diff --git a/.sops.yaml b/.sops.yaml index 7aa3d88..20a8640 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,6 @@ keys: - &lelgenio-gpg 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B - - &lelgenio-ssh age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h + - &lelgenio-ssh ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15 - &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw - &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y diff --git a/pkgs/default.nix b/pkgs/default.nix index b702886..4e2fea6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -11,4 +11,6 @@ rec { factorio-headless = pkgs.callPackage ./factorio-headless { inherit (pkgs.unstable) factorio-headless; }; + + sops-master = pkgs.callPackage ./sops/package.nix { }; } diff --git a/pkgs/sops/bash_autocomplete b/pkgs/sops/bash_autocomplete new file mode 100644 index 0000000..ab3da32 --- /dev/null +++ b/pkgs/sops/bash_autocomplete @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +# based on https://github.com/urfave/cli/blob/v2.3.0/autocomplete/bash_autocomplete + +_cli_bash_autocomplete() { + if [[ "${COMP_WORDS[0]}" != "source" ]]; then + local cur opts + COMPREPLY=() + cur="${COMP_WORDS[COMP_CWORD]}" + if [[ "$cur" == "-"* ]]; then + opts=$("${COMP_WORDS[@]:0:$COMP_CWORD}" "${cur}" --generate-bash-completion) + else + opts=$("${COMP_WORDS[@]:0:$COMP_CWORD}" --generate-bash-completion) + fi + IFS=$'\n' read -d '' -ra COMPREPLY < <(compgen -W "${opts}" -- "${cur}") + return 0 + fi +} + +complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete sops diff --git a/pkgs/sops/package.nix b/pkgs/sops/package.nix new file mode 100644 index 0000000..622afdf --- /dev/null +++ b/pkgs/sops/package.nix @@ -0,0 +1,60 @@ +{ + lib, + buildGo123Module, + fetchFromGitHub, + installShellFiles, + versionCheckHook, + nix-update-script, +}: + +buildGo123Module rec { + pname = "sops"; + version = "3.9.4-unstable"; + + src = fetchFromGitHub { + owner = "getsops"; + repo = "sops"; + rev = "024b94f67afa967ed758ae17433d7da600e87599"; + hash = "sha256-rNO9+gIxxH4sYoemFbOD8HaKWL48VnbdCOKvQ0FoTgI="; + }; + + vendorHash = "sha256-wdsPuUpYHEBkZ80d7L3iXIbBsnK4to0zDUOOlvOtde4="; + + postPatch = '' + substituteInPlace go.mod \ + --replace-fail "go 1.22" "go 1.23.0" + ''; + + subPackages = [ "cmd/sops" ]; + + ldflags = [ + "-s" + "-w" + "-X github.com/getsops/sops/v3/version.Version=${version}" + ]; + + nativeBuildInputs = [ installShellFiles ]; + + postInstall = '' + installShellCompletion --cmd sops --bash ${./bash_autocomplete} + installShellCompletion --cmd sops --zsh ${./zsh_autocomplete} + ''; + + nativeInstallCheckInputs = [ versionCheckHook ]; + versionCheckProgramArg = "--version"; + doInstallCheck = true; + + passthru.updateScript = nix-update-script { }; + + meta = { + homepage = "https://getsops.io/"; + description = "Simple and flexible tool for managing secrets"; + changelog = "https://github.com/getsops/sops/blob/v${version}/CHANGELOG.rst"; + mainProgram = "sops"; + maintainers = with lib.maintainers; [ + Scrumplex + mic92 + ]; + license = lib.licenses.mpl20; + }; +} diff --git a/pkgs/sops/zsh_autocomplete b/pkgs/sops/zsh_autocomplete new file mode 100644 index 0000000..1569af6 --- /dev/null +++ b/pkgs/sops/zsh_autocomplete @@ -0,0 +1,25 @@ +#compdef sops + +## based on https://github.com/urfave/cli/blob/v2.3.0/autocomplete/zsh_autocomplete + +_cli_zsh_autocomplete() { + + local -a opts + local cur + cur=${words[-1]} + if [[ "$cur" == "-"* ]]; then + opts=("${(@f)$(_CLI_ZSH_AUTOCOMPLETE_HACK=1 ${words[@]:0:#words[@]-1} ${cur} --generate-bash-completion)}") + else + opts=("${(@f)$(_CLI_ZSH_AUTOCOMPLETE_HACK=1 ${words[@]:0:#words[@]-1} --generate-bash-completion)}") + fi + + if [[ "${opts[1]}" != "" ]]; then + _describe 'values' opts + else + _files + fi + + return +} + +compdef _cli_zsh_autocomplete sops diff --git a/secrets/monolith/default.yaml b/secrets/monolith/default.yaml index 8bd8e12..3e1c99c 100644 --- a/secrets/monolith/default.yaml +++ b/secrets/monolith/default.yaml @@ -15,40 +15,50 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h + - recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaFFtOHRBNjZqOXJOV1Bk - SXRhZTdNWklKaTZST2JhU3VFLzBGSWY0QlMwCldwS1hhMDEyZDAxWUlRRXZtTWts - Ti9IOUR2OFdGYkJ4cFRsV0lkbWJvb1EKLS0tIEJUS1ZCZ1M4ZUs5cDhiam5JaEk1 - U1VjNFprNHZWeDhwU3owRXh0MlBFYkUKHPgxz9/w3+JEtOljfyWBPSshfFlVWVys - f15yxlAeWIZVEGqoau7DegVdZiYYIJR2dFBXV1RkKbAwLrbUxAQidg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgQnd3eEhnCldST3lPZXBV + cTVNK3R3RjlFcDQ4UldRT0tsSVJ2N2FkN0hiOVllT2Rrc2NjVWtMbnMrWHVMN1k5 + dExsVHFhMHMKRVVzR1pzeG01Y2FidWNrQ0xjK1FUZktnWTZaWWlWalM5cWhZWE9U + TFU3ZXV3aGp6QkRIZkl4MDFJN2RRQVkrdwpqQlE5ajFTVW15MVVyTkNaS3JiOFph + cGthWWZ4R3Rldjh0a2lnd1dSbUcvSVpDdHJKVk5GVy8vR05WbmhUWFhuCkZsaWk5 + L2dnNE4rNTV6VWpIZlNIMENzZVlKS2NEOFdmSFhsYkFNSHRlTENYeGNtekpDaUN4 + V3l2VWtta3hSVFIKblVDZ1hOdzZQbWswTDB5MXd3dXpXQW44MFhFR0hGZkxjbzlU + WkR5dFhhbVpTUGZwQVR3WXNCUjJWYlAyTU1VeQpkWEdXQjVUemlRdXVxZVE4SGVU + TFlPS0FEV1dRRWU0K1d1ZTRrZGU1MHVKQ0lCemJmcUhOaWtON3ZDbUtad2lXCklt + aFREN3BmdEo1TUw2V2NtQ0QvbE1EQ25OeW5ZaldOY04zQjFQbWRnWjhJaWZKWXJn + UlBTTjV0VkpEY0FhZjQKTURjT004dHEvS24rNGVBSE1KK0ZabTBKb0Z4QTJvS2Fi + czdnWEpUTXJsRVMvdWFzVlJLT281a3JwQi9PMGVDcQoKLS0tIFgvSE14blgvVkxQ + b3N5WWlzdG5hajZaVFVkWVlhOXNZKytmZEZrZVprRHMKXqPgDpKG42KsfKfIAflT + 1meea416Af+WeFhWnw8fBBhApKrMMmYMMjDi1lIOGDz57ydNqtlFqdFtkiQsUC0f + wA== -----END AGE ENCRYPTED FILE----- - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OWk0cTJ4d25Qd0hrdkFD - a2Fzd1lrMDREclkvRmxUSjFpYXZvRGs2Rm13Cm5aRVZDWE5ZUVR1K2hkZkdKWjYw - K3lKNndBNGFveGVGVWplaHA0MVlYUG8KLS0tIFlVeXhCTGJGUm1HK2RCSFg1RnI3 - aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h - jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTWVYNXNQcHhHSzVBQmhU + ejlOQzJMZ0xEVFVkbzNPQ0hMVHBQWEgzQTFJCkF6ZDNaZ29UM29vWGZqVW10dmlQ + YjNFNXJVMlcxT1ZsMU55cE8vc3VjaXMKLS0tIDZYQTRjMWp5a3hKc2N4alZKZHFt + TGNwNUQxN0VQMHErMGVZbG5CZW9kSGMK9TRcgSJQT73dYoQxrrqFW/FkKExLGT4T + Xagi6Eq4rhT7pvaL4h3vglwbqkLPsHrWRSyhh0sAEIJ1WpvD+cFEMA== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-03-07T21:28:04Z" mac: ENC[AES256_GCM,data:4lOafZQ6PP38CByulzA/J86sw+TpQhj40s1lTRXqUtpt72yH8nQK8dXpw0dNYvDBtDpKRvNTHZubzalEua6n2lCQL7rsZ2+fo6FJ4ht2Kb70dddDcWEyrfyZQ2FaKC5L/QjqM0SbIfPszNvyQ8wIaOoMfNJBis5QOjRSGDAcJm8=,iv:LLT0oJW+3KNe1nKphCK0c5FPIuh8GfnDrvNDCFhP4NM=,tag:rPbVY7L1qxNc3aCfv77FAg==,type:str] pgp: - - created_at: "2025-03-07T22:49:16Z" + - created_at: "2025-03-07T14:42:24Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMAzy6JxafzLr5AQgAjwQqdeESOfrOuCjfjALdoy3AnNYC+slusdlra58CoRu6 - YFDAivwPHJBRiuVy43Lo7SWnKXMKvLOry589GBY3JGjNV5U1cPWBhMlTubYZmZWl - iel8Bvw4IF5JksMIvLFdDgexLN7wETzzZP9S8750BCgpSrncrw1k/dUedhv5HUjo - N10x6BPjPSmgolA8uxsISHLAUrKcQoeaWvcZFU1ofKywq08HgIySphy6z3Gmv3Qs - 86saZp1rFm5+qHkrDRgL6Oe3Xx30jVkzn9MHPWzZCDPCEvYGJgXX34NGzbX+/nd3 - JB9XkT2YTFi4BLhdHY3EE7e9//PJc5G9RVDZyAF1e9JeAXH2yR5blXbogoy+VMnS - Yn74Uvs+fnYFTDOiuequro5i0uAyxtrCx8fdfwjuh+9SC5p3N2cBv2eT7zLQwQHi - czHlwxmpi/dMB/u83fR4FzuCUt98VXiezIC4yGn25g== - =Yqqx + hQEMAzy6JxafzLr5AQf/Y0QIIBN0uY3RUj88u5L0tJqypnKOAlfLOMYPkZ0oomAd + ZowogLWJgWyFC6NTdZRj84GoF2EAMDZqDAwh7shrZSpuhr0rwT7bGMQ4/VSx/Sxs + uCgkzXGMT0DsGjDOw6h17dDLNAnnvViamL1Br3ZXG7gZJXmUhPavL1YXeQciPqjh + FyJLAKeb9sQAFUp0Aexo4fKZSJh//O8jTiz7vl5klpQnDHWzpkcuxqIajIoYFdcL + ioP1GnrsUDfyXh2zfLcggxs/WHU24/C8DZqWai9WqRA08kJpw+aj1835vmUIWM0W + E5TF9h/tOEGw+PGhvwNiEvONhv/tpyLpjoXylbisjtJeAY6Fntxcrssw2cKMimFV + UjBuf2vSmQlNBqU+LE0JOICmRsmnLZTEPXnPqpqBTRV4gj4kTLCJYcaEIFP7uSEd + WlCyyX28ACGThorQEoQ/W2bFfNT/Mi7CNQ8EOckmKg== + =6Qin -----END PGP MESSAGE----- fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B unencrypted_suffix: _unencrypted diff --git a/secrets/phantom/default.yaml b/secrets/phantom/default.yaml index 962c6ba..2d744c9 100644 --- a/secrets/phantom/default.yaml +++ b/secrets/phantom/default.yaml @@ -14,40 +14,50 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h + - recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSXhsMHQvb0NyUXRkRDE3 - TjVjb2orQktDMGs4U2JUS3hWdmtMdnhuYnhBCi9VU1RVblZPaW14VGxMcjM0N20z - R1pOdUJZc1ZGcjBsTnNaZGhleVR6L1kKLS0tIE5vQkFhVXd0R3ZQSzZkNmVqN1Vj - NERXdlJhVHF0NWpNT29CNlRid2NYMVUKxg7kbP6dOZDUz0uxdC45DZCAa6GQTQ1x - nIb7lvPW4xFIb0bOZuvc7cAbHjf4So+8zvA0MM4mkTmIDpnwGD5Clg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgQnd3eEhnCm9xWXdTQjZU + Znpiak1xdE1kTm56NWI3bUNlQXBFcjhNNFlwbDVUcGhrS2J4Y1M3aXFydjVGYmVI + UmNKVmkrb3cKWHNsa2FZaE4zbnJWYVo1SDhTOEZxM0JMRWJ0ckpySk11V09LMkd5 + bjhQRkpSZG0xYko3aTFqQmVFU3JhSWo1Ugo2Nk0rNzJBNzJvbVJkU0VhSmRRWE5B + RUt4S3h1cFZkZHkxOU5VUTcxN1JBNFlaYTkyZTNSM3JVUjhCUStNODRMCjdJRWlv + d0g4bnlQMzhWSGUxY04vRnUvbTlyWVQ0eWsvbnk4UmxxOHVZblM3bVFETXJiVjRE + b2s1ZFVHaEFNc3EKSDJTYUVSNWtKQS81bUdOcDA0SnZGeE4vQkt6bFZWY1dxNm9S + YVhRdjVCb3RGaC94djZZeFhXaTZSVVYzaUJ6KwoxQXNKcU9Dbk8xYWRvaGJwSXdu + Zzk4Y09zbW54elJHdjJ6OTNyeURwZ3JJL0gvaFVRUmgyRnNBbXFJU1l5U2FwCm56 + bzc0TkVWdnNoWnBMMjlKbnZicmRxdXIwd2hCZGp5dEQ2TnBtdTZCdnJRbzIyZFhV + L1ZpVW9nZmNqQW45c0cKYnIxQTc2aEowTUprZ1pYVCt3L2NsVHJ5SWF1aHZUR1E5 + eGVrcUphWk1vVURBL2J4UlZLQXluNC82YnNhQUFOQgoKLS0tICtOTXVyUzZldUJO + QkN0eUVRSDlDWmthU0VrRUZDb0VBTVFhL24raHJDcGsKcspICwz+f6y21yogiXO3 + Qp7evIuOzfWe6pMtge5BjxWTlzIdi2btFTzuTjgZaOiQd8FIB3iTqBkepUVD49jN + RQ== -----END AGE ENCRYPTED FILE----- - recipient: age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrcTJGVmZUenNwYVNjRFlU - VXNBeDdpVFVtSTN5TG9VN0Q1WjRFbjlHd0Z3CjFsU1BsNkZ1a1ZkY2lva3lBUWZ3 - YUpqeEo0Tys1bDk0TEpwQTJ2U29kbjgKLS0tIFJDYWpNemY4NXZ0MkM0YWNldDBE - RU1HSUhldHpzeURaUWQvcjBCQ3pMY2cKYL87Njs4e68zu5AXKNF/hxiB3HduS8wz - o0kmGI58DZx17+Cdipw0ab9a9wiu9C9Fn+LaiCcdM/ESXtS79RzdbQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TklEaUl2QkVtVVN5UXlC + cW9RaHNoSnRkV0lKTmtYS0VZQnhyM0o0cUFNCmZWemJuOFVyK1ZFbkR1RUZOTEVB + WmJFemRrd0xIUW43cElkdVJOM052N2cKLS0tIFJpRTNtQ1hjWGJwSFJLRDNRSm4z + WW9MbmZoTllLalpWcFdOa3JpaThPMjQKa5vVGp+L1V2/ScyUe0EaOVw4TB8paS2w + 79VgplKN6HL+f6bL/0rIUOwJ6PDW944bOioKDYvbUCpBnSRYIHnYoQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-03-05T22:27:18Z" mac: ENC[AES256_GCM,data:WSopSnWZ+uOllywd7difaZtJcfxkL7eIf9Kr3GajZKO0+rP6pEHIS+5AbXZy6oKRlCLUPecY/WXFvk3//akpvvXHbf6Jp4fQ/YSuTcYKRQupbDBpOXSlc33QyRl6oEyiMOjxMxa2N2tmq8dmA0NbF9wSDMa5a4eNDoiL5T/sUZ8=,iv:QqbVRApzFF6q24rk8KfKuthj656nEczD9Si4INj+N9A=,tag:tMRNYo+u/jIQ6iX3KqKJdA==,type:str] pgp: - - created_at: "2025-03-07T22:49:19Z" + - created_at: "2025-03-07T16:05:59Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMAzy6JxafzLr5AQf/Zw+EB0lFpbul4KmHL3ndbhQCHzhkMgG6vEyj7EpjHQxE - nwf9kRrTcRh9YdrgR+5PFRnFJ8+L+gZhk+V/GaEPcEUyskOX/YGTSp1u6pXKGEem - TGojrIx0WwcmeCZUn+qCehbC7ZU64NDDmb7VeWnRkMbboU6UVooHUub88VsbnYw2 - XXtXh4G8isrbyAKzUyypnJnEVbKlVqPOL67BYczjyBqMYc1JVLmBy6nP+sv6q/yo - QyDzlunmZtu52dwAL0L6wJF+novLr4W9cso4K5UVv2sp5M8gucuiY2obiB3vNfgO - q9GZTlMWnyDGflM1w+tzpZ/Ke+sM4dSy3cXpZd+MFNJeAaBJ1owjolb4tPUXlt+W - cJ+SFLWxzH8MsPb+Hfxrt8PPCcv67uch/k50PLYs/V/EM59+mgEJe5LY4rMbUSFw - REGL3LA6Cnkl2bUeHlfG7XlztHd/ehmZM2RPKof+Qw== - =htZl + hQEMAzy6JxafzLr5AQf/djnT5hse11QoFPbmuu5rmc/0vpOQ79G6MYZtHlXL/HbP + hx0r25yTI6ICayFiO7luovz58saN0BY5K1dCbGB7+nZ8lrKoGE4GhX4k5Cc/KJIO + BTEbTqMJLezkb34FsuXgD9o2udNysC3Bpi/3NbPCYsJkVeCmx1wyEWzWhz51RO4M + WEyKkE0DyJfOpTuY2fofGhaA866firFDrS2SeiU4Dox4au3iR4VYqt6IITmgZdDE + M9LRp3AzOPOUZzpeRcer4ksh8WVDIWPEEL+w+OGo8QpUL3kqHIMVPgXY0kBOR+5s + tVTCLVe7yoimK/oSYkEx9Z3TYRwKV6ggJWahX7VHaNJeAVxIon8Qs8W2L+f1gclK + tPbaE+jCg6AH3apD3ICisxCj0Vvm+NsWMo2skeN2YGyWBCOoeGcG5OhgJtD0cQiw + QxCzywMXujxYYAXJEvhk4YRhaCOMkTTMGNoloWMugg== + =CHH0 -----END PGP MESSAGE----- fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B unencrypted_suffix: _unencrypted diff --git a/secrets/test.yaml b/secrets/test.yaml index 0f9b6e7..a2a8ee9 100644 --- a/secrets/test.yaml +++ b/secrets/test.yaml @@ -15,40 +15,50 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h + - recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUURIQmZvSVp3aXlFT0RR - VHVBR0drN2JyV1hNUk5sakxGRXl6SEJuOUUwClQ1Q1lRZTR5R3Z4dlZyb29OaTNW - UVcwV3h6UlhtZkg2aFhrUUtIT0tQRmsKLS0tIDlnckhHWXRKcmRwTGUzdHZxWEVh - a3ZSWk0wNm1raXdMYXdKY1hDd2dZWUEK+IFU/9vsHu70XbSJ7sKqFncrZO3NAH8/ - X/XF1VUmIuDfQZYJsDa4HaXe52xvDWTw3/4frG9HutEI2NcvvRpxlw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgQnd3eEhnCm4zQnZFV2hJ + cFR0Z0hGeFlQd1Rtb2dDUDRJOVc3dmtWT3FIa2xOV0hRREE4LzVKQ01FTHd6M3kz + M0JLeEtXTXoKZkhnMTNETnZVc2tEbU84NWlGWk5YaUg5NjJDdk9yb01QMTVCOHlh + SDE3c0c0dUV3bXQ4MjAxYWJjYUFscmlORwplOFZLc1JzUzdjU0lCZGUyQWl4b3d0 + L3hmekNSUUZia2FOR0k3TWcyQm9xZytCakFpSGRidEJUZHQzaC9sVlppCmJBSnl0 + VW9Tb2hRME9MdmFlcUw5Z3MyV0k3V1FKQTNQZ3M0UTRLK0FvL3NOUTZ3RDBQY0M5 + UHdnLzU3VkFCME0KWTV4c29NbmIvLzl3WXJvMkhnT1gwTTBRNzV3RVVnRTdiMkpn + WmVWanB5VFpnTmhQMWRibXc4VGdhblAwWkQ1WQo0YnFjcnpnYTZITnVueTlZYzhW + OGs3MmlPcmhtaWZoU3h1T3FkbmpoMFFUN0UwQ1FDTGs5L1hGUHdJbmU5Q3haCjJG + bXAyd1lycGhELzY4ZWR2cEtmcWt4NnhXcjIyREw3cTR5d3ZoQlZySlg4Z2lwRmQ1 + cEF1VGthTkV0ekg4M2UKZS9aN0IxazdjUWhUMnBFSmYrOEdYQWdocWtQcFhtYlpN + M3FyTDdMSmpESncydnFFd3lTcE1FMEg5a1ZoTXVIRgoKLS0tIEsvb090WDRBZFdV + dFRUUms3S0J2b201OExwTy9DZERhZVlqVEdtaThkTE0KFT1RB8s+hEOJk7XGjSak + 34qTDcoBnaF0jPZ5Z0HsUx84G4Nu5teRVeHgVKyC7Iv7Gi9TkYtsdgM+q/3rdSvn + aA== -----END AGE ENCRYPTED FILE----- - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRGxFWXJVcDZOdzVxaFJG - LzdhN3JKaFhPOVBlblRPNWpDdERPaWhDNkM0CmcvUGxNQ09tNTJndWZTdjFia2pl - RnNWQ0ZKSFhEN0FNbVZlKzlFUlh5QTgKLS0tIFkwc1pJajlyOGNHSTdaM3FQZWFK - NUJpRDlLNXlGOTNBbVRTU0ZMVkhqdUUK1koXmGDGTKoNx1wp4c9EknY9LQ5a7dQP - Zx6OzvtpsxL6KGjH7BeNNcm2zOR4YqnklLq09UsPHElz2upJQzECAQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5eVFsWHZZYkNrdjNraW5q + OTdmbWF6Tm02elk3NGt0TGQ3ZUoxaHp3VGdBCnVqSDRIMlRSOXdTSER2U0tDcjR1 + Tk5FcURQOW90bENWL2Nyck1CU3RBR1UKLS0tIFRZZzlNNWRtUkJmVzBHWTA3L21K + VCsyS0x4Rk83eC9UTHJvM1NJZG9DbTQKbGp6n/45qGA3rgmdxUJQKZdA1zen5kfZ + pXnExsrIhfPDx0oE2jIWGW0N8cizkCJA4k7ROGu56GqIqga9h55VTw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-07T22:49:01Z" - mac: ENC[AES256_GCM,data:yma+7wtzVjCzlLOVpqiicjQ9YN1ttzoh8CpcAtjdtVl6gu7/3FXUKYyAWJd+1NUUpK7vN435gOq9/nsig0FRrn0Hgq0+cjFUGS6+6+SPmL97eFvti89gCOeIFhPvBnJQYJLiyVkUcBek4xW+vnt6UgrTy+sD9AT3KHdBlfu3pzY=,iv:ioswFO5KDAL3Bv7MI8V0aWXXxZZIz1M1PyMUbIMnCRI=,tag:5fUBtqz9J2qvY4fUT2ueoQ==,type:str] + lastmodified: "2025-03-05T21:02:24Z" + mac: ENC[AES256_GCM,data:QfyrJrLERhs14KnuBJ0eCEUqKIBwhmQHROflBAArGlPmyVZU6KLvvOOANv+PJWk9Kt9yPU9Avwt6/e2q0jq9u2OUrvxHbqF4SWvkwhvSoSD3EOe27NGPjDLkVHOdszObo/fT8xglvc6LY8NqL9dXnUoLl58IrY7SE18F7EjrYuE=,iv:rjonQvZQjsr0oC5p3pjh1FAH/7B8SnHpAQ/qFxxfhQs=,tag:/DgHviNrSIzLyjj6ndwY0w==,type:str] pgp: - - created_at: "2025-03-07T22:49:20Z" + - created_at: "2025-03-05T21:28:21Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMAzy6JxafzLr5AQf/Xok7aBMNT6W3LV2Ekx/ccxEZaZ0aVNKHE9aFTz5kBSpu - cXVohu5mEgeXr++HbrsCI821/gfchQ1yzVSLJsSrmZdJ586c3a7pWx2Eo4pcngmy - vb5UWtTBNogABnLz4iTjVQYLjZeNcNhkzW6s3m9PiaX3AvJP9irPcmwIyYpzd9pt - hngnBsdTis52fmvZ6+wOuMyTZU0Iksknom1De8xqgR5ZuO0Vitt19RGbpVhx96AC - t1CUkb5WMFTdpbCFORa/ta9Z7UcKxXTAPsfPkPVG9DnHQ1jSmsJWPDQZxoIJLHuH - SVV+qfRGndOo9fjExCInX6I5wBlrHrdpGtL7VLczV9JeAXYlMJwH63eOyi8hxxtr - KfTJEIALC25uFhoK8bmr30yVZe7thUPMXfht+R5dlHne7+FcBb4k7YLpeN/M40me - CSKk+9YaG7gQIdrfvEXlHSPCPppcKev6ZUspHewhmQ== - =IMON + hQEMAzy6JxafzLr5AQf/aiSW1yeJJ3VLiJ6I+vafWPVe702+6IstICKNdTz4AFgo + 2yUkY/alpgkcH1ybAiRQK0lOs63NBL51Pe2XsKAWXTlHVgFU0B6e+7YoDuwPWnTP + dyTASd+++EAbf0l7bIVQbx28Ib5F5DZyB1VMhhGAZXQqURJGQpLrSqzaoMFPGodg + V7whjtOaEmtFKNhNeRIdrnTW2raeKO0J3mQ5nawCekeIHnx22NxCIbhBMsKpF8EH + 3SZSCNiGrrfbLZFHcM/P5N5qEPc53r9Zvpxcwc8NayIS3kUPwLqKmvhCbRW3WOr0 + 2fc8TQgHTWEYSRSYIVw5vPHWs4+3T4cjdGb0atJ4rtJeAUnGlwchAvxLfFFG096r + SDdiJBBZ03r31EJqnplNwwitKyR4jj+HaM/CNmtSFo7c99iA91A7C1PBri+NpuCK + Fr0JVEom4Fm9WY7BMPduiLN77XLB0aaYN7zu7pwdYA== + =4URT -----END PGP MESSAGE----- fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B unencrypted_suffix: _unencrypted diff --git a/system/sops.nix b/system/sops.nix index d868153..673d1c1 100644 --- a/system/sops.nix +++ b/system/sops.nix @@ -1,15 +1,12 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ - sops + sops-master gnupg ]; sops = { defaultSopsFile = ../secrets/test.yaml; - age.sshKeyPaths = [ - "/etc/ssh/ssh_host_ed25519_key" - "/home/lelgenio/.ssh/id_ed25519" - ]; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; }