diff options
| author | Fuwn <[email protected]> | 2024-09-22 03:00:21 -0700 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2024-09-22 03:02:39 -0700 |
| commit | 392a62d4ce64303eff6ff03fd06257db9cf60f8a (patch) | |
| tree | 4a712278fd2cbf67abe21ee71797dd7ce8d3efbf | |
| parent | september: update analytics url (diff) | |
| download | nixos-config-392a62d4ce64303eff6ff03fd06257db9cf60f8a.tar.xz nixos-config-392a62d4ce64303eff6ff03fd06257db9cf60f8a.zip | |
sops: seperate secrets per module
| -rw-r--r-- | .sops.yaml | 17 | ||||
| -rw-r--r-- | home/default.nix | 1 | ||||
| -rw-r--r-- | home/ebisu/fortune/system/default.nix | 1 | ||||
| -rw-r--r-- | home/ebisu/fortune/system/sops.nix | 16 | ||||
| -rw-r--r-- | home/ebisu/fortune/system/variables.nix | 4 | ||||
| -rw-r--r-- | modules/desktop/default.nix | 5 | ||||
| -rw-r--r-- | secrets/ebisu.yaml | bin | 0 -> 1421 bytes | |||
| -rw-r--r-- | secrets/himeji.yaml | bin | 2169 -> 1599 bytes | |||
| -rw-r--r-- | secrets/kansai.yaml | bin | 1837 -> 1223 bytes | |||
| -rw-r--r-- | secrets/secrets.toml | bin | 1656 -> 1463 bytes |
10 files changed, 35 insertions, 9 deletions
@@ -1,9 +1,20 @@ keys: - - &kansai age1epapum5m42qz9rf6nthadtlv74uxux5xqfwkcs3ly875ft5r236ql7lh5h - - &himeji age14dpp7649l9j8yt4kmnk90pnxplq3eur9xq2t3ujsrqk5luyj8fzq45dghu + - &users: + - &ebisu age1slfnfst9x5s4557qtpmypwul337plw8cv9vena4ufwcets5gg55s2z95vy + - &hosts: + - &kansai age1epapum5m42qz9rf6nthadtlv74uxux5xqfwkcs3ly875ft5r236ql7lh5h + - &himeji age14dpp7649l9j8yt4kmnk90pnxplq3eur9xq2t3ujsrqk5luyj8fzq45dghu + creation_rules: - - path_regex: secrets/[^/]+\.ya?ml$ + - path_regex: secrets/ebisu.ya?ml$ + key_groups: + - age: + - *ebisu + - path_regex: secrets/kansai.ya?ml$ key_groups: - age: - *kansai + - path_regex: secrets/himeji.ya?ml$ + key_groups: + - age: - *himeji diff --git a/home/default.nix b/home/default.nix index cb76501..73b31fc 100644 --- a/home/default.nix +++ b/home/default.nix @@ -28,6 +28,7 @@ in chaotic.homeManagerModules.default pywal-nix.homeManagerModules.${pkgs.system}.default rui.homeManagerModules.${pkgs.system}.default + sops-nix.homeManagerModules.sops ]; extraSpecialArgs = { diff --git a/home/ebisu/fortune/system/default.nix b/home/ebisu/fortune/system/default.nix index cf8279a..2215f17 100644 --- a/home/ebisu/fortune/system/default.nix +++ b/home/ebisu/fortune/system/default.nix @@ -7,6 +7,7 @@ ./terminal ./virtualisation ./peripheral.nix + ./sops.nix ./ssh.nix ./tracing.nix ./variables.nix diff --git a/home/ebisu/fortune/system/sops.nix b/home/ebisu/fortune/system/sops.nix new file mode 100644 index 0000000..695d343 --- /dev/null +++ b/home/ebisu/fortune/system/sops.nix @@ -0,0 +1,16 @@ +{ config, ... }: +{ + sops = { + gnupg.sshKeyPaths = [ ]; + defaultSopsFile = ../../../../secrets/${config.home.username}.yaml; + + age = { + sshKeyPaths = [ ]; + keyFile = "${config.xdg.configHome}/sops/age/keys.txt"; + generateKey = false; + }; + + secrets.suzuri_token = { }; + secrets.openai_api_key = { }; + }; +} diff --git a/home/ebisu/fortune/system/variables.nix b/home/ebisu/fortune/system/variables.nix index f365ed1..5b96479 100644 --- a/home/ebisu/fortune/system/variables.nix +++ b/home/ebisu/fortune/system/variables.nix @@ -86,7 +86,7 @@ MOZ_USE_XINPUT2 = "1"; AWT_TOOLKIT = "MToolkit wmname LG3D"; _JAVA_AWT_WM_NONREPARENTING = 1; - OPENAI_API_KEY = secrets.openai_api_key; + OPENAI_API_KEY = "$(cat ${config.sops.secrets.openai_api_key.path})"; NNN_FIFO = "/tmp/nnn.fifo"; _Z_DATA = "${config.xdg.dataHome}/z"; W3M_DIR = "${config.xdg.dataHome}/w3m"; @@ -97,6 +97,6 @@ BUNDLE_USER_PLUGIN = "${config.xdg.dataHome}/bundle"; PSQL_HISTORY = "${config.xdg.dataHome}/psql_history"; PKG_CACHE_PATH = "${config.xdg.cacheHome}/pkg-cache"; - SUZURI_TOKEN = "${secrets.suzuri_token}"; + SUZURI_TOKEN = "$(cat ${config.sops.secrets.suzuri_token.path})"; }; } diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix index 8cbba05..f50ffba 100644 --- a/modules/desktop/default.nix +++ b/modules/desktop/default.nix @@ -1,7 +1,4 @@ { config, ... }: { - sops = { - defaultSopsFile = ../../secrets/${config.networking.hostName}.yaml; - secrets.openai_api_key.owner = "ebisu"; - }; + sops.defaultSopsFile = ../../secrets/${config.networking.hostName}.yaml; } diff --git a/secrets/ebisu.yaml b/secrets/ebisu.yaml Binary files differnew file mode 100644 index 0000000..ea98b7a --- /dev/null +++ b/secrets/ebisu.yaml diff --git a/secrets/himeji.yaml b/secrets/himeji.yaml Binary files differindex 03664d1..61b16af 100644 --- a/secrets/himeji.yaml +++ b/secrets/himeji.yaml diff --git a/secrets/kansai.yaml b/secrets/kansai.yaml Binary files differindex 108f142..62cf0e8 100644 --- a/secrets/kansai.yaml +++ b/secrets/kansai.yaml diff --git a/secrets/secrets.toml b/secrets/secrets.toml Binary files differindex 0be4cd0..559898a 100644 --- a/secrets/secrets.toml +++ b/secrets/secrets.toml |