From b21150f431169f21a3edc429efe3c66853940952 Mon Sep 17 00:00:00 2001
From: Lillian-Violet <git@lillianviolet.dev>
Date: Thu, 22 Feb 2024 13:01:31 +0100
Subject: [PATCH] Set password for all hosts, made sops look at the same folder
 for the key file for all hosts (move in queen)

---
 nixos/hosts/EDI/configuration.nix      |  1 -
 nixos/hosts/GLaDOS/configuration.nix   |  1 -
 nixos/hosts/GLaDOS/secrets/sops.yaml   | 21 +++++++++++++++++++++
 nixos/hosts/queen/configuration.nix    |  1 -
 nixos/hosts/queen/secrets/sops.yaml    |  5 +++--
 nixos/hosts/shodan/secrets/sops.yaml   |  5 +++--
 nixos/hosts/wheatley/configuration.nix |  1 -
 nixos/hosts/wheatley/secrets/sops.yaml |  5 +++--
 nixos/shared/default.nix               |  1 +
 9 files changed, 31 insertions(+), 10 deletions(-)
 create mode 100644 nixos/hosts/GLaDOS/secrets/sops.yaml

diff --git a/nixos/hosts/EDI/configuration.nix b/nixos/hosts/EDI/configuration.nix
index 4aa7608..0c9bb0d 100644
--- a/nixos/hosts/EDI/configuration.nix
+++ b/nixos/hosts/EDI/configuration.nix
@@ -31,7 +31,6 @@
   ];
 
   sops.defaultSopsFile = ./secrets/sops.yaml;
-  sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
 
   home-manager = {
     extraSpecialArgs = {inherit inputs outputs;};
diff --git a/nixos/hosts/GLaDOS/configuration.nix b/nixos/hosts/GLaDOS/configuration.nix
index 3be7c60..94e947a 100644
--- a/nixos/hosts/GLaDOS/configuration.nix
+++ b/nixos/hosts/GLaDOS/configuration.nix
@@ -31,7 +31,6 @@
   ];
 
   sops.defaultSopsFile = ./secrets/sops.yaml;
-  sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
 
   environment.systemPackages = with pkgs; [
   ];
diff --git a/nixos/hosts/GLaDOS/secrets/sops.yaml b/nixos/hosts/GLaDOS/secrets/sops.yaml
new file mode 100644
index 0000000..66274e0
--- /dev/null
+++ b/nixos/hosts/GLaDOS/secrets/sops.yaml
@@ -0,0 +1,21 @@
+lillian-password: ENC[AES256_GCM,data:aHJCYmnpGIWJMsNZ8aw51Rquuv4F7kgGvfIxHMELuDlEqgjkg+SAhh+UQEpv16F0WVxrYZ/EwxKFMBpfPv9M2NLZC98bav0D9g==,iv:uzYLfmxG46ubmgeFsfW7aqXZbcL+TQw0VdDcklV0/ZI=,tag:Ozcf5qXC7xh0VcsBzhyo2g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUHlSTzhndDRHOUd1WG41
+            Wk9haEVmS3FlcFl5VUxRZUVDaENHcUpsYm04ClBJS3doOXRHUjhsMmIvck5ldy8y
+            VW9yb2NCRWZhNGNlZWlyRlk4NFJiTTgKLS0tIElLMFdiUU95ejNoUFl4US9DSWU5
+            MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD
+            +DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-02-22T11:58:42Z"
+    mac: ENC[AES256_GCM,data:TuNvE51hpHvOjB3G2y7UCT8BvlI1ulc8aeeBihtnGiGDjwU1Eze1bdA47hZYCZsCYdo3Tow1gY0gCkJACKeWqUXMLT8jxcUfiUWqQicQhBm/TT9m+oqLQiAqJCkh1Ez8XuaftqIg+oJstyy4wZyvMK8Bg+9EsSYiBnMrKfrgLBs=,iv:GXy93l1BBkkeKXJ1ntFI6Rw6QZmSbzDlWClJ16/Csv4=,tag:jBYynl6tLL/xN61ypMwvrw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
diff --git a/nixos/hosts/queen/configuration.nix b/nixos/hosts/queen/configuration.nix
index 393080c..77f34b3 100644
--- a/nixos/hosts/queen/configuration.nix
+++ b/nixos/hosts/queen/configuration.nix
@@ -52,7 +52,6 @@
 
   #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
   sops.defaultSopsFile = ./secrets/sops.yaml;
-  sops.age.keyFile = ../../../../../var/secrets/keys.txt;
 
   nix = {
     gc = {
diff --git a/nixos/hosts/queen/secrets/sops.yaml b/nixos/hosts/queen/secrets/sops.yaml
index 1eba722..955740b 100644
--- a/nixos/hosts/queen/secrets/sops.yaml
+++ b/nixos/hosts/queen/secrets/sops.yaml
@@ -7,6 +7,7 @@ mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:j
 mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str]
 rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str]
 wg-private: ENC[AES256_GCM,data:6BEuNqqG//p5UhRmQ4RPEze6jZdvzK4PEXxlbX2ANYIhFpacj0aZnCr9o/A=,iv:tPlwYdV4I5oA8qG+bfVi1Dpbf7xedByantqsmylZXKQ=,tag:k1BqKqlayOWz5QW1XiAjqQ==,type:str]
+lillian-password: ENC[AES256_GCM,data:tc+Romv2fL+tdqLLmbwqaF4IHrNZ0VEpnECmW/66FW7IUpjHMyS7YP+pmmvDCzM9afIXMxyPFHGNRwiCmxqstiiNeSeLdo6rDw==,iv:sGeu9aNTgdpThv+0Z/nZKIrat1xNgM0t/KTGPaFbsdI=,tag:kZBHF4X0KO9znog61NwU+Q==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -22,8 +23,8 @@ sops:
             KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
             NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-04T21:18:00Z"
-    mac: ENC[AES256_GCM,data:ZHXg541BI94kwvLJ/CFHS7UauQN6LimqNK9rU60dil1RIArDy5xHtRki/p5uajKeGhM+Bv1t9SWAehk1n3U0PiynLGLm3npraIxItBPiRf7hyqDXmc8kG4U7BBcbIf3qvkvxVVd5auWfnPobKsRhKA+gC1Z11ylPqK37yIgK5Sw=,iv:EKacOHhgwjFDw2ioraxlyfXt89VpT+B4D/a/rC+ulNM=,tag:YvgctOLxmojg2uOAlKihkQ==,type:str]
+    lastmodified: "2024-02-22T11:53:17Z"
+    mac: ENC[AES256_GCM,data:bOrEW/yQIgJy7Jqfj/95jtXoIeEX2JNTvsnodkrtmtUQoY8Lczb47rTLpS0CM9Gh1Do38dvoNgWY08jXj3PVPO6s7Yy995ZbtgaR8n/G190PZ+p+i7EInv/OAJe/Xw4WcZlLs1XeKPashJmoX7qZi2fVPmu5UpYD1YiCMzZsWkQ=,iv:vjEJCDX8D4relmBJs569d+sklY1bUptWBjJVS7pKB70=,tag:xsQM3cDBkHymS9t9Qyyitg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/nixos/hosts/shodan/secrets/sops.yaml b/nixos/hosts/shodan/secrets/sops.yaml
index 45ec605..21314df 100644
--- a/nixos/hosts/shodan/secrets/sops.yaml
+++ b/nixos/hosts/shodan/secrets/sops.yaml
@@ -1,4 +1,5 @@
 pass: ENC[AES256_GCM,data:M7V75Q7I,iv:d59fWvFsEOOu8A+BSK0f2ZskX1SXHN1wA3EfGGsHp70=,tag:FLTogvUgI3HdKYWCJc/M1Q==,type:int]
+lillian-password: ENC[AES256_GCM,data:w/1/aAcP0MXe7EUhZshMcksvyzewlvO2/0PncrSnCkHHrPl8RHWvyBqxIZDC/FHlpZOO77lIsdcQzK9ahjEc/crUmit5LZeYThP4pPyXTol3uh3RqtH1HXbeOEmBufw4Ln+yJwWXo2eK4w==,iv:jEuB/+U2xe3sP6UIK9OZZKd0RBr5W8f5y55h64pMME4=,tag:2ZzNt7Sn2LXfUMVMoaOxkw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +15,8 @@ sops:
             KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
             NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-28T21:33:20Z"
-    mac: ENC[AES256_GCM,data:4tFAJCqCAfqlIGj7kDQ9uoUg7TgXYgogkm/h0nP6fuedKiV/CRmD8CbdWInesaDP276pggZbtUY9I92pV8bpJ2h+U07qihTo79ZTPTsObUHQrrc002ZiYwCtI+14t1+2KuTQNpEJsZxoECjG1R0mjg3Zv8MQ0wj6YpnEaGmXkC0=,iv:roPZJXFjB7lLK4RQcmQaNOq5RRCvguNO4O2iasgolEU=,tag:j7G0HvAx6XqrijyZcqntXQ==,type:str]
+    lastmodified: "2024-02-22T11:57:17Z"
+    mac: ENC[AES256_GCM,data:IpF786I/i4U0oQqY1sRQAGZkK0uxHZYpZ2Hse2dzenedbwVZEOmhA1foc0fffVMd26AOrSg323vnndIEl1WTuzmZBhFlUM3fwX38wbhDrAuUJfGiyLLBVsZshW2EjkGzkdpQo2otyLNjah5qLUTsss5dUKMIUbTKpwAdkiujiqE=,iv:sA6ROO538N+XcezZUSQxwer5dLd+lmlavTVeDxiVVJA=,tag:GZZLUp3ZiUW25Tdji0tZGg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix
index 83e5295..92a9e7b 100644
--- a/nixos/hosts/wheatley/configuration.nix
+++ b/nixos/hosts/wheatley/configuration.nix
@@ -53,7 +53,6 @@
   };
 
   sops.defaultSopsFile = ./secrets/sops.yaml;
-  sops.age.keyFile = ../../../../../var/secrets/keys.txt;
 
   sops.secrets."wireless.env".mode = "0440";
   sops.secrets."wireless.env".owner = config.users.users.root.name;
diff --git a/nixos/hosts/wheatley/secrets/sops.yaml b/nixos/hosts/wheatley/secrets/sops.yaml
index 94f8617..5594a50 100644
--- a/nixos/hosts/wheatley/secrets/sops.yaml
+++ b/nixos/hosts/wheatley/secrets/sops.yaml
@@ -1,4 +1,5 @@
 wireless.env: ENC[AES256_GCM,data:a5sUW0Lc4GRd9aUJwHbmQvzvRB8WaRjMSQ==,iv:+3ncL38E3aqbejoCzzeBtMukLk4n/AQBJELlqhXDqSA=,tag:buY9Mp10DAEEEKqSyHwB3g==,type:str]
+lillian-password: ENC[AES256_GCM,data:GY7WyfLRc/q4fecnazWzfoZsruN/F0ar7mJ9RaqTHSb9K6xhEmifmJeqpR5xGIJYW6MYciCsZ9YmRsJbuSHTIlo9PrCTYBGvXg==,iv:bzml3abPox3RdvtKBQiBAcVXHUdGAn0ETMsDpBtT8T0=,tag:2iaBJ4hFFBUbonslTvQH5Q==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +15,8 @@ sops:
             Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
             bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-12T16:14:03Z"
-    mac: ENC[AES256_GCM,data:J/0+e7w8tcfsQ9xtWJifKYpWQLpLssjSgxMl/PdIyYuWKDKkF/dDr+joP7Evlk5Hg3dXL7ijGFgYVwUjhFzbgk9pUiHt0cvXj0hthgwUIUpQh42M6qKtxRaxP/Mp9Shb2CSwZfZ2GyXP4lJuMS76SDKo46xGdbejwlLPZ11oArA=,iv:rWrrB9VUxX3N2OSSep9SPfyl9Ke7hQVGkheazOrbis4=,tag:9fBYgtCoNm9Unv7ADJTb0Q==,type:str]
+    lastmodified: "2024-02-22T11:57:45Z"
+    mac: ENC[AES256_GCM,data:V9vscu55woZjJGFV3aDgdHKqmIopYw6cajdOHG1/45Qel6l5YJkt8VyLMzYlUOlFGatXBlfTB7VC9zhhaY4lduww2XLrARcTk61BT+GSHp5sawND+RIDghY6CJBuoPUbtsfmmlmg+J2DljBlSbrcVmvfjMV12Ql6Zb8PEPM9K68=,iv:TFrDt1XpuIFLUyDN6+8n+0OypBkr1OrZOmXWvnY9ApI=,tag:EfsFhToEGFCZJSXh0WBrIw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/nixos/shared/default.nix b/nixos/shared/default.nix
index b7e9f15..db6995d 100644
--- a/nixos/shared/default.nix
+++ b/nixos/shared/default.nix
@@ -10,6 +10,7 @@
     ./locale
     ./packages
   ];
+  sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
   sops.secrets."lillian-password".neededForUsers = true;
 
   users.users.lillian = {