kenji/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fully implemented SOPS

Browse Source
This commit is contained in:
kenji
2025-12-24 16:24:38 -06:00
parent 8b66ff719b
commit be4b66fdd2
2 changed files with 34 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
secrets/secrets.yaml
+25
View File
@@ -0,0 +1,25 @@
hello: ENC[AES256_GCM,data:38nel/vZi9SaRxw98yPKhq7NEs+jtII7ZS5cX9i1h5Iw73S+oUDnXYw7v9aa8Q==,iv:vLTjMCeA/FJmb0LmjWDnHjpWpG5sRldrvhG03Kreujo=,tag:GWGYTmgNgQWWnlPiKq+9vw==,type:str]
example_key: ENC[AES256_GCM,data:UF/a/+f6T6RayR67Yg==,iv:WAOwW5BUhbdBrvcYHJ0wCaxEcVpM6l4b783qSIl5JV4=,tag:+Wad6zUE9ioqmd3RPG1VoQ==,type:str]
#ENC[AES256_GCM,data:CtX2GMcSxD5+bziAgAzoNA==,iv:QaLhxAbp2hO2NcD5QXc7afhcs8PeSWH+03u02+Xz9oA=,tag:Dfh5WpmrSwqk7THu333rLw==,type:comment]
example_array:
- ENC[AES256_GCM,data:ewSxVYXxF+csyS4Mzek=,iv:1ZmQwbhJtYDt5rZUdlZ/DzWygBK0Tp0jmAw48pS5cv4=,tag:WNX+SVgTAwHrT2rfpBqyfA==,type:str]
- ENC[AES256_GCM,data:Sidp1Dj8jNlpKnz3jFM=,iv:FLQ/n5uW0HbNFuamoZdKStuZcs4KJ3vvfirUi42at3U=,tag:FL7MvMpKdJDXX8XQbScW9g==,type:str]
example_number: ENC[AES256_GCM,data:nm2Zjf+aDSAB2w==,iv:bwrxPbdQzOoSvSGCtX/Nr8NG86pOJAHjg47obYGO7Xs=,tag:tqQ35rtS0Mq4CeKCC9Km+w==,type:float]
example_booleans:
- ENC[AES256_GCM,data:TTbYrA==,iv:jG0BICY3Rc1z0hVuUVwgzOZ02pUxGhDhdLERqu2bi5U=,tag:F0TgOm50LVNbVaVKOnuTUA==,type:bool]
- ENC[AES256_GCM,data:M+ccBn0=,iv:vPRaIEELkypw53gkUmr8Lb+TNwtfDBO8y5yQNpF42Pw=,tag:dxOKj16ctBbgyul/Pr6rxA==,type:bool]
sops:
age:
- recipient: age1dhmt5tdyxd9zam542zkr9hq4tku7lzmf6j057sjtepk80deky5fqemczs5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHU2hZUlMvQ0xVOWlWaEwv
UCt5ZzRmNHc0dDRLWkkwVWZRa2o2N25rbHo0CnhFcFVTT1gzdjVzTzlVSGFFUkNu
QVBOOEFLM0hDQWV5RXhzTjFhbGZrQzAKLS0tIFoxeFFzcHdFTlF2c0toTUlxT1lM
eFZFRkMvVG5qeVZOZmRvNkQ5cUpnOUEKfA5lu9DY+EklFzZGwdZv3hModXN8fzKE
RVnWoNcAbQ83ZH87XwqkGSgmP2Vzumm9gBrJ013Zs6yWFUCvVBLI0Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-24T22:19:06Z"
mac: ENC[AES256_GCM,data:AWu5bQctk6f+IgagtDPtPnaYEOLPwdby8El9b+cCgLNxHASD4cybbkr7ishBxBdDd8Xj4zhTvQFeOSgazoclPBoPx264AVHRNhYkQT0rPwGpizTcmolla2v4wika4ZRWGr9oR9xwer6OpB9y0vIe5TxLkzrtgVk1Fr6LKATiq8s=,iv:mxRIXpZ2cEv6b9v/U783Tbfwg5L/EsH40l7aBS7E/Pc=,tag:O9Zn1cTj/qEy3X0U+ouvRg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
system/security.nix
+9 -1
View File
@@ -1,8 +1,16 @@
{pkgs, ...}: {
{
pkgs,
myConfig,
...
}: {
security.pam.services.greetd.enableGnomeKeyring = true;
environment.systemPackages = with pkgs; [
sops
age
ssh-to-age
];
sops = {
defaultSopsFile = ../secrets/secrets.yaml;
age.keyFile = "/home/${myConfig.nixos.username}/.config/sops/age/keys.txt";
};
}