Introduce sops and sops-nix for secret management
Use the GPG keys used for the password-store noc directory for the admin keys. Switch the git hosts secret management from colmena to sops-nix. https://github.com/getsops/sops https://github.com/Mic92/sops-nix
This commit is contained in:
parent
eab3523033
commit
88e3da11a6
46
.sops.yaml
Normal file
46
.sops.yaml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
keys:
|
||||||
|
- &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70
|
||||||
|
- &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
|
||||||
|
- &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
|
||||||
|
- &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505
|
||||||
|
- &admin_gpg_june 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
|
||||||
|
- &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55
|
||||||
|
- &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
|
||||||
|
- &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
|
||||||
|
- &admin_gpg_max 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
|
||||||
|
- &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB
|
||||||
|
- &admin_gpg_dante 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
|
||||||
|
- &host_age_git age18zaq9xg9nhqyl8g7mvrqhsx4qstay5l9cekq2g80vx4920pswdfqpeafd7
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: config/hosts/git/.*
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *admin_gpg_djerun
|
||||||
|
- *admin_gpg_stb
|
||||||
|
- *admin_gpg_jtbx
|
||||||
|
- *admin_gpg_yuri
|
||||||
|
- *admin_gpg_june
|
||||||
|
- *admin_gpg_haegar
|
||||||
|
- *admin_gpg_dario
|
||||||
|
- *admin_gpg_echtnurich
|
||||||
|
- *admin_gpg_max
|
||||||
|
- *admin_gpg_c6ristian
|
||||||
|
- *admin_gpg_dante
|
||||||
|
age:
|
||||||
|
- *host_age_git
|
||||||
|
- key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *admin_gpg_djerun
|
||||||
|
- *admin_gpg_stb
|
||||||
|
- *admin_gpg_jtbx
|
||||||
|
- *admin_gpg_yuri
|
||||||
|
- *admin_gpg_june
|
||||||
|
- *admin_gpg_haegar
|
||||||
|
- *admin_gpg_dario
|
||||||
|
- *admin_gpg_echtnurich
|
||||||
|
- *admin_gpg_max
|
||||||
|
- *admin_gpg_c6ristian
|
||||||
|
- *admin_gpg_dante
|
||||||
|
stores:
|
||||||
|
yaml:
|
||||||
|
indent: 2
|
|
@ -8,5 +8,6 @@
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./opensearch.nix
|
./opensearch.nix
|
||||||
./redis.nix
|
./redis.nix
|
||||||
|
./sops.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs-unstable.forgejo;
|
package = pkgs-unstable.forgejo;
|
||||||
database.type = "postgres";
|
database.type = "postgres";
|
||||||
mailerPasswordFile = "/secrets/forgejo-git-smtp-password.secret";
|
mailerPasswordFile = "/run/secrets/forgejo_git_smtp_password";
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
DEFAULT = {
|
DEFAULT = {
|
||||||
|
@ -77,14 +77,10 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
deployment.keys = {
|
sops.secrets."forgejo_git_smtp_password" = {
|
||||||
"forgejo-git-smtp-password.secret" = {
|
mode = "0440";
|
||||||
keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/git/smtp_password" ];
|
owner = "forgejo";
|
||||||
destDir = "/secrets";
|
|
||||||
user = "forgejo";
|
|
||||||
group = "forgejo";
|
group = "forgejo";
|
||||||
permissions = "0640";
|
restartUnits = [ "forgejo.service" ];
|
||||||
uploadAt = "pre-activation";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
233
config/hosts/git/secrets.yaml
Normal file
233
config/hosts/git/secrets.yaml
Normal file
|
@ -0,0 +1,233 @@
|
||||||
|
forgejo_git_smtp_password: ENC[AES256_GCM,data:ZRj5GpQKRlTxdu5CfbJirRGAKPCLAIG1F0V5USz5m5D49V3lu5uLomxHapmEwb0yYoE7e7ZLYK4VQUoQgpUnSw==,iv:K7+9E2gi8cdYu0lX/HgWitLxnxARywIwh5glEL0uOsM=,tag:s9UC8e+E5E3vM6cTKW7Vqw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age18zaq9xg9nhqyl8g7mvrqhsx4qstay5l9cekq2g80vx4920pswdfqpeafd7
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZFhrMlF1YnV6bHlJZFp1
|
||||||
|
SExjNXk0aTE3U2pBd0lHODlkZW9La1M2cHhjCjd1VTdKWkE2ZWxoMWFjREsvLzdS
|
||||||
|
K3lSSkRMZ3lLZ0tSaDZMRkt4MXBMeXcKLS0tIDFlVjNXcktpbHdJc2hraGNrNGJh
|
||||||
|
UHlJWFN4NW1tNWFCU2EyNjkveXZML3cKrKk1w3IBAgdmicuFyGOaU26fwpULAcy9
|
||||||
|
eZPlcbRPUPHoRhy9GhNTAcXXDQzimKL39XZGAd0U29Kt9AvWAf8Qpg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-05-25T14:17:29Z"
|
||||||
|
mac: ENC[AES256_GCM,data:JeqYsVtogbB4oMWNEpLsF6zxsgUoAt7UzRUL2JzxDUtXDUndW/AxJxVxQaipYvblA3q2MzRyQN+j9khavlL02DR/ANtZFLQmH3OREV7M9eHmeeCa4Lm5D7gFYmqWkULJ7yEJsKz5AaiJTWlWgCcBITB901H3Z12dsz2a1+4WrUc=,iv:5Xm5Rjw8PS7hkTcRD1kj5XS5uiOgsPwXYeaMqUReB7E=,tag:2Y5R1/Why1TQd+ZYTF0qDA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxK/JaB2/SdtAQ/+Pw0v8i3ZGw4QNjAu9NX6ZJ5hvBHJgtcOWch3ZHlIAuxs
|
||||||
|
rNoPYhuKaYZL6QJcPTjP8AHVkFIEp+mVbXnsS3PCNUxPnwBS3DfAk+b9OmIJ5U8i
|
||||||
|
H0VYv4FpdAblyq59GPYx5cBaKUxAagATqlYmMh8b530DYBGcoAHPtzhCaZj+aJI9
|
||||||
|
ybakmmNfSqtdhJoWwRaRekqhbZ++wmS7axeefawuicXpdlNxhypEMKBUpGA847cH
|
||||||
|
lI4hw1/+KvyN/BT1q66vQanYpM8NNFLyyamT6HeBxQ1lP6gfb/T0a805qnaCXaZY
|
||||||
|
z2Ui6XJL/lbUWzG/0xnSJIFiQc7hIqMGIz+EHyYep5NBu/hiIUK1RpIFL4ClEOh3
|
||||||
|
kfVlWC16ys3fGHlFOTTBc3yJPGtyPjd5lGGfFmawwnegPH2wdNIt5tjrA7+vwKRE
|
||||||
|
f+RFNzvfc11o8rhGnbGd4ZGNgexuhxVaRGDSNqO0aixprSurcOa21Z1U76tvnJGq
|
||||||
|
IoeFtZf5KutqqLIyLoK0JM0YkSb92S/BHkIKpUO9fsKLRdQdnvm++8NRLJ/jXLVz
|
||||||
|
lZZnLxMC7QvKMyxE7J8GKye7nQa6S6CkEcqUsgXSMaxB3GMe9MiGWS9nqh16tHDX
|
||||||
|
p9YR9FVj8BUKWsTbIPKkomIaoxhRJvW6cakVcM7RG0rySVjGxrc2oAvYgjpVmmDU
|
||||||
|
aAEJAhAxPM/qlV+JghqnmnjP9Kn6KTIvGV2NGvX5YbY4k/NgL/sZ7VLsGZldemiu
|
||||||
|
1ogKtLzjRnvtruPhXBXPv3Ivw+a4ie7YBPsyyyh4RFfnZq7abAwBVDZDVXPA2GUS
|
||||||
|
9JOUdkYe2Q1T
|
||||||
|
=1km6
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA6EyPtWBEI+2ARAAiyKB1LVhFUxkC/bKs7TmtXGbA+2xWwrtt9gUACD+GNlT
|
||||||
|
P0jQJ4N7x0xpvgo+ELNx4Owq4EXFYH8bI27zUxW9FmJu672uFVIpud4nZX+2AfFs
|
||||||
|
+Iy7VBp95kfS77Mc9VClJTJEaLMZOvciqlY58p1FB6C4pNwOuEhMvZ7athLVLlEz
|
||||||
|
hOrKkJAAtnjWXOFLBkq7BKCBVsxSLOUXMBgmK1Fr4dTJPifiXIIbO2BdNXanzMpv
|
||||||
|
8ANtENZ4JpqBHDW/DGoACkAh/hqu8p4B4TBC3L7szvFktsxy93w3i59CDXUroKXO
|
||||||
|
cG//41R5OH/EguctfO84qUWCe+eqA2D2ZuWIqSD6Aa4izQE+aTl+WDx/oxKuQcJB
|
||||||
|
UgKiLm/HXI7w1Zp7v2oRUt4BFr2EXHicsEkV+ztCGDMMPw0zBA3EE4fMFDmM9BXh
|
||||||
|
Y6bOT1cV/TQ1IgWvH6gMe4qdJscqYEfNMJNl6kZzylUSLBxK0YAfqxSnvV6lZ2D7
|
||||||
|
82KLl0TRZOiCWO0EMcRuN2L8AasrO4PaBGI/kbU2dCr8q4ku3qTjW7b77d6pVW29
|
||||||
|
Gh2eV+goXcdnk9tJt4hPcmz3vYIFJL8Pbmy5mSO0BetFdFVFnIhBuQzrXwe+Iq7z
|
||||||
|
nQ2L1eeDT0WI4PMEIz+YM0QVCMM52d0fK+JeiVz8H/bO7NcPCYTylcK68BA6QaLS
|
||||||
|
XgEP7Vp6aB2qQPbLYI1CfNrjiHLyCHXBJwyWGR3sSFB6LmvHsfx3tsHWdKxyrz3E
|
||||||
|
9AM9WvP+taIpK0F7OjDBcadaMo3Bzl74WVEtznaEmu9Vex7HxNXIMXXBHMj5RAU=
|
||||||
|
=CbYz
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAz5uSgHG2iMJAQ//RSjkwW/PxItmHjB0luZ8pP6sMP5iTrgvwie04F3y1gu6
|
||||||
|
mIdAvh8QgCn/5Q/IqKZo7zdUzTQhyuq03DNUzuKyB/Sel6klohnW0QXes8Jt3vUe
|
||||||
|
W9bFFmIaFTk4mDc/tD5Vleph0ruNMXHlQRO4ia5wcYpVw0LtT3pKM5XApNl/9UKT
|
||||||
|
UFZ9/Fvad2a/p277Ai/N5dPUwM535s8H3Kkz473BvoS4Az7cjVnyxKHhguNQH9pw
|
||||||
|
n6hgXEjvyzDrzWvJwrX1T84KvCsPh0idAA9W5YfMU/4loL4RJUqvjkUvn2ErsPrl
|
||||||
|
gNoPTRY+BiivW2HV2uWRkiOyKTwVLdgs/oawZX7LB4aIaI9b5y8rcmHV4fKP8OEh
|
||||||
|
3q7LB5HU1peGmd6agwu1/ejbIc3+4WytVfoqHDI7MJ7jPE3iyfAxaZm1x5PFbVhA
|
||||||
|
7zmYs6tXs891l3ZJps84I/S1uSHjxJbMuGh954RHMmPHCrnLosS8yeNLEO2AHpQi
|
||||||
|
m2FFxbXCRFx7Xd8SvW2lAaKfeU+x36yUYCf7APaQeb59QLTnustIle6i4XQl070m
|
||||||
|
7GK/Hj2uanq6TEhAKWJlyVAucw4gruCfrjC7extPyY4pC4yXVUpM0jqJO37yCw+F
|
||||||
|
k64syU8yhR6whTmOPA/c2JsYoGKbV22NYRj6WIK9cIyiL34ellZVO9Ccsz6QGgHS
|
||||||
|
XgHve1EpLmsR1h1OKCKyUJNnNjvOnehZwyjCFwqT/DrIS1NUgoOaFr7As50YMfhU
|
||||||
|
ymMhQyDGYjjMHdmGoqmgPMOrJf/MJIECdzx/K/0e+eKM1RsC5XpwZnwKme+cVJc=
|
||||||
|
=5GW+
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAw5vwmoEJHQ1AQ//djObFBa/PnDRF/Q9ngtQy6VmuyUfErLqj9x1OOojB0g6
|
||||||
|
yMCvqH9zrN4JT82rb2xqvjbqEtZGq/35B2GccMXBifJy5JQj3SHOyTEPuoVr+yVK
|
||||||
|
4fzZ9k6vEUYl7FicEZABud8uasfoIGC/jn7EpYgP4v49RtXsESF0aTCnrcwqg03E
|
||||||
|
/cVJW4ovtIQM6UiE/BQPIdbUNPgVrwbDSxilNQrShvJvu3jVfCkdXuyOqlhF/lnH
|
||||||
|
weR/P1dNRhtNzZKLFYHNJRiJA3RuS+h2BFxG1pKhBfMfI/s46g74GkP/R+SEX3o1
|
||||||
|
l83P18t0br2pqqEE/qGHeLQ8PvEsTVHzxAzX8Qgx6qJQQfCDm2jDb6FlsxX6HT0y
|
||||||
|
TC3leI5q0u1A7Oj6nEl7p70/NjW2+W+cXWw4hmwMMnV0xNXsOBBDqk3sA9rJ8Mwx
|
||||||
|
oO6CuLqsWMsO0jGWptLebIzGnwMvaSWMGTMRgweW4gKNzcmiOXUrv5OT4ImJxgwt
|
||||||
|
7rFFPGcrVWUzBdGtTquLryAN1Gf1Co59ndG2SS0LKxVnY1sYspwd1FINpJA6x+99
|
||||||
|
kX4zJlK5qA8wcqkgj5WhTTXIQGLKD+R58pGjizEJzDt4aMB536uZa86ntP4bd1/5
|
||||||
|
Q4zjzwF0aIMWX9FdaCilFMjWjT+iMOl6m2dI3EBcUuTzqL8JTKbBxQ9z+Hc+yELS
|
||||||
|
XgHe79QN5IUbyoH/Fi7jNA7XEUwI6WIrhZ8TWF4nS3HgZkVfsZ/oK1DFBdVcZ5Zd
|
||||||
|
/rJaKqgeQLCxoRFroI1vZYsBRKInRs+7yziK8YtbFhmX0azW5G0NiUtsYXBOguU=
|
||||||
|
=YSsr
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4HMJd/cQYrVAQ//byQSYLjXciKE2ryqYXiz3/OgDd0pIVr9HZLlxwUFJFMR
|
||||||
|
DLuxWPK+SxUj6F81mi4A9xq9CmTa3jMEVkGgblvjGoWjtEKKgJrdllMCvo5Q/Gcu
|
||||||
|
CLbMPXGfs/eDEjqEbX1rAdzR31TcFl9FI6bGUIXxGE21DeLIDCgInl5gNzVL+Ser
|
||||||
|
M5OAxpQCqe23wUMPya16XTzpaxug+mertfyOxC3XUk2A23y/8gey0pjAnaDTPIhD
|
||||||
|
q35ni2gA1eigiitJv2IWxIfbZ7rFuwmb9qi+vpBeqMTNLBBbhKgbSg4PUl6usFeC
|
||||||
|
65uRvNJOeMeXfwpPgMlphtz7pABg4ihW7tusVe//Utrph7QJs8bsiokXA/RYtTQO
|
||||||
|
uMK8oYdre9c4FboINGL4hznzUi02ZRiMh2Hf+V4cf4VK+YoBKsRYfO79lHytFHPF
|
||||||
|
6XCv9hh6qLuzTCHlUrAfOYbXbduS5mMLcfX6OYay4lYTEpx3dKBZz34wtg3TtMpP
|
||||||
|
eDuafUXNOfpx/E+4ZtB5X8Y99ax+3resPv9IQMTNOHQJ/vPa4JT8Avkrv/q4wIsJ
|
||||||
|
yMOixzR2bIPjetZbY4ykOwJxL2b0F/Bm5yu0rVHQp9+lYqrypjAzt5vhbdAMkDZD
|
||||||
|
CPxhEU/Kq7DC4fSE6ysTGEBBW+s4i7lwqvfds6RqHbQXL/0jginU4zSxZuZ26xvS
|
||||||
|
XgFinTWqnia1WkhfAZsH+UobDK92lKDiQRtM/xhWkNCB/WZQB4Q4EpJJeXIidTse
|
||||||
|
xQpG0tREIIuS75dJ6nD+Kh2CkOnalSVVvb3VVN8Ft9PEPLf76mE+x9Zk4Mu0vOc=
|
||||||
|
=BDOC
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxjNhCKPP69fAQ/+P1WAWxpVnCVQpoHmEFNnK8x1ZeDN9IyYvFFpFRbRJ4f5
|
||||||
|
naL0ROxP/E19LGtD/bGbdBfVU4nNXdiXbGYtAlvAybAky9/8a8AJ97n2KVULR3xX
|
||||||
|
JnsXIjavi57MB3ty+Nop4Fgmv4p4AAsPOzDQtc07Uj5xzxrK9ARtv7w7UyJooOiG
|
||||||
|
Sp692SFChyskAjTVHWU9WKomqsqZY7XvbHJPQT6Y+wUbAjx9iAhpv0CEJcxX/irF
|
||||||
|
D3SkUD1tCJ0NHlzCZ0ORLdhDos+FNCASbhYZiCyUJn1mBfW6PcHmNevzaqSQQaoM
|
||||||
|
hd3vOxx5MFO81K3GtE/r1RA0waY/7knBHk0cBuscBOLhs6MC6i6mMfY711WoiOTj
|
||||||
|
Y9xCjAIYdOeK22fceg0Wk/FMtivFbgddpk+jOrAR6Wh6n2qJZDJFdxFpcaSF2fHj
|
||||||
|
dBZuJ/q5vRedjdLYFnL2uTejAKkQLthqL3F4m2Fzyr5wk80eGRYqQHDtSlwagVLD
|
||||||
|
ZoTLCtGp8qnSLF6Z+nnS9lmsf+X0286wAmRtxHsrTTGm2CDhBmvQjNeq086Bdhp4
|
||||||
|
z6S3WlgX5oMbTS3hD0BIr4euKIUT3CZcbyXzicuS4iwYOq1iaQEMGvXJ2TKkaOsI
|
||||||
|
9W2CPSySkIzp/z5Cpet4Z2JFBcO4QwgCvScm3yK53ZXkRoSwkUWBiWUO8GihgWzS
|
||||||
|
XgEGOQGCaBNxYr/B1ePYUTxZG7gz3qe3QzzrYebHUmYlEFcC1BkyD0CfWZy59oM6
|
||||||
|
mHL30p7LuuoQbO0VocvsnxR8ObQhXsncc+EyZx03zyeDSIbOFqs1sSQ/w+K1708=
|
||||||
|
=dnme
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA1Hthzn+T1OoAQ/+IDsMHXF8Xpm7Mz8EuZ6OjINDfe1aVJqkq6dislIuniSn
|
||||||
|
z62K3gIlYKVCkPC4uQ5KAQBC6mCv/IYmy82OFmexeaHO1uYhLiM5z+5efxkbChK6
|
||||||
|
jxKYudsVe0l0vd7JpJVCO+GSw/jelALUhwtrr/A5URNQ+fQZrTAd5SE9bFEFf0P7
|
||||||
|
exTBlw6Cus5671R+s7G7OGbKgx47Kf4CDzMizYruRBvjwDPkKOAPAGnoNApjl598
|
||||||
|
m2uR4PmlqUJ0z/aFcBtcs1au05vGmVvckSMz8BiqpGsmlbZEVIQRiXqsZ5A7X88B
|
||||||
|
D6Nx0nb0t4WM1EV1UUbSLPFwwcVkOSHHfs8SGk3gaStCNWunkrPGQStUFBmU1TpL
|
||||||
|
2exHEKopll2gQ+XKfvE+mPF0cqd8dq2SfZpLZgp80pKieuHXN/DJhEHoBSELixDe
|
||||||
|
zRXB5/s6Gr2Hlgd3lfp910UndiycP5ROJZbEwJ6O0x8QRxeIqbpk4eXiIK/4lxiK
|
||||||
|
ENepdeFSk8/DS/yEMc4M1kWxxm0rkQO/dxn3SvYV49eNFvkRMWkWimMrSbaIUKNM
|
||||||
|
k8KSLYr6JuoKP0v3NZHGcBZUGd8KuDi8R0A9KZtqz0pHyRIh/Ox+to+Gmlw7EP0r
|
||||||
|
ARPQOBQBUjcxqW6BRJ31onE24AxZN0b3pAAPMt7Z7KXmveHGGqolU1peZfeATKrS
|
||||||
|
XgHJDBQkCm1SOX89yw0O0DVZ43z0b9UqyP157R4JgdyEleNsMbPl+KDPCPx6vAnm
|
||||||
|
iGrsjpWeKMwA3s2biSYUb8T00KD48vH1nidc+XEjfQ/fBDJIsR8Ku7YMZtzKmNY=
|
||||||
|
=xEYv
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA46L6MuPqfJqARAAkAuIMiq8rw37IFlLlVv1tzQbGMmWjNhQndBAlwA/dAaf
|
||||||
|
zk8dNuKA8wlmAFv6uwbmfOzvdiwunoYq8cgIRdaP7ieNPRppHIm+pbojWKOvXoZZ
|
||||||
|
6b2+ILacE6JBHpk5o+KbrILrnn1ciyfhGq6CX9gCi9+vvQkZk3+WexgaHEOfFL6x
|
||||||
|
zCp5jVEIbVeDMZIxVbDDVHMiXBy2qmpYrSDMnky05/szu9BBJodcsqZFAqgumVf2
|
||||||
|
kBFFvnzdhJgKWBfJ2H2CfVOWx3CUhLXidqJyFgzs338aGhSNO4jGKvOn1Yx/PLlg
|
||||||
|
LSRphptnmzM83BS4ev9/ejvYiWbxorKSBTPZBqehpKFtPdNNUqbWMpq/lmAn3yLu
|
||||||
|
S+yAVAklCHSDtKEdS9YHAFqycgxvj1VNxLx1DI2mNPyUBoOgzfdD1NiUDQp2s3j4
|
||||||
|
EX8EsH1+b1eKk93751yLKMaSfLjU6lnd2d/h++WIt5tDx71XvIJ91yV3NJVr2wIo
|
||||||
|
MVIUJFh16+zQOWvc6rKCQh8U5cu3AVcB8EfoRrn5fCNh6tu7Aw/fHxz/l/U0vzId
|
||||||
|
cWFZCYFrg4i3T5w3U+ZV5kgoMQaRDh6T8yVXZQTzKSi5qAQW/qeGn6h2zHWARznC
|
||||||
|
J3IJ6M9pX6zibz1ao9oc0ePhU3Vy2vNFdFcpGgLe3gl10BM7GbU7rrmAlHFgG4nS
|
||||||
|
XgHhWFZtUAcYwEuhuOVDfmN4J/QNWlzl20RML92pf0UNCx1VHrStAbA64MqyvE4V
|
||||||
|
Dgallu5Dr+u5SHLgAaNj9HfgAGuDLPCXGrCoYK8KLUR8fIYwkuO13FN2A0YnHOY=
|
||||||
|
=IKCU
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4EEKdYEzV0pARAAomxJSaPmNrFFIiqfWzwdemWBUK4oujqRSvfRmnK3fg7s
|
||||||
|
p+Q/eV8/jYqxPk1q/P9thQSu9gq3OXLkgT2TlMwcsFBG1+xnksu3Xcqr47ON7N9H
|
||||||
|
J5K6a0KPX07O9fuP6VZtn4cDatLq6ag7RYLp2D7v68eRMi1Kyc3W3mZyz2AlbrUO
|
||||||
|
7T/tOqQzD1Zb/vwIy0Vfn8w2KMCPBi3TxlfSdohPsZWehrIAAKZHDRp2931iKPXQ
|
||||||
|
0gDwjTd0sEdXwi+sfXxq00988R4uXIjJhBd+ZFOxIHg9yEcXSW02eUauVwETuLzv
|
||||||
|
2ohAB/LOKQx59mVyE9gFxtMM7oo3vb5zWcnX9pHG+N0UE/RU2C+aR8a3KCOtysk9
|
||||||
|
cHwBLT6Iv3zijeJCeKG7IvSgsp/WW71rqDZCMphs5cFZdzEola+lRXNPIpz6YJ/t
|
||||||
|
qyTFbu4BG76LZyRRTg+i35NhS/GiQCUMyZoUxW0mLgjDsbYS55FQdFP3xaH5BaPg
|
||||||
|
81UrfF3hV1Vrwe6DHbSEYe3qutk3p4NMruHvIIJJLwimIe3i6+MP3/N+ACLV1wBl
|
||||||
|
caNH/e7H4KStDwuNFb3BjXEXHBLPgnnbdkTSTHZFtmEA0o2avrM/EzVDvvVxTCT2
|
||||||
|
e9pbfNCAoXCNo6nstaWRPKjwP8u5HN7RCxjufpZnySt0H/5Ux4qy2v/01i7OARrS
|
||||||
|
XgE58F0/szyLPmsigEpWhFPIunfIF6esq+4u9OVyqBicYFZHfUddyqTLl64swDHk
|
||||||
|
r7vxwxH/A8QMGj2GSmQez25MDU/NBTBTotEzRSyxvqZFTxn7IOxKDblSYPhEfCY=
|
||||||
|
=Tf91
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DQrf1tCqiJxoSAQdAhuqKLIrt0ortv8L+5ex4c8h3ZbiIDTLSGhML7jbMAUww
|
||||||
|
ntvI7quM3pEBFfdBT4BuPCrgka9gA9KRKGRwxYX3uSe5jPtgnH8GI1+gImeyWIu5
|
||||||
|
0l4BEMzlg3LOwADrDONa9xStlwAIlxgH53bqmCVQ2t6zHkxAcSGeHLn2y+aCh6wI
|
||||||
|
9oicvnC69DuQLkMwBFMEMUNiQwwGH8EMfQRacoFAEtH5YqiwBT1qxsnOC8ALfZ+9
|
||||||
|
=1uoR
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzdAjw8ldn6CAQ/7BfqXXAGvvQVGeGJDi3+XhvZ0wKQvfS4UmjP7FFa4gm26
|
||||||
|
4W1eS5hM007yxpjOH7NAsVbWpej8jYA6dDfeuo7P34owws61F7LQLa0X61mC1qOZ
|
||||||
|
IXx4n4kdYSV/CyqJa8HrDe56B0dpou01vjbVZ383Pbf8+VzxaKeJ2X2y3ioRijZJ
|
||||||
|
+T+rCkDHx4neOrrUkutOTJhiezQaeOnFWPEAbNRVfdLAM9jFuuG0uKtnd7hkXf0W
|
||||||
|
8sv7z1xEYN8VF3bE70IGuyZtiTeXwhbTD0gq5kze8LldMLwBIxsrTd/xrH/Oc5Od
|
||||||
|
nY8vvdiLMlAwBrI4z+JI12Hi+b1nglldk3Hu34KaV7jG8DjgBGBy8yolqvKo0cT/
|
||||||
|
9T4aAe9eLANvyHpYfA1CkcFW4CHWOBRS79rC2HcHM1tQ8+coq+jxrzlYEBRwQcpE
|
||||||
|
2jBcP7mnIGPm1csIhB6u/UUKVMqlnZ57MdKHwwXja1vzxfnRNBqFdzq5uZEyU+OQ
|
||||||
|
dDJmURqxK4zCdhk+De7Nm/wR8J7xtIJLUszu2lDJ6SWQEsut2cNUVUvmd5XV1BWV
|
||||||
|
kZaIFKADZI9qcbivci6fpCEH1/qoU5jIZJ+zvOEOZLsIJXBw1M1/fgfSZ8Aosl2t
|
||||||
|
RpikITTF0S1HL2QLbWoogdgBp6X+6xjpoWIhHVi5lqm5CX8HTRwqrJL+hPi0GW3S
|
||||||
|
XgGQv0OqaxGfD6lwyVjokWvCSEoEfK0e7se+ZyJifwAlarGaLvG0PU/iW5cVUolV
|
||||||
|
QT3TwrxD94ZB412nL2+4/QPCT/ZtOXcO+9dhLiSLneHrNrSReByIAOE1s1ZU8MM=
|
||||||
|
=XvKN
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
7
config/hosts/git/sops.nix
Normal file
7
config/hosts/git/sops.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
};
|
||||||
|
}
|
40
flake.lock
40
flake.lock
|
@ -52,6 +52,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-stable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1716061101,
|
||||||
|
"narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "release-23.11",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716479278,
|
"lastModified": 1716479278,
|
||||||
|
@ -72,7 +88,29 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixos-generators": "nixos-generators",
|
"nixos-generators": "nixos-generators",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs-unstable": "nixpkgs-unstable"
|
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||||
|
"sops-nix": "sops-nix"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"sops-nix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1716400300,
|
||||||
|
"narHash": "sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb+cyGsqOKa4c=",
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"rev": "b549832718b8946e875c016a4785d204fcfc2e53",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"type": "github"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
10
flake.nix
10
flake.nix
|
@ -14,9 +14,16 @@
|
||||||
url = "github:nix-community/nixos-generators";
|
url = "github:nix-community/nixos-generators";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Add sops-nix as an input for secret management.
|
||||||
|
# See here: https://github.com/Mic92/sops-nix?tab=readme-ov-file#flakes-current-recommendation
|
||||||
|
sops-nix = {
|
||||||
|
url = "github:Mic92/sops-nix";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, ... }:
|
outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }:
|
||||||
let
|
let
|
||||||
# Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support.
|
# Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support.
|
||||||
shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
|
shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
|
||||||
|
@ -180,6 +187,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./config/common
|
./config/common
|
||||||
./config/proxmox-vm
|
./config/proxmox-vm
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
./config/hosts/git
|
./config/hosts/git
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue