christoph/flake-nixinator
1
Fork 0
Code Activity

Modules/Sops: Update secrets

Browse Source
This commit is contained in:
Christoph Urlacher
2025-07-12 16:46:09 +02:00
parent ab868d751a
commit 0727dc25ba
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
home/christoph/default.nix
View File

@ -302,6 +302,11 @@
".ssh/id_ed25519.pub".text = "${publicKeys.${username}.ssh}";
".secrets/age/age.pub".text = "${publicKeys.${username}.age}";
# Because we can't access the absolute path /run/secrets/... we have to symlink.
# This will create a chain of links leading to /run/secrets/... without /nix/store
# containing the secret contents.
# ".config/docker/key.json".source = config.lib.file.mkOutOfStoreSymlink "${nixosConfig.sops.secrets.docker-key.path}";
# The sops config specifies what happens when we call sops edit
".sops.yaml".text = ''
keys:

10
system/modules/sops-nix/secrets.yaml
View File

@ -1,13 +1,19 @@
#
#ENC[AES256_GCM,data:mZKPbrWtgyRvOg==,iv:vLyN3JkWWrWS+0pndTuom8cNVfpb8SUC4dA6m7utXoE=,tag:YAy2gPot6KFS9/VLVAoSxw==,type:comment]
#
user-password: ENC[AES256_GCM,data:okgvaTTesCDwriI8PxhNdHZF8XgzB4yxapuFl2/CK8x4WNYxGFjuZqGKcu7pqfnBofNcF2ByuM+HLH9FKxpK0dMCoHD/laR1IA==,iv:ltExELuM7g7ydSAMj8ioF9Nb7N4xe5enhDQrVJ+k2jQ=,tag:AV165m5yKnX+uJnMyC3mxA==,type:str]
docker-password: ENC[AES256_GCM,data:mK5YWEQPKWBtVCgRBZvwWTdVAi8MEGbLnLeP7hfDkcc=,iv:Az8+eAK6R6xssmmbhuEsDbLU+ks8lS+qzc4L33WfefA=,tag:NSXvRhbIuRZZqRR28Tu0PQ==,type:str]
#
#ENC[AES256_GCM,data:Raagjz1qPvXC,iv:OSWTKaIlmo1paU2ZZn20XMeZ2gdM52pHmVZ3m2ngCdI=,tag:bPCdvjOFjpxxkrwA7Mhl5Q==,type:comment]
#
heidi-discord-token: ENC[AES256_GCM,data:FYvfUn8tG7glqIomSDj9rGyNQjnHSCsD/C3Kk/JR1vm/xkrxzXwP3rpyxAzqRQ7vd+zFBf2BJfV/zMk=,iv:b+aKcu98rxslEGSYf6t/jGwPfS256WQ3B/iuQ4Qeykk=,tag:e48Q0BraIvItyD2WBfbYEA==,type:str]
kopia-server-username: ENC[AES256_GCM,data:4onewFkWpi9g,iv:aA4WSS8T6KUcGbAIHDd8BjE0sRK/Qz0j4QvEnKdlt2U=,tag:FQlB0Wx2u8wT3TKIhMAyLg==,type:str]
kopia-server-password: ENC[AES256_GCM,data:6nMnhRA=,iv:Qz9qP+m0obzL+eHFmW1qVmc/0TR4Iw4X1GL4zACOSMk=,tag:v3v+33+g4y6se5q+b4e8mA==,type:str]
kopia-user-password: ENC[AES256_GCM,data:jPWeru4e2w9qzA==,iv:WpZS3Qmx8v12v3q1Lq1YrPnWw7BY0FhxurXYuaOdfwA=,tag:+8bQAnHRh55rUMdyoK6N8w==,type:str]
paperless-nextcloud-sync-password: ENC[AES256_GCM,data:pfLg3OVBqLsM4R7mSgLQEachj9gMkexPjBMSyzU=,iv:XBe1cdwlTjPfQW70NIEjD8CikK58iGErI9ZTlLWtCA4=,tag:qO35GdjljgS3/z5/1fCOFg==,type:str]
#
#ENC[AES256_GCM,data:Gdh/hjCaOuAE,iv:XjPXn3SskpUPUkDIEDl5701/g9QhuS83fACMaoPMiIM=,tag:Q7s8xZG/GsOtQrasekBnkQ==,type:comment]
#
wireguard-vps-private-key: ENC[AES256_GCM,data:B6IWYuzKV9YZ+G9GIjOsXVEVugwMY14PrwmYyHsFAJEb1OJRXMg8+zeFnqs=,iv:2QroGA10UVSmNIBHFSTeCgMBD3VjtiUnng3pkR/mPVQ=,tag:FGlCrmdccgsObyut6E5ggA==,type:str]
sops:
age:
@ -20,7 +26,7 @@ sops:
SURMTmh1TGIrRmtENzc0Sk4rNFJNUE0KOpjN6jkEHO+lvdWdp4P++r9SNSPWaT0h
FAbbvZZ/EdIk/njLEcayFN7B4ftTcD/f4XJZiyosilZnIkk76bMOHA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-11T22:33:56Z"
mac: ENC[AES256_GCM,data:JgDATuOkDi5DETf/pfXaODyaPeysmw28nrBlswSmESslf+T3V3/JVhkcwCpkWzb9/3MkW73NH6oDHo8wvJ4fGrbbcX2AqbwwzMqwDQjuec6Ztb/cf6nB6gCMhwDUuX6B1LbnQR5jyA9NneWDNJ6f/H9wOFU74uydSgYVdy8S+Ec=,iv:Rk/JFAC/Nj63v7zYXuFKfSt1zZJfHiRACkqpo/SONuE=,tag:QscgCisgmLSoPeXrlGsgmA==,type:str]
lastmodified: "2025-07-12T14:45:20Z"
mac: ENC[AES256_GCM,data:1NSA8aHrwgpiuH1cuZLZGpLw0eq8HBTyCyNypbxGB+M5fQESVClGAsFTUkce4xrfF49P1V0fIckGuDDezWYZoennw72Mze09z/eFA556voJCMRrvzTlGPaIK2xCb8awyh9BJdeaWG8JV8ck5PFOTl+sjd6+9vN05XttX8QEdPXs=,iv:cBohGC5SWLXiPIwypVyHzj3ro73kY2p+H8rgHA5U6mo=,tag:20l35bcoDsJPDgW68dUuUA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2