From 154edc19727ad1a02625da219214d03c78928c4f Mon Sep 17 00:00:00 2001 From: June Date: Sun, 26 May 2024 02:58:15 +0200 Subject: [PATCH] Switch the matrix hosts secret management from colmena to sops-nix --- .sops.yaml | 17 ++ config/hosts/matrix/default.nix | 1 + config/hosts/matrix/matrix-synapse.nix | 16 +- config/hosts/matrix/secrets.yaml | 233 +++++++++++++++++++++++++ config/hosts/matrix/sops.nix | 7 + flake.nix | 1 + 6 files changed, 265 insertions(+), 10 deletions(-) create mode 100644 config/hosts/matrix/secrets.yaml create mode 100644 config/hosts/matrix/sops.nix diff --git a/.sops.yaml b/.sops.yaml index 47f0075..47c6197 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -12,6 +12,7 @@ keys: - &admin_gpg_dante 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF - &host_age_git age18zaq9xg9nhqyl8g7mvrqhsx4qstay5l9cekq2g80vx4920pswdfqpeafd7 - &host_age_forgejo_actions_runner age10xz2l7ghul7023awcydf4q3wurmszy2tafnadlarj0tvm7kl033sjw5f8t + - &host_age_matrix age1f7ams0n2zy994pzt0u30h8tex6xdcernj59t4d70z4kjsyzrr3wsy87xzk creation_rules: - path_regex: config/hosts/git/.* key_groups: @@ -45,6 +46,22 @@ creation_rules: - *admin_gpg_dante age: - *host_age_forgejo_actions_runner + - path_regex: config/hosts/matrix/.* + key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_dante + age: + - *host_age_matrix - key_groups: - pgp: - *admin_gpg_djerun diff --git a/config/hosts/matrix/default.nix b/config/hosts/matrix/default.nix index c0a7703..1c1f783 100644 --- a/config/hosts/matrix/default.nix +++ b/config/hosts/matrix/default.nix @@ -7,5 +7,6 @@ ./postgresql.nix ./matrix-synapse.nix ./nginx.nix + ./sops.nix ]; } diff --git a/config/hosts/matrix/matrix-synapse.nix b/config/hosts/matrix/matrix-synapse.nix index bcc097d..dd92a5c 100644 --- a/config/hosts/matrix/matrix-synapse.nix +++ b/config/hosts/matrix/matrix-synapse.nix @@ -44,20 +44,16 @@ }; extraConfigFiles = [ - "/secrets/matrix-registration-shared-secret.secret" + "/run/secrets/matrix_registration_shared_secret" ]; }; systemd.services.matrix-synapse.serviceConfig.ReadWritePaths = [ config.services.matrix-synapse.settings.media_store_path ]; - deployment.keys = { - "matrix-registration-shared-secret.secret" = { - keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/matrix/registration-shared-secret" ]; - destDir = "/secrets"; - user = "matrix-synapse"; - group = "matrix-synapse"; - permissions = "0640"; - uploadAt = "pre-activation"; - }; + sops.secrets."matrix_registration_shared_secret" = { + mode = "0440"; + owner = "matrix-synapse"; + group = "matrix-synapse"; + restartUnits = [ "matrix-synapse.service" ]; }; } diff --git a/config/hosts/matrix/secrets.yaml b/config/hosts/matrix/secrets.yaml new file mode 100644 index 0000000..26253ce --- /dev/null +++ b/config/hosts/matrix/secrets.yaml @@ -0,0 +1,233 @@ +matrix_registration_shared_secret: ENC[AES256_GCM,data:5fKfTqwoUreSIPbua5t1lYZFRnQQjNzFvrIBVIBfKWu20kH4BhlDboL/zYnhWLELq/KykX/EUvijoZxxTnUiN7T8H3L6fKOCQKacZkIwKfg/JjqLVnXIaY0JOwg=,iv:Cazhdo7YR0zSgiyQoHLsk2e4dWGSoSfEtOuMA1LEJcg=,tag:KsbnGvEyRbzbIXuAayQk5A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1f7ams0n2zy994pzt0u30h8tex6xdcernj59t4d70z4kjsyzrr3wsy87xzk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvZzNVUm1keldaNExycVNM + OEV5SUZQNC9uSW8zMVNZOHQrMUQrNm01Tmg0ClF4Wm9uSzRTL055ZnlHUlplUHFO + QmhXQU5yMFJDMytyMjFiaWFXa1RuR3cKLS0tIDM2d014TTRySXVtOEJieVRxdlVp + NG95TjFjUjZFMXh2STIyakxqbUJnRlUKQ64ahDiNJ4nPUQ5pLH4Jb5yidNrK11dT + YSg9QNr++FTdYaQ/TXmYTg0d4kF3yb/xyG1vZMcpZP6+omwN73DSfg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-26T00:55:05Z" + mac: ENC[AES256_GCM,data:ix01bcc6i1dTxoYkXbnEbLgMC1bcplI/hZhyO1mFzPAyjfn8h2d4AHUS9CG8UnIDYGky8Wx3BqrC6MmWMtt829m8bS6t83JTPxOEm1pFEa41sUkW9NYuNPL4LQ8X2BzwteQaI8nfscIuwOZ0nK5CmArZneuUookQEszAGX2R0Mw=,iv:mZlEG2pPfKLgZ+6k9iN+NexRzlibYi1HzqBzbrVFj3w=,tag:PIXA+vyOSaZdU0CaI+03/A==,type:str] + pgp: + - created_at: "2024-05-26T00:53:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//Zi8QfQ8Ahr8WyEeaJIvXBRGUzmyg84aboRweI9D/MeJ2 + CnVm91xr74HylD6sAXbGcTnwTtWChrrgSJ7vGBj5t2UOuW9zpKFl/pgs7o4jzwoc + C2Kmgug7S/chaQJsfKTkAs0t/MTHO+DZru+O/pT90zgdQEig/19i1smnrseBuAiU + zow7lc9mwBTIEsTlkYoIr1+Ihoiizv/q9oeMvfaZr8hKV4wYTp1Cx9xCgXxVcv+X + SpzIqqTT/lm87znJcSWCQY9fTRrhAQu4RdhXzEIxTODljmFhQcx/Nug82EAc1Xjh + B7qMIsblbabJyrBUk5BypvDHJiso8qLd/6/i/rRztzK1q3vtT37XPKk8KIJz84cy + ZDqAGDWj8jWDctwac0xTAFKVr/5oF4TGIf1Ydwv7+GMOeXvn2ZInmiMGUKxdGhwW + vg2azqqatmRQxI+kHUHz+FBiQSTgKIkVplg8daCIhQVK4r4CkOU5dPvDjw7FLahV + LN7XVNVCZw7p9yACd5KkjWX2E7bfpHr/EADOr5epc/EZwOmblFmGPzFPNR/IfF+E + QJrw2bTDuMGZRzvn+6CozZOnOFpSrYtzbUHTvdt+iskHS1jD237NOvPe4j2Od401 + c2LjekRPo9BpkrufIlDQrgjflH6RGHOLdgqPE9j2zIOfmKjdIYiQlIIjNlh/xeDU + aAEJAhCoQ0WS+mj/YL0Y7lu2/GEf5FxjkOwa0o6SOd7iR17zrTwRkBdSfsSUAiu1 + pw4vkDFzgvwR+80vYfZcnYyCGOQKMYcn0PLtmnQfy/LUUGW+B1/kxqSHZDDhCuWr + o287s9GBxBoQ + =BImL + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2024-05-26T00:53:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//VYKib9HvGAxzknrRfI15qFSHdvRxWDiR0M8Jo7JWTOCJ + e0BGytT/dkYAKXeZvLX4W/65jQ4GhBMi20NSnyfqsWt/ENoLc3v9mXX3JleBRceX + 8Gyz7tlqjg+pVW7lUtotz4vM6TeKBJUT6tHm5K0OiQBeAtjitphIkmakw4wrS0+Y + +3Y7dOpktefQDSWVDPtbDOImcMFS6EYn5JCPG9xOhsX7XoK7/wCmZuSF3p/q6/CV + 3NgTK0W2L68CiUye+ajrtn4545f3jnQXiu+JkZGcHdKsHaexW6dzpTsSgsSc1S+t + NlhEty6Q7kXXylG3OAtoEhsA3PP2Av2o0oaIpn1Syd5czHvmV7M+QT1M9HU6U96l + Nwio5cSX7faMrlGfaBNY681kVtOiOSFDMvDes8oPEqrqKEDkIiIQwMnh68iCTXzX + jRj+dpCLLfrHdo1+oB1JI151eB3ofUPbvTSdz/pASJ9gkFJBgGCl89atxZ7BDNQZ + oCbk0NxorDG4RBA2mliITnctqAe8ZcpBrOJoGO8oJ6u4fH2SNNuoc5A+7tMEHCqb + 2E06TYmUASROR87g0yZdtffK6+ZlLZzzNI4riTUGaGUu3wXDh1ZbXB1CwF5LJ67d + 4P3gJApHJ+ZDrJGnWr/4Tx0NlvPJgJ9bKNT6F45ZZcQzq6bt+RUh6RC1Axvdns7S + XgE7EN6IttIGME/AAeNdGh6O/1XnE2CEiqwqTePb9kgwIufoJWLarnz19qcbnMp6 + mfHNrJlF5FSVuipVtgCYgfWDos7ft1qDqvgRSD1awmdFIk/2ct3wjXKxyB52Vxg= + =5zOY + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2024-05-26T00:53:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ//cBAsMfpoC02vbVtRPf02VS4NIVu2lM1JdB/IcPo0BHSF + PHNaVh3bl2a3cqbfMvNG9nquFVpDgtAXcSaIvozlsWgMuBIukfYKgeoFNh4fhyy1 + Wgcl26wZj15Tpu4rYHK27CmXBHVusQUyTZVx2CUZwoSdtI2zveWqs7+Qvfhdjb6r + Yt1bDr+Zkrd+AxUuU5Njlp2eGOcuxINGLln2lh8jrdSytOzKll+G/nI8yBdk1Vql + P7iTQ4hHlCzs6HBsgeA7mpkJMP/h0Ts18DQ9sOYCi1SB8JR1eOqZWUu/1nSAk/hV + ntHk3+FnOta4wx7VqYNjRi2JROpvi935JBu0UqwGkVVMdqQNB33/qnJdzcdcfoa1 + 3o5UtsQNuFZW/SgJ3uiPYshIZZGujH3j05aKZV2yULyBRfP7j4KrIq+3dQLlW4J6 + TihPL1Y3aqVvlU0rGOjjKeBL/nTEbEQtbkyCcIrW6WjdWvUYtTeIGnBJt+ExkyH2 + cmuoch5XjiwMrXDnIFzOqeKbLsIZIAatFOzP0jsy66w2VAeNY9AyXCJI4cTqE6py + RVc1QK6+ynhrQ/zJ5XKJD4ATequVJidshC8ci900KBW/1R3XLm7zGQtw3gj5QQ6M + lMfA3bPS3H/DzFHq9NWbQ7Lfkm8N5W8ZSQwBKum9o1uWJC/79lFkyfgf4JqDjDzS + XgFfOjk/KKVSrS7P/3V6YHfQscFuq+Tiepr3LCNt8o+0IbNJbsr1Zg+sutuMFhrq + 2lblr+MKkvUpYBhUYYen/PULpr8c6QZYiVX14xJQqFzYk4U/4WoFZm/8dXuAQ8s= + =z9Gs + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2024-05-26T00:53:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ/+JcEj7POTdpKoqBO0W8sxpvNafGlxWBmGF9nVMKsCe6r0 + +z2iyj0TF2ffRe822djXoG0Kod4Gf1Ihg+u/EKGgoL41CRt3DhszervSesm/pHJU + 9+IMJYj7Wz64GekkIVkYgcLkJr7AeIYM47W9kr5XGWCI4ogQLHJEVgrwFMWVsynV + meIBjn8ntS1aI9xZQC0EePlBekD6zvwQHOyEkar1MD4NaMqLKf+9x7IAErY0msXz + czBfBVZY74q0Aq27YqfUcl2QkksxfLsti3WrB4Nb2YIqzGJ6bED9TsqRhy9CQRBf + TSN+jh9Snit8NgLMAD2eyBgGUcQbwvyW2OHEYWpDXqsMbGmXQ21wygBAN0vfSCyx + v9m2+DSJ0jG9icBj31JqZcztI5fRsaForxIRmuT6EwGHc0YfuJwk8LWW1YOTRhYq + KbOMzGZnB1aNI9i7jVYHgraU1vB6u6R3hU2hOJq0zzqP7w/XuSitzb4+EzwuFkw8 + zVRNJ406ZYJvMhZp8NQ878WkJRqsV3C++LevnLkHLNfMOfDcD+nltmctVXf99Fc6 + ebc7FQj6jOsUlbNQMxnqOZ/6fV9WesjPgCsUMJFxC7/5/5th8CU5VJHYOwwMUEMS + +zbwM41MxUeknII7dc22MHUXxMocVkhlmGPYNc+jRv85nuDwbYqMa9Ht4JychK7S + XgEZyWSvHupNW3XMwspeyYZMS3pSDO+2YExopgpP6c9Uq1TgvkHo2L66SXj/E4EA + RaUR/bY7EoEdNTrqWlHpuLyRihgqHLHzlRsdJZYBinaIfwmKzvINRiQbGjqhKLs= + =mbJg + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2024-05-26T00:53:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4HMJd/cQYrVAQ//Vo1ZEeqpfN2gJUEKHZs6L3dXmRSd5RedwTxivQSDUZaw + CS5CQgBHd6H8ly5Phc2+QrXSjn6sJubDPaCAVmWKOf4WTMOATgdbp7eNEKlX06iT + igr5UuptY04tM6AauuXNLatD9F/2p545VkLUYVNQriVMgXjrSd2MWo7/J3P7G7lA + xupGHMQ/L3gwU2A50sJUtAc1/SW6h9RMNwHjx6FVRvQtdWUdAoRYCT+r2fICKs1m + MKYOUzOA4CW3uURM2NZEFrVdmES0izv0vNAQqx0lVxAL/qhqwsGqTAZkXryef39J + WkIpqwQWWutvwmpVu07yBllfWU5XzoxaH+ye64p7+3SyrRwdrZc7IVW8NM9NSAru + +2lio54b/dp1Sh7GGV2Y3hNMmGuPOym/PEOLVG99mkfZaPDG+Ui6enV1Ol+dFRaJ + 9VqSa1zIo5N1QdW4iy/Rke7oMlTINcJDCA/KgYeLXK5IRz/iv6q1QyzhR+dNH/pu + JzxDSru/ZSTP+oMXZ1AgGf9UDUy258A7oDRt/ECN2c3oggj+Oh/HfnPXfD+9Mlzq + c/FGIRDQE7lLQoHqBaEgp9pejepAAocCci3UMgAO3ZTgIlXwJyE7fWZKrbATIqEX + GYr/tLNIyb1df4Cg2Pp+kS0i5+KnPqcbPkN+IhJq1BA3qG0rzFJiQtIR5Yn7BxXS + XgEVc+mwjUlUnQuVxFzfyZSlVh8tipwLZck6aG3IrLn/9WSHMY22GDOprsy3bMta + OOy9KLyPgZIdPr1v4BmX77x+2Z5EeijAEswFgfPvSPEuWKSiqkXvaVDy9w+U8kM= + =0phM + -----END PGP MESSAGE----- + fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - created_at: "2024-05-26T00:53:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fARAAleXLoRXh1RP5u4Hk4zsVpSbbhKKW8dypXDBVMa4trCi/ + Xq5Z7XM/Nip1iBCUHoLRaJdi2MlM2aDfVFo+PEx4JagpjxFjzqW21WUa5vqct9Fy + UVgdsssSVq8hNrMvlxDJwYVYfyQIOUqKyzDMbXOGh6AaOHaZsNsWtOBDJRqHMSXy + ULXMH9xxHmheDDV/ZnlOl4fOBJT+qC/F02Yo92Q7rMHWMcNs5NITGN3DDYrQqs6i + uHopbwuTpRMggnHldaMM2l2n4eCBiKxxz0dGit7FlpFL0kgsZROGBkQUyAZdkkwQ + LKnaqgodCv9t/6VZNATp8+iJP7ji5IvXeW6WQOztb8+h8JV3j8pHdadNzgXxH4av + LVnqAABQMhay9jEGlPzgQFT7zDbaAiUd3bSLz1i02Dyi/FYCIylHFEmBErr5RBsn + lqbG/vAxJPKOkiDL31nkjugd09UeFYNp2WqO1DpeoYQoMltFD26TvUnbOAQo+v/y + xxl7hhCTzbd6kF1VxSCNtv0LhDdirq0+eiFN89E+5ijLjhmpg23S2E90etuRgjuF + b050aoEJyXosRqgXVl0qkOEnXgQDbAXrEobbbRixrIQRHmNN1NjRCudzJjxs+p39 + tucfUPZJO5np8ITgE7XCt82IYxW7b3HO2kejJAluIfUxOkdBgORKuc79vEaP+rrS + XgGAqi7CdzN/lfoLononCBOhce9XgdgpbpQRohO+jLp+abqmbnEzI1ZnzxpWXo8Z + taWKvUIySWbN8bWhmiIky9TyUXEfRVKe9I0MUC3Q94NAnlnj+dNXXr3mS/AxNcQ= + =ZYXj + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2024-05-26T00:53:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoARAAsBC/uAbTVpBWv3dmzvVglih0Zlnumbz6wcDbeDTVP3r+ + XiUyiDFE/Hdnm5J0be2jSj7s5RIXj8Gb5BkXPoytAkGF6NMtHjZJLmeo7NciQ6Bo + wDf5IXCmv/PbyuydqkHJEztsSMWoCQbGQo+dMeWoAY+WKt+dQGyGmoB8BbeUjuH+ + lgKlUk3W1INTV74Qz6avuEQpwc+6hvb1w3Vb5kdzgRjplLUB4w45wP+79HE8Ub3V + 7PhhEQMza/CIyYqHEGQ8fKzd+tuX/naYXnbfTCu64eyKCz2fQZOMdqKNA49aMWGC + vo8K38Nd8haQ+tcJvT9Vuis3n5X0Qdzpk/8u+M2XM4UQLHSaKSQRnJLpslumLJGK + fI2ErQJoD/TR+vvwrKXmCOEeiFjs0GC8zQEVP6Qa1JE7Fr8iKIEtYYXmGK0Q5Sku + 5eUkrzJC9Lh4rBvGXLX1PZefBVxnnlBMNk0Cae7vGnKKKuARE4aYgRkIhzIp0GuG + pdwSir1iTVMKtfrkpJ7BqPANKxApbLzYHBi9rFWJboA7HAXe/E73HD4Ov0tIs1La + 9rwRiJ0LYUixsngf6YvtGuj0ZiuTe0t+VhYzg9sYOcBWW8z/AAuZ3FQoBWLdOFPA + GBVI2KV+vr5h4dy7+yCqPxpqhkKe5ObCdwksBrl9tiaPVoQuN6Zv63kLlCtkP7jS + XgFYwBL4tKcCPfG+9J61T3LqItNLmzrT56LMN6LIz3pvRtASRbSRRnqKuuPgAL9g + IeFHe8lblLErRwKz+iNre6wwQCEfwbVf5NPF+rLh3nfEIZzCf/CF3qrxBpdYzwQ= + =P+bx + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2024-05-26T00:53:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqARAAtl2tC6rlB5O8+4t+b7ZEo4GU578OHN06nJKxxFQHG5zn + mkcANcm5gVDSRAOecM2FyZe4ns18rH4OCvp+uegEQyMVN/XNUEj4/+bGzgXX0NZf + AazE5s2+0i2NETv9bhPjJB0RR+U47PEgx9vKf4EnvL9MAfWyPbGwzR6HdXXDEE/I + c3GNaIOY7YWBgXEuX5LnZbON5hQhbFADY/BRhP1S0d7Wzff6sYgtJhbtaTQFSX2p + j2+pTA3D+tI2h9VvKnZw3n1t8Jc9apP81KNFCURpNpdR8Jh8KQ0aSEcYWTusjah9 + QOX8RmsnFnvWKTN+gU6tffcSbu/r76gmXyUCF47mWvn89ETVA8azp/66zfLTTTvO + CmFVx8+2X1TK04SIKa+MQcpAuS5cTHH6bw7N8u1YfX6O8mbHX/ZH7NJi/Bhxmube + Cau4DtdZ8mX4yz0EjUF62skJoaYYUl3UBrkGXl5A4NXK75ZHlBHT9Cn4YQYIPP1b + 5MAnTsy6UtsGVBZPf6O/kvkA2gAQNjtOjQ2nB1FF6fjqEFFopzmLnAgGvW7lWkeo + lTbrylmv6SrrvX/0wN5Dsayni2iRb7pisEAFs7JAythm463PDrzaRmLoPBNBmJz9 + l88QlYWDQaet4QbJ1AnEaOu5K03coEy6CTzJYqgkTWdLuFC4tUyKsD3P/1EANonS + XgG1y8ifC6F27sgwQribg28RPRvwoiRSGszAXCAeIwo834NQLIvswid5C4VCvPje + XG4X8m9pipP+BoXF8UuX7naRFnIGfXBOVH9N+1+SoTeZtXRX4GIWUGcRtk4nrJQ= + =FQZ1 + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2024-05-26T00:53:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4EEKdYEzV0pAQ/+MLPIERHeZTiyNPEUc6YnWYcfW3Zgnsnc7EzfFn7NJla7 + HpD82Y14w1gpQrUiPu7wdjzh7xeOQ3fnk2819g4wEXU32M5rCUay9XUWqWFnzpMZ + /Gy0tdwE9TgwrSQ6GDNd6JO93hLNByq1QqhsIkKEL640Wv6doLVfQW07O59hDrPd + AQ3UxWnohbNbD333yXa3kjfYcNugjtERM2wZ6qqZoXp58SG2RE0A2wMV77H0jOQj + Rx0arENCNBS5XZlIJW6v+I1Ak1wYnW5vAlVRMcUXo8vJNu93WaZ906EnmVCQ0cYn + LeNVH2ajcuOud/uiVntwdYKMr85rMBl9eOlsPP3dHqbhsrXn/+Oqagh7YUwEvJ8g + LK1krKc4Jlj9a5J6dPl0lCsEAv6vGaVCICJkNnd0JikTViu7DhajImfGrSLrA6y+ + 81hx/TTKqisAL1xBwOOu+LbwlhFZrkrTQaKnueswKzwrS3utxSX7OIepui7Ib7JK + h5R5VDq1bTCbRvo/rRpCaOt1KI6g4ZX+o5TI/60TUcGvzLRRAv7jZZ05PKhcfRuJ + 4ZrKoRu2qKVxA6+kcOfy4Gi5MgkI4Keue4tgJsYJ+LCP8tV7+Jntxf4XXVMLoFCH + jQDe3vIHOxNKqlPUEnLlVmv+g3K9Y7N5uBLuk3xkVYrxWRhBmY6e0WtTVEF/lWjS + XgFWqfLHx/JAJgIU2tiO9oLkJWcdHuXAHNYDvTKP+a8WLcJDZdS8X1feqOpWYbaH + zVbYkg4MGJqO7K9f3jlCtyszh3Kpu5CFbfXA0MZ3M2eRoJTv91iWViIWY7UP3VI= + =vsm4 + -----END PGP MESSAGE----- + fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - created_at: "2024-05-26T00:53:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdANu3CeUuv/SDkBQG+aROPeiWBauWaQBDUm6UdXAhEBXUw + Tuj49QiBBCQ440R3SBkHOzOOUUTMPkWo/wESnJm+EPla800tb9B8rOvUj7PnkbiY + 0l4Boe0q5XPHSysz9eIQ7zRwSKoClgd+zi/GOtcsvxkLWlISoBzAVOVEvk55OeKb + 7J70fuIMl5rZPPFBzbF9gjnCHxAtfSyze5774nPfFI/zoQo3WaDfL/9viRhP7Eqb + =i8o+ + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2024-05-26T00:53:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAzdAjw8ldn6CAQ/+N5yVnEm3ejyw10aDPkLjJoUIoxZl0Nof6pGZxdWYgiF5 + VrEsLv9vYQD8Wp7/nXuI2HW7OoA+vTG9KBZt2Tw9R0iPIMXpEf0fewPSBZ2n10lk + KJPvkMP4w2OV1AfGT+PrRPLaX8/2E4p6dE8BPviWEh9HptYKodhs9lRlcq2C3Kjh + sE88eJOSA+fQpASVZLNHKYn1UrXXENRTHE4tw3+OIpE2KSxHvIv7sI8LuXZb8Jxy + OpmUP+v9fmhsPJYIlP7SAvITMgZdMHceH7SDgOZn0kVU0inr7MJ+FCcNQkQOl7aP + jMp2B7qSXOdC2NHUmdYvzeUx6B8O9Bn19VM5LGte9n1RBnknw6TQfQO+fkQTjUyl + 3FhVqQAxrutOBjud5xn7H0Grj+7oqRI51LLUjLQdOzpEi4hul9Of3FfGnKxjOxUf + yVBHqZzFco5rcN2fzMgWytjuSED0AE8UPS/tcd01oXXEsTj4YBSKWox0gZuyn9B1 + mspU7vr9I39igceGVE6LJQ4EBnpR8xC7v5CDFpEbCr1qt4VlaH4nUgfN2tEGtOGW + 2mmrX2nGC1r1VRm0K+ACRW4htDsOsBzSxQttVJ/5IWkP5fqegcwIajjo18VXz8IH + BtZdJKzXuhQLG0B+sXndOAgACWkVQw4F2hD5CYRpiFtungAqUbtSDbeb43x7ICjS + XgFrmwLxkGfZYKOPehbp8L9glbHpfHYE4CopRHPtUkhLTNWTqzEyE7YQYYVu9Cui + E9Q3v2/+2swn6nKOQtB1Adu8ItCqu8Om+d3IJQvKVS24k4+fKPWa7/ccmkXz7OU= + =w7hs + -----END PGP MESSAGE----- + fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/hosts/matrix/sops.nix b/config/hosts/matrix/sops.nix new file mode 100644 index 0000000..b4548ed --- /dev/null +++ b/config/hosts/matrix/sops.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + sops = { + defaultSopsFile = ./secrets.yaml; + }; +} diff --git a/flake.nix b/flake.nix index fc4fe7d..7bb4e77 100644 --- a/flake.nix +++ b/flake.nix @@ -159,6 +159,7 @@ imports = [ ./config/common ./config/proxmox-vm + sops-nix.nixosModules.sops ./config/hosts/matrix ]; };