Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Set password for all hosts, made sops look at the same folder for the key file for all hosts (move in queen)

Browse source
This commit is contained in:
Lillian Violet 2024-02-22 13:01:31 +01:00
parent a8a5cdec7b
commit b21150f431
9 changed files with 31 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/hosts/EDI/configuration.nix
View file

@ -31,7 +31,6 @@
];
sops.defaultSopsFile = ./secrets/sops.yaml;
sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};

1
nixos/hosts/GLaDOS/configuration.nix
View file

@ -31,7 +31,6 @@
];
sops.defaultSopsFile = ./secrets/sops.yaml;
sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
environment.systemPackages = with pkgs; [
];

21
nixos/hosts/GLaDOS/secrets/sops.yaml Normal file
View file

@ -0,0 +1,21 @@
lillian-password: ENC[AES256_GCM,data:aHJCYmnpGIWJMsNZ8aw51Rquuv4F7kgGvfIxHMELuDlEqgjkg+SAhh+UQEpv16F0WVxrYZ/EwxKFMBpfPv9M2NLZC98bav0D9g==,iv:uzYLfmxG46ubmgeFsfW7aqXZbcL+TQw0VdDcklV0/ZI=,tag:Ozcf5qXC7xh0VcsBzhyo2g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUHlSTzhndDRHOUd1WG41
Wk9haEVmS3FlcFl5VUxRZUVDaENHcUpsYm04ClBJS3doOXRHUjhsMmIvck5ldy8y
VW9yb2NCRWZhNGNlZWlyRlk4NFJiTTgKLS0tIElLMFdiUU95ejNoUFl4US9DSWU5
MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD
+DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-22T11:58:42Z"
mac: ENC[AES256_GCM,data:TuNvE51hpHvOjB3G2y7UCT8BvlI1ulc8aeeBihtnGiGDjwU1Eze1bdA47hZYCZsCYdo3Tow1gY0gCkJACKeWqUXMLT8jxcUfiUWqQicQhBm/TT9m+oqLQiAqJCkh1Ez8XuaftqIg+oJstyy4wZyvMK8Bg+9EsSYiBnMrKfrgLBs=,iv:GXy93l1BBkkeKXJ1ntFI6Rw6QZmSbzDlWClJ16/Csv4=,tag:jBYynl6tLL/xN61ypMwvrw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

1
nixos/hosts/queen/configuration.nix
View file

@ -52,7 +52,6 @@
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml;
sops.age.keyFile = ../../../../../var/secrets/keys.txt;
nix = {
gc = {

5
nixos/hosts/queen/secrets/sops.yaml
View file

@ -7,6 +7,7 @@ mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:j
mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str]
rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str]
wg-private: ENC[AES256_GCM,data:6BEuNqqG//p5UhRmQ4RPEze6jZdvzK4PEXxlbX2ANYIhFpacj0aZnCr9o/A=,iv:tPlwYdV4I5oA8qG+bfVi1Dpbf7xedByantqsmylZXKQ=,tag:k1BqKqlayOWz5QW1XiAjqQ==,type:str]
lillian-password: ENC[AES256_GCM,data:tc+Romv2fL+tdqLLmbwqaF4IHrNZ0VEpnECmW/66FW7IUpjHMyS7YP+pmmvDCzM9afIXMxyPFHGNRwiCmxqstiiNeSeLdo6rDw==,iv:sGeu9aNTgdpThv+0Z/nZKIrat1xNgM0t/KTGPaFbsdI=,tag:kZBHF4X0KO9znog61NwU+Q==,type:str]
sops:
kms: []
gcp_kms: []
@ -22,8 +23,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-04T21:18:00Z"
mac: ENC[AES256_GCM,data:ZHXg541BI94kwvLJ/CFHS7UauQN6LimqNK9rU60dil1RIArDy5xHtRki/p5uajKeGhM+Bv1t9SWAehk1n3U0PiynLGLm3npraIxItBPiRf7hyqDXmc8kG4U7BBcbIf3qvkvxVVd5auWfnPobKsRhKA+gC1Z11ylPqK37yIgK5Sw=,iv:EKacOHhgwjFDw2ioraxlyfXt89VpT+B4D/a/rC+ulNM=,tag:YvgctOLxmojg2uOAlKihkQ==,type:str]
lastmodified: "2024-02-22T11:53:17Z"
mac: ENC[AES256_GCM,data:bOrEW/yQIgJy7Jqfj/95jtXoIeEX2JNTvsnodkrtmtUQoY8Lczb47rTLpS0CM9Gh1Do38dvoNgWY08jXj3PVPO6s7Yy995ZbtgaR8n/G190PZ+p+i7EInv/OAJe/Xw4WcZlLs1XeKPashJmoX7qZi2fVPmu5UpYD1YiCMzZsWkQ=,iv:vjEJCDX8D4relmBJs569d+sklY1bUptWBjJVS7pKB70=,tag:xsQM3cDBkHymS9t9Qyyitg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

5
nixos/hosts/shodan/secrets/sops.yaml
View file

@ -1,4 +1,5 @@
pass: ENC[AES256_GCM,data:M7V75Q7I,iv:d59fWvFsEOOu8A+BSK0f2ZskX1SXHN1wA3EfGGsHp70=,tag:FLTogvUgI3HdKYWCJc/M1Q==,type:int]
lillian-password: ENC[AES256_GCM,data:w/1/aAcP0MXe7EUhZshMcksvyzewlvO2/0PncrSnCkHHrPl8RHWvyBqxIZDC/FHlpZOO77lIsdcQzK9ahjEc/crUmit5LZeYThP4pPyXTol3uh3RqtH1HXbeOEmBufw4Ln+yJwWXo2eK4w==,iv:jEuB/+U2xe3sP6UIK9OZZKd0RBr5W8f5y55h64pMME4=,tag:2ZzNt7Sn2LXfUMVMoaOxkw==,type:str]
sops:
kms: []
gcp_kms: []
@ -14,8 +15,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-28T21:33:20Z"
mac: ENC[AES256_GCM,data:4tFAJCqCAfqlIGj7kDQ9uoUg7TgXYgogkm/h0nP6fuedKiV/CRmD8CbdWInesaDP276pggZbtUY9I92pV8bpJ2h+U07qihTo79ZTPTsObUHQrrc002ZiYwCtI+14t1+2KuTQNpEJsZxoECjG1R0mjg3Zv8MQ0wj6YpnEaGmXkC0=,iv:roPZJXFjB7lLK4RQcmQaNOq5RRCvguNO4O2iasgolEU=,tag:j7G0HvAx6XqrijyZcqntXQ==,type:str]
lastmodified: "2024-02-22T11:57:17Z"
mac: ENC[AES256_GCM,data:IpF786I/i4U0oQqY1sRQAGZkK0uxHZYpZ2Hse2dzenedbwVZEOmhA1foc0fffVMd26AOrSg323vnndIEl1WTuzmZBhFlUM3fwX38wbhDrAuUJfGiyLLBVsZshW2EjkGzkdpQo2otyLNjah5qLUTsss5dUKMIUbTKpwAdkiujiqE=,iv:sA6ROO538N+XcezZUSQxwer5dLd+lmlavTVeDxiVVJA=,tag:GZZLUp3ZiUW25Tdji0tZGg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

1
nixos/hosts/wheatley/configuration.nix
View file

@ -53,7 +53,6 @@
};
sops.defaultSopsFile = ./secrets/sops.yaml;
sops.age.keyFile = ../../../../../var/secrets/keys.txt;
sops.secrets."wireless.env".mode = "0440";
sops.secrets."wireless.env".owner = config.users.users.root.name;

5
nixos/hosts/wheatley/secrets/sops.yaml
View file

@ -1,4 +1,5 @@
wireless.env: ENC[AES256_GCM,data:a5sUW0Lc4GRd9aUJwHbmQvzvRB8WaRjMSQ==,iv:+3ncL38E3aqbejoCzzeBtMukLk4n/AQBJELlqhXDqSA=,tag:buY9Mp10DAEEEKqSyHwB3g==,type:str]
lillian-password: ENC[AES256_GCM,data:GY7WyfLRc/q4fecnazWzfoZsruN/F0ar7mJ9RaqTHSb9K6xhEmifmJeqpR5xGIJYW6MYciCsZ9YmRsJbuSHTIlo9PrCTYBGvXg==,iv:bzml3abPox3RdvtKBQiBAcVXHUdGAn0ETMsDpBtT8T0=,tag:2iaBJ4hFFBUbonslTvQH5Q==,type:str]
sops:
kms: []
gcp_kms: []
@ -14,8 +15,8 @@ sops:
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-12T16:14:03Z"
mac: ENC[AES256_GCM,data:J/0+e7w8tcfsQ9xtWJifKYpWQLpLssjSgxMl/PdIyYuWKDKkF/dDr+joP7Evlk5Hg3dXL7ijGFgYVwUjhFzbgk9pUiHt0cvXj0hthgwUIUpQh42M6qKtxRaxP/Mp9Shb2CSwZfZ2GyXP4lJuMS76SDKo46xGdbejwlLPZ11oArA=,iv:rWrrB9VUxX3N2OSSep9SPfyl9Ke7hQVGkheazOrbis4=,tag:9fBYgtCoNm9Unv7ADJTb0Q==,type:str]
lastmodified: "2024-02-22T11:57:45Z"
mac: ENC[AES256_GCM,data:V9vscu55woZjJGFV3aDgdHKqmIopYw6cajdOHG1/45Qel6l5YJkt8VyLMzYlUOlFGatXBlfTB7VC9zhhaY4lduww2XLrARcTk61BT+GSHp5sawND+RIDghY6CJBuoPUbtsfmmlmg+J2DljBlSbrcVmvfjMV12Ql6Zb8PEPM9K68=,iv:TFrDt1XpuIFLUyDN6+8n+0OypBkr1OrZOmXWvnY9ApI=,tag:EfsFhToEGFCZJSXh0WBrIw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

1
nixos/shared/default.nix
View file

@ -10,6 +10,7 @@
./locale
./packages
];
sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
sops.secrets."lillian-password".neededForUsers = true;
users.users.lillian = {