From 88fc2248e1cf9052647316ce2f1a1698513e6be0 Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Mon, 10 Feb 2025 17:15:33 +0100
Subject: [PATCH] add secrets/passwords.yaml as sops encrypted file

---
 .sops.yaml             |  7 +++++++
 flake.nix              |  1 +
 secrets/passwords.yaml | 31 +++++++++++++++++++++++++++++++
 3 files changed, 39 insertions(+)
 create mode 100644 .sops.yaml
 create mode 100644 secrets/passwords.yaml

diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..1fe1a0c
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,7 @@
+keys:
+  - &user_lilly "age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d"
+creation_rules:
+  - path_regex: secrets/passwords.yaml
+    key_groups:
+      - age:
+          - *user_lilly
diff --git a/flake.nix b/flake.nix
index e64b488..766d326 100644
--- a/flake.nix
+++ b/flake.nix
@@ -83,6 +83,7 @@
             age
             ssh-to-age
             pre-commit
+            sops
           ];
         };
       });
diff --git a/secrets/passwords.yaml b/secrets/passwords.yaml
new file mode 100644
index 0000000..baf6b24
--- /dev/null
+++ b/secrets/passwords.yaml
@@ -0,0 +1,31 @@
+services:
+    proxmox:
+        root: ENC[AES256_GCM,data:RVv1d/nB9pgcERkujSasoLY+cR3OO3NWxw==,iv:EHkUDxP6XB2JWeDtno2rcVvBQdJ/jmG5HjRjPppfS0A=,tag:obzij0BkGLJoXfUbqWLRjw==,type:str]
+hardware:
+    proxmox_server:
+        ipmi:
+            root: ENC[AES256_GCM,data:5BUVAJIxfw1D3V7w0dE=,iv:Hbnq4kct+Ut9XO20VaymkI5ufb0g7RGRcUAO9z1mrVQ=,tag:vQk37FcmY1l0TnJbvQC7FQ==,type:str]
+vms:
+    __default__:
+        users:
+            noc: ENC[AES256_GCM,data:4XsNofA6Qk8MphMBDSUrAq43RF/d1x7lDg==,iv:ecS8GEZhK5X9GOq2SNDIh7ZWyfHA7kayszqCHyQj+Pc=,tag:fVC2+ztLpewhB9p6EwMtCg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6dkVFRnd5MjQ1S3Q3aTlq
+            UWJZZC9mUGZFQXpyczBFQWpVcUlJQXZjY0NzCnhQd3Q3QUhjbDZvdlMzeTRtQWtt
+            SCsyUVhvRFBzL01XaWduK2YvNkhrZzAKLS0tIDFzeHFrb2dZU3JmMmgzZVVHN3VR
+            Q0ZGUFBmUWpUYjR5OUwxOUplblZ0SmcKtMl1KoYwPb776zz8FfFnf0s7XlnOLnuU
+            nXkPxRaDel/3EsLnfhcONRAKTGdleRHAXQVIGHrs/jjnZ2OJgXIzYA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-02-10T16:13:13Z"
+    mac: ENC[AES256_GCM,data:k7lqf+JNpnmbKYjMuu82Q1DPtYsL7jAfwUh8QEjpyq9+Qael1dyV0e1yn/H1prLuZIbebT1rYX6s/MhT3t7Ts88bQHmf/EDyCeOPnRfRctzY1jQPPKbE3Pe7vtEnx5r/DEksi1Jh8vMoqHYcB987WPjAQn27P58UXYJROpqaSwg=,iv:fT9JnWYs8lEjXL3pXHtERRxccGd/ocb6KCc8gGbpBJg=,tag:rMvQoihg53GSNhYiNtypuQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4