From 9021aa948efc0b8f5f9eba7694819a7f64a81997 Mon Sep 17 00:00:00 2001 From: Christoph Urlacher Date: Sat, 12 Jul 2025 16:46:09 +0200 Subject: [PATCH] Modules/Sops: Update secrets --- home/christoph/default.nix | 5 +++++ system/modules/sops-nix/secrets.yaml | 10 ++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/home/christoph/default.nix b/home/christoph/default.nix index e9830631..495a0096 100644 --- a/home/christoph/default.nix +++ b/home/christoph/default.nix @@ -302,6 +302,11 @@ ".ssh/id_ed25519.pub".text = "${publicKeys.${username}.ssh}"; ".secrets/age/age.pub".text = "${publicKeys.${username}.age}"; + # Because we can't access the absolute path /run/secrets/... we have to symlink. + # This will create a chain of links leading to /run/secrets/... without /nix/store + # containing the secret contents. + # ".config/docker/key.json".source = config.lib.file.mkOutOfStoreSymlink "${nixosConfig.sops.secrets.docker-key.path}"; + # The sops config specifies what happens when we call sops edit ".sops.yaml".text = '' keys: diff --git a/system/modules/sops-nix/secrets.yaml b/system/modules/sops-nix/secrets.yaml index e975e5b3..fc8a425b 100644 --- a/system/modules/sops-nix/secrets.yaml +++ b/system/modules/sops-nix/secrets.yaml @@ -1,13 +1,19 @@ +# #ENC[AES256_GCM,data:mZKPbrWtgyRvOg==,iv:vLyN3JkWWrWS+0pndTuom8cNVfpb8SUC4dA6m7utXoE=,tag:YAy2gPot6KFS9/VLVAoSxw==,type:comment] +# user-password: ENC[AES256_GCM,data:okgvaTTesCDwriI8PxhNdHZF8XgzB4yxapuFl2/CK8x4WNYxGFjuZqGKcu7pqfnBofNcF2ByuM+HLH9FKxpK0dMCoHD/laR1IA==,iv:ltExELuM7g7ydSAMj8ioF9Nb7N4xe5enhDQrVJ+k2jQ=,tag:AV165m5yKnX+uJnMyC3mxA==,type:str] docker-password: ENC[AES256_GCM,data:mK5YWEQPKWBtVCgRBZvwWTdVAi8MEGbLnLeP7hfDkcc=,iv:Az8+eAK6R6xssmmbhuEsDbLU+ks8lS+qzc4L33WfefA=,tag:NSXvRhbIuRZZqRR28Tu0PQ==,type:str] +# #ENC[AES256_GCM,data:Raagjz1qPvXC,iv:OSWTKaIlmo1paU2ZZn20XMeZ2gdM52pHmVZ3m2ngCdI=,tag:bPCdvjOFjpxxkrwA7Mhl5Q==,type:comment] +# heidi-discord-token: ENC[AES256_GCM,data:FYvfUn8tG7glqIomSDj9rGyNQjnHSCsD/C3Kk/JR1vm/xkrxzXwP3rpyxAzqRQ7vd+zFBf2BJfV/zMk=,iv:b+aKcu98rxslEGSYf6t/jGwPfS256WQ3B/iuQ4Qeykk=,tag:e48Q0BraIvItyD2WBfbYEA==,type:str] kopia-server-username: ENC[AES256_GCM,data:4onewFkWpi9g,iv:aA4WSS8T6KUcGbAIHDd8BjE0sRK/Qz0j4QvEnKdlt2U=,tag:FQlB0Wx2u8wT3TKIhMAyLg==,type:str] kopia-server-password: ENC[AES256_GCM,data:6nMnhRA=,iv:Qz9qP+m0obzL+eHFmW1qVmc/0TR4Iw4X1GL4zACOSMk=,tag:v3v+33+g4y6se5q+b4e8mA==,type:str] kopia-user-password: ENC[AES256_GCM,data:jPWeru4e2w9qzA==,iv:WpZS3Qmx8v12v3q1Lq1YrPnWw7BY0FhxurXYuaOdfwA=,tag:+8bQAnHRh55rUMdyoK6N8w==,type:str] paperless-nextcloud-sync-password: ENC[AES256_GCM,data:pfLg3OVBqLsM4R7mSgLQEachj9gMkexPjBMSyzU=,iv:XBe1cdwlTjPfQW70NIEjD8CikK58iGErI9ZTlLWtCA4=,tag:qO35GdjljgS3/z5/1fCOFg==,type:str] +# #ENC[AES256_GCM,data:Gdh/hjCaOuAE,iv:XjPXn3SskpUPUkDIEDl5701/g9QhuS83fACMaoPMiIM=,tag:Q7s8xZG/GsOtQrasekBnkQ==,type:comment] +# wireguard-vps-private-key: ENC[AES256_GCM,data:B6IWYuzKV9YZ+G9GIjOsXVEVugwMY14PrwmYyHsFAJEb1OJRXMg8+zeFnqs=,iv:2QroGA10UVSmNIBHFSTeCgMBD3VjtiUnng3pkR/mPVQ=,tag:FGlCrmdccgsObyut6E5ggA==,type:str] sops: age: @@ -20,7 +26,7 @@ sops: SURMTmh1TGIrRmtENzc0Sk4rNFJNUE0KOpjN6jkEHO+lvdWdp4P++r9SNSPWaT0h FAbbvZZ/EdIk/njLEcayFN7B4ftTcD/f4XJZiyosilZnIkk76bMOHA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-11T22:33:56Z" - mac: ENC[AES256_GCM,data:JgDATuOkDi5DETf/pfXaODyaPeysmw28nrBlswSmESslf+T3V3/JVhkcwCpkWzb9/3MkW73NH6oDHo8wvJ4fGrbbcX2AqbwwzMqwDQjuec6Ztb/cf6nB6gCMhwDUuX6B1LbnQR5jyA9NneWDNJ6f/H9wOFU74uydSgYVdy8S+Ec=,iv:Rk/JFAC/Nj63v7zYXuFKfSt1zZJfHiRACkqpo/SONuE=,tag:QscgCisgmLSoPeXrlGsgmA==,type:str] + lastmodified: "2025-07-12T14:45:20Z" + mac: ENC[AES256_GCM,data:1NSA8aHrwgpiuH1cuZLZGpLw0eq8HBTyCyNypbxGB+M5fQESVClGAsFTUkce4xrfF49P1V0fIckGuDDezWYZoennw72Mze09z/eFA556voJCMRrvzTlGPaIK2xCb8awyh9BJdeaWG8JV8ck5PFOTl+sjd6+9vN05XttX8QEdPXs=,iv:cBohGC5SWLXiPIwypVyHzj3ro73kY2p+H8rgHA5U6mo=,tag:20l35bcoDsJPDgW68dUuUA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2