-crosshair = inputs.wl-crosshair.packages.${prev.system}.default;
|
||||
|
||||
sops = final.sops-master;
|
||||
}
|
||||
);
|
||||
|
||||
|
|
|
|||
30
secrets/phantom/default.yaml
Normal file
30
secrets/phantom/default.yaml
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
hello: ENC[AES256_GCM,data:UJAAdOL7wzQ1LduTyW+XK2NtXyw/u/Yz28Bmd7OoBe41FVLKwVfvdI1nAwYuNQ==,iv:7kPT2HF5T498bUJ9hUlz5Ez/jn1g7YIUVbJOTW/CHhQ=,tag:KJhJPg8AStyW4roEbEUJ2g==,type:str]
|
||||
example_key: ENC[AES256_GCM,data:DcLN+C1BQ6WZg5fRiA==,iv:JC3GTWn4a4RekAHdOQB3YV5+eGa4cUK1JjyTPe8eNHY=,tag:W9CV4rsgHuXyqpWpUxlIQg==,type:str]
|
||||
#ENC[AES256_GCM,data:RjdYJNz6qGfbsU/AiBeLlQ==,iv:LjRzSjBXp44cGSqUUfRDNLC9cW4Vd7lfsqDWINt31VA=,tag:NzVm1h9CVKE2XXt300aR/g==,type:comment]
|
||||
example_array:
|
||||
- ENC[AES256_GCM,data:K9j/t8MDibYO8Frhu1M=,iv:YnrxRnJJwTH6DJC6Bv/d1NUnX2ZPFwsjoji7L1Z+d7s=,tag:Dm7xCUlnjKdXHCuk8lwY8w==,type:str]
|
||||
- ENC[AES256_GCM,data:0g6ACJzEHBtukwQYYTY=,iv:xLBJWfOYkX7Y28N01CX2+d5QOr9VGAhInH6pa1hNSGE=,tag:tCkCigo4yhi6YKVMe3Z3lQ==,type:str]
|
||||
example_number: ENC[AES256_GCM,data:R+/m/QVBH9/3DA==,iv:FumBUj97ICrRQmyh5fg8Gu9Lba9oITD1pdsr1I/PCf0=,tag:hguw1gpPI3w64fG1WLnJqA==,type:float]
|
||||
example_booleans:
|
||||
- ENC[AES256_GCM,data:VvI5ag==,iv:koMzyWcua75sK19vuk65oywCD61lMyH3xUwue8LTqy4=,tag:2ym1M0FTwevLm7wefTUWAw==,type:bool]
|
||||
- ENC[AES256_GCM,data:lFEC/S8=,iv:cJWbnmseP/AqJzyORM+VI5y7rK8axVeh7EXoLP7mT/Q=,tag:BaS5HyecokdLCq+LzQxGkg==,type:bool]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQkRWWmYweUNpcDRNbzRW
|
||||
NnQ4R3JPK0oydm9iL0owS0d6Nm92eTFJZldFCnZpUVUvWi9FYTBDSGNvUUJRZHNz
|
||||
QStPT0hCc08xUmh4dEdJdmVPRm01V2cKLS0tIEZPMmNKdGUvNnVWYXZNTHA3SkE3
|
||||
ZTNJbW9EWktPb2M5TVBNekUrZXVoUFkKLEsQVYVp7fTBRDA7RO8Kjpc5MUPb5U7I
|
||||
WKZtNhsMZsP+SLgZWBF1PpvcjlDlNA2Z+Hqsrw6vsq6DYpnxToxfZQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-05T22:27:18Z"
|
||||
mac: ENC[AES256_GCM,data:WSopSnWZ+uOllywd7difaZtJcfxkL7eIf9Kr3GajZKO0+rP6pEHIS+5AbXZy6oKRlCLUPecY/WXFvk3//akpvvXHbf6Jp4fQ/YSuTcYKRQupbDBpOXSlc33QyRl6oEyiMOjxMxa2N2tmq8dmA0NbF9wSDMa5a4eNDoiL5T/sUZ8=,iv:QqbVRApzFF6q24rk8KfKuthj656nEczD9Si4INj+N9A=,tag:tMRNYo+u/jIQ6iX3KqKJdA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4-unstable
|
||||
|
|
@ -1,72 +1,65 @@
|
|||
hello: ENC[AES256_GCM,data:InrQC1cwHNYwCshr2RYZTRbeNWSHNr0Z319xqxQMZRf3BjAwtJ3FZ0y120P7dQ==,iv:/M6Hi3C29GySJO0XD9jnJuSbW0uwZ3DkD981leAoDFA=,tag:4fG3hrA4JWlCXEC4HCoVOA==,type:str]
|
||||
example_key: ENC[AES256_GCM,data:rS8hhFYHFG5HuF052A==,iv:Ec1wMtt6Z2VMgI2pH3j17cwVtpxWOPHm+nhhbstwhto=,tag:iustehiDFbzNYsrSQt020A==,type:str]
|
||||
#ENC[AES256_GCM,data:zMrmQNws4x9Tk4JV7tze4A==,iv:glvnI1ZxdSFWzDypM74uPbucyEbCyVmrKiGlUjuygXw=,tag:evh2xI6hWKQLDlrJIcviog==,type:comment]
|
||||
hello: ENC[AES256_GCM,data:ADXdQUkrnh9lDrsHyInYsPBo21u/mIAH47KhGQsxuz5OshT6CoK+89CILEi9tQ==,iv:b/rnM77z69+pVO3kxQZxI2YzTCRiBwwO5fhcwCB2/CI=,tag:A0FOXIfgIkJawV3QhlJPWQ==,type:str]
|
||||
example_key: ENC[AES256_GCM,data:gXXl6hhdYNLC1Grmyw==,iv:miSL7Wdewd5zs4A86/r8OW6gK+PGZJ+gaqZRHHxvZos=,tag:Ty+IaoXdMSEThNPRjwhqTA==,type:str]
|
||||
#ENC[AES256_GCM,data:FLhydTaiOqLRFk+ZrgGx9Q==,iv:TqhX2ylJKFQjdOpmwCER1+gRe4iR+I0hkVkNnYH4ESo=,tag:1BSk9TKqTma4MVUMswwmog==,type:comment]
|
||||
example_array:
|
||||
- ENC[AES256_GCM,data:H6pL++V+9HBdboEOeeU=,iv:ZduKwwgZfdhli5aMIbJu/WUi5qdvZhENcV9G6A3ukG0=,tag:5YRywD1SensTM0hsg6qeDQ==,type:str]
|
||||
- ENC[AES256_GCM,data:/GRa1ZYqGj4x+cbmQSo=,iv:bj9WussUEMyF61grr1AXeGyumyPO2pjXdEWdlMuBQGk=,tag:3PtjHeEUJApdiVjcQCAuHQ==,type:str]
|
||||
example_number: ENC[AES256_GCM,data:j+7tF6HOYjEUfg==,iv:VDQPA+Ium+S9voKiQPNQ+HxayM0bRf6txSX7zsED+6Y=,tag:RyP8MlNKpJTiFq4yki3IHA==,type:float]
|
||||
- ENC[AES256_GCM,data:1sIEL3xGDAygUKoodBA=,iv:1DumVv8vDvhT/K0jXM1vHdrFTE7dIxqqjS8CIpWdnc8=,tag:WSs+3a816zVOaGCTElxgFQ==,type:str]
|
||||
- ENC[AES256_GCM,data:tFi1czQnVgX/nlWrJrs=,iv:isH65ldilVe3EjsKNP/dOKgtWZtHQPw364fPHBI+LEw=,tag:Ka5ywriFptKg3+lIHPEIyA==,type:str]
|
||||
example_number: ENC[AES256_GCM,data:sxSM8a9oAp+u6g==,iv:KRLfIxZuBsnK+QE4mqm3pyhJmE7Fsd4ykJA++KrOnEQ=,tag:F5EkVUzw06ulr5jZvlTJdg==,type:float]
|
||||
example_booleans:
|
||||
- ENC[AES256_GCM,data:vsYeAQ==,iv:MIUmFU7UJdkixIKCb0CCMAzhJ5uvkEZZlWHhleoZIEA=,tag:jMpWcJSwJv+yzkBB2/uvmg==,type:bool]
|
||||
- ENC[AES256_GCM,data:0aq01xA=,iv:wF7WwrDVFG0hful9S5284olMTKlS+RnNnySAsw5UZp8=,tag:KqD1Quq0i0xeRiCMEC9yTQ==,type:bool]
|
||||
- ENC[AES256_GCM,data:PDts2Q==,iv:qtfKg5gmUw2aERJe3gfT15Pk7mWocXwKdJhAzSic1o0=,tag:gn1sWsgt9ihYF8bHAkAQwQ==,type:bool]
|
||||
- ENC[AES256_GCM,data:o9as7T0=,iv:YXyTB2X9PmTsOd37+BAp2xnT/+Yzyajcn5y1GE1O5rE=,tag:hyXA43jpyAbgH2hg1ivloQ==,type:bool]
|
||||
sops:
|
||||
shamir_threshold: 2
|
||||
key_groups:
|
||||
- pgp:
|
||||
- created_at: "2025-03-05T17:47:53Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMAzy6JxafzLr5AQgAl3m6zci5ipAkoy6mJKHCs8lq7s+wyvZ2tuHmUarbGxUP
|
||||
Jg98Btnr4VTMdy116TeuRte+upGIN3bJLBSEYPGodpKkHhmFmInSmR2gXQCEvxAP
|
||||
2JQQLceYVTyHqtlxrgyRKQwMJQd4J44TZ0WUTUEOH5M2x+tnTrdG0cWug+unKr9G
|
||||
omomiO3PQF5ImGKwdsPfyEK2/80j0Zu2+wBzbPuPIiBgHhk+SfUc/iLzUH6UupdQ
|
||||
DYPGWwbFXptVLt/sqeZ1jQAivtFlu+NlcF2/Qd5vXZ636oKWSth9degTdYX4RKfW
|
||||
osXzWAlvftUE/ZY6bQ14sV0Ug8/Y35BCrInh+I2ZENJSAUouvWfmsrqWsoXn9Kcp
|
||||
3UCfpQnlPmcK0I5pzROL8sE4n5/BpTEYx2iZe0bbY7xSnGC5N5VEP/s/OODLMpaQ
|
||||
RnQUAsNJrQ9Iely+OS2K7jo7HA==
|
||||
=5CNC
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
|
||||
hc_vault: []
|
||||
age: []
|
||||
- hc_vault: []
|
||||
age:
|
||||
- recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgQnd3eEhnCmtodG9TZ0ph
|
||||
MjM0dnVMa2c4L0wvRXJmSkRYVFpYYnloYktBamw4VXR6anRBaHJxckR2MXNqdXB0
|
||||
QnJleGdFVjEKQkdlanc3T0YvWWJiMVFVTm9sNmM5RXUvVjhyLytqeHJ6eVJPZ3Vw
|
||||
VDdYaUJlSmlMZFVCQmd3MmhROWdJSXlNeApHN3c2dUwwNDVBUURTREo3b2hpRG9K
|
||||
azZTYXhFbGtzYmZURTM2WVA2NUREOHdwZFZncWF2TXhsK0hJNWNYeFVBCmtiTWtv
|
||||
aStUcW1IVDVIb2ZxQ0E2U29Jd1ZXc1NHMEg5aVpMSHJDVU5KQk15N1lZVkJNdWpS
|
||||
ZzZVNlFVSWg2bHMKMXRnU3o2RnV5blVlL0ZlYlFIeHp4aXFUTjBpSUIyeERDNmZI
|
||||
a1h3c1RjOUdZOXhNaU5ueVhKaGFCZFpZMm9mcApCNEZwUTk5dEc5NTlXei9ZZ1A4
|
||||
WVc5ckt3YldXb3dCSzBjK3UySVhRNmlRVlVSNVlsSlppVThPVXBHN0JlT3F0CjA0
|
||||
THVDZ1hqcmROODlNWjB0aGxPM1J0MzYxQnd5ejJlUnppZ1JQOUR5ckY0VXZTSkND
|
||||
dzd3S3JYdngzeEx3djUKb2xJRXVBd0lVbEZ5MEdQN2FEaloxc05zYTYrMWJpVmU4
|
||||
OHRlc0ZpNVJoWDJkOGErYVFrZlpmZS9wZUIvWU1mLwoKLS0tIHNqUFZCQ3RqVjIw
|
||||
WTVxR21vUjdxWWdDa3F6QmRvQUdQTEllcTdpdGlKZHcKeFppXJ/3fVylNSYT3utw
|
||||
5MErQHe5ATw0kWH1Sq6dmuRuCNRTFIrozk+wWvZCEehRZoP7Fr9yieTtWlRsgL6J
|
||||
O5k=
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHESKhLPhvJIFW5S8rXweS2i6c13sk6h1Oo6SSJwEsNr root@monolith
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFl3cDFOZyBidkUr
|
||||
dDNqem5qNS9UUUNMSEl2M3JIcU5MYzgzdG5HQTZoMUZMc1liNTBZCm9veDZ6MlQv
|
||||
Rm5NbzljWG1kRlRIV09iaVl2c2JPUGpqT1Y1YkNSZHRjQWsKLS0tIENDVXl3cTVs
|
||||
MGtReUpHTDBqNTBpM09FWU1ETHJzTlJHa1UyUXk3bTIrRFUK7zV5PlkcUpgQCWqm
|
||||
DVpUxUzh6tNWSwOqFsCKSXwxRdVPTZwHiO8+fpYKyk5gNA1WyhgkJl34qvcyh2rN
|
||||
ZqPElPc=
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
shamir_threshold: 1
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2025-03-05T16:50:53Z"
|
||||
mac: ENC[AES256_GCM,data:Q0oAUxQb29WCm6HBhR2RTfNUA3upKHFYEiVOGftGd9MUMRGW4WP9jLgFZ9NQah1hIpdJWv9nNKNaJslpA5LmrYOIFMLCORbk8hJC+/Mg8HZa+mRARUGvGOebNC7p10rgsAIloaOK8/eFteENMcIhDqFBfWlqX+yoXJb5XsaHx4U=,iv:Tf8yIqyLA1wDx/dXj6KhU4eG6CLsrAaZjEVIm8uFZpo=,tag:hxJgbyMQ6cWboIs/40C7Xg==,type:str]
|
||||
pgp: []
|
||||
age:
|
||||
- recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgQnd3eEhnCm4zQnZFV2hJ
|
||||
cFR0Z0hGeFlQd1Rtb2dDUDRJOVc3dmtWT3FIa2xOV0hRREE4LzVKQ01FTHd6M3kz
|
||||
M0JLeEtXTXoKZkhnMTNETnZVc2tEbU84NWlGWk5YaUg5NjJDdk9yb01QMTVCOHlh
|
||||
SDE3c0c0dUV3bXQ4MjAxYWJjYUFscmlORwplOFZLc1JzUzdjU0lCZGUyQWl4b3d0
|
||||
L3hmekNSUUZia2FOR0k3TWcyQm9xZytCakFpSGRidEJUZHQzaC9sVlppCmJBSnl0
|
||||
VW9Tb2hRME9MdmFlcUw5Z3MyV0k3V1FKQTNQZ3M0UTRLK0FvL3NOUTZ3RDBQY0M5
|
||||
UHdnLzU3VkFCME0KWTV4c29NbmIvLzl3WXJvMkhnT1gwTTBRNzV3RVVnRTdiMkpn
|
||||
WmVWanB5VFpnTmhQMWRibXc4VGdhblAwWkQ1WQo0YnFjcnpnYTZITnVueTlZYzhW
|
||||
OGs3MmlPcmhtaWZoU3h1T3FkbmpoMFFUN0UwQ1FDTGs5L1hGUHdJbmU5Q3haCjJG
|
||||
bXAyd1lycGhELzY4ZWR2cEtmcWt4NnhXcjIyREw3cTR5d3ZoQlZySlg4Z2lwRmQ1
|
||||
cEF1VGthTkV0ekg4M2UKZS9aN0IxazdjUWhUMnBFSmYrOEdYQWdocWtQcFhtYlpN
|
||||
M3FyTDdMSmpESncydnFFd3lTcE1FMEg5a1ZoTXVIRgoKLS0tIEsvb090WDRBZFdV
|
||||
dFRUUms3S0J2b201OExwTy9DZERhZVlqVEdtaThkTE0KFT1RB8s+hEOJk7XGjSak
|
||||
34qTDcoBnaF0jPZ5Z0HsUx84G4Nu5teRVeHgVKyC7Iv7Gi9TkYtsdgM+q/3rdSvn
|
||||
aA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5eVFsWHZZYkNrdjNraW5q
|
||||
OTdmbWF6Tm02elk3NGt0TGQ3ZUoxaHp3VGdBCnVqSDRIMlRSOXdTSER2U0tDcjR1
|
||||
Tk5FcURQOW90bENWL2Nyck1CU3RBR1UKLS0tIFRZZzlNNWRtUkJmVzBHWTA3L21K
|
||||
VCsyS0x4Rk83eC9UTHJvM1NJZG9DbTQKbGp6n/45qGA3rgmdxUJQKZdA1zen5kfZ
|
||||
pXnExsrIhfPDx0oE2jIWGW0N8cizkCJA4k7ROGu56GqIqga9h55VTw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-05T21:02:24Z"
|
||||
mac: ENC[AES256_GCM,data:QfyrJrLERhs14KnuBJ0eCEUqKIBwhmQHROflBAArGlPmyVZU6KLvvOOANv+PJWk9Kt9yPU9Avwt6/e2q0jq9u2OUrvxHbqF4SWvkwhvSoSD3EOe27NGPjDLkVHOdszObo/fT8xglvc6LY8NqL9dXnUoLl58IrY7SE18F7EjrYuE=,iv:rjonQvZQjsr0oC5p3pjh1FAH/7B8SnHpAQ/qFxxfhQs=,tag:/DgHviNrSIzLyjj6ndwY0w==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-03-05T21:28:21Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMAzy6JxafzLr5AQf/aiSW1yeJJ3VLiJ6I+vafWPVe702+6IstICKNdTz4AFgo
|
||||
2yUkY/alpgkcH1ybAiRQK0lOs63NBL51Pe2XsKAWXTlHVgFU0B6e+7YoDuwPWnTP
|
||||
dyTASd+++EAbf0l7bIVQbx28Ib5F5DZyB1VMhhGAZXQqURJGQpLrSqzaoMFPGodg
|
||||
V7whjtOaEmtFKNhNeRIdrnTW2raeKO0J3mQ5nawCekeIHnx22NxCIbhBMsKpF8EH
|
||||
3SZSCNiGrrfbLZFHcM/P5N5qEPc53r9Zvpxcwc8NayIS3kUPwLqKmvhCbRW3WOr0
|
||||
2fc8TQgHTWEYSRSYIVw5vPHWs4+3T4cjdGb0atJ4rtJeAUnGlwchAvxLfFFG096r
|
||||
SDdiJBBZ03r31EJqnplNwwitKyR4jj+HaM/CNmtSFo7c99iA91A7C1PBri+NpuCK
|
||||
Fr0JVEom4Fm9WY7BMPduiLN77XLB0aaYN7zu7pwdYA==
|
||||
=4URT
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
{ pkgs, ... }:
|
||||
{ pkgs, config, ... }:
|
||||
{
|
||||
imports = [
|
||||
./android.nix
|
||||
|
|
@ -29,6 +29,14 @@
|
|||
|
||||
zramSwap.enable = true;
|
||||
|
||||
sops = {
|
||||
secrets.hello = { };
|
||||
};
|
||||
|
||||
environment.etc."teste-sops" = {
|
||||
text = config.sops.secrets.hello.path;
|
||||
};
|
||||
|
||||
# Enable touchpad support (enabled default in most desktopManager).
|
||||
services.libinput.enable = true;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,22 +1,5 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
sops-master
|
||||
gnupg
|
||||
];
|
||||
|
||||
sops = {
|
||||
package = pkgs.sops-master;
|
||||
|
||||
defaultSopsFile = ../secrets/test.yaml;
|
||||
|
||||
secrets.hello = { };
|
||||
};
|
||||
|
||||
environment.etc."teste-sops" = {
|
||||
text = config.sops.secrets.hello.path;
|
||||
};
|
||||
|
||||
age = {
|
||||
identityPaths = [ "/root/.ssh/id_rsa" ];
|
||||
secrets.lelgenio-cachix.file = ../secrets/lelgenio-cachix.age;
|
||||
|
|
|
|||
12
system/sops.nix
Normal file
12
system/sops.nix
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
sops-master
|
||||
gnupg
|
||||
];
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ../secrets/test.yaml;
|
||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
};
|
||||
}
|
||||
Loading…
Reference in a new issue