Chrayed/nix-fleet
1
0
Fork 0
mirror of https://github.com/Moe1369/nix-fleet.git synced 2026-04-24 23:59:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

secrets

Browse Source
This commit is contained in:
Mohamed Chrayed
2026-03-06 17:32:57 +01:00
parent 213c63e81b
commit 62d88daca4
3 changed files with 37 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/security/secrets/.sops.yaml
View File

@@ -1,9 +1,13 @@
keys: keys:
- &computer-mo age1yw3dt8myjpq3hek6gadzy8jd04l30ladgva7p74ktl7plfkwqs8qmk8c4x - &computer-mo age1yw3dt8myjpq3hek6gadzy8jd04l30ladgva7p74ktl7plfkwqs8qmk8c4x
- &mo age1nkqrkx782x6hnn5l8trh2e4v5pgygkx2ql4w8m20pc9jzsq244zs8d44qw - &mo age1nkqrkx782x6hnn5l8trh2e4v5pgygkx2ql4w8m20pc9jzsq244zs8d44qw
- &deck age18eu0gy9uhyeppljlq2faqnhlmtxmkx9up75x27h3mn5zrpz8ncgsf7fhfw
- &nadine age14r5jdwjan0ft0zerz7jtgqlr7hzzcuruvqnyqfp3l48cr0jdwuhsqkj4sq
creation_rules: creation_rules:
- path_regex: secrets.yaml$ - path_regex: secrets.yaml$
key_groups: key_groups:
- age: - age:
- *computer-mo - *computer-mo
- *mo - *mo
- *deck
- *nadine

38
modules/security/secrets/secrets.yaml
View File

@@ -17,20 +17,38 @@ sops:
- recipient: age1yw3dt8myjpq3hek6gadzy8jd04l30ladgva7p74ktl7plfkwqs8qmk8c4x - recipient: age1yw3dt8myjpq3hek6gadzy8jd04l30ladgva7p74ktl7plfkwqs8qmk8c4x
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMzF6WTZXRitScFpKdG1m YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVktUNitRVTVxdmxRM3Vv
aHBnaThnTmkyanYrL0pIWGlSRXhlTUVzQ1RFCnJYZXBXeHBnN3dWSjFUbDdCb2tZ cVJWOHlqNDY5WUNhVEJlMENIVmNReW5zK1E0CnNYY3h6TWxWOEI1bGt0QUV2Nk1E
NU5ZTE82VXltMVJLT3YzSVRIRWpUWkUKLS0tIHhtcno4WmJ6d0Y2NWkrOTZiWkNS bXVkTGJINldZRStrM054L0JJV0xvSncKLS0tIFZtYXZ1L3I2K2x4VlYvYkU4Mm1K
Y2xSUE0veVdCaERFUXpVeHdoVUd5V2MKV3DDB8WfAJkZ91MdWzz5Yi0D2u8ozeEi NzIzWkltSDlXK0dxdFVNakk4U2NVSzAKBkuVkOHwRHWUkwV4ivwqtK0E5JmToNT/
AQY7by2kpV4oJWG96zu6grR1FU/jNqaC+qTCtIcb3/e7pK9pHdstow== 81bYB7ty4a0iJtR52snAV5x9e2KrhgHlpwjagjeCo02n3Ejpa47RoA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1nkqrkx782x6hnn5l8trh2e4v5pgygkx2ql4w8m20pc9jzsq244zs8d44qw - recipient: age1nkqrkx782x6hnn5l8trh2e4v5pgygkx2ql4w8m20pc9jzsq244zs8d44qw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTFcwZnB5RGNNZWQyY2JR YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrcVF2N0ZYVmJCTnhudEZC
ekg1c05BSU9Qay9RYlkxT3pCWlB4T2VJd1VJCmpuc08yZlhZRS93cnpoS0lBeFVY eDdZTUVZd1lUWWE5L3FnUW9EbGFjUmZyQWh3Ck52ZGhvemYyakM3M3ZwT0d2Rmpq
ME1xQUtIcDc0aHJqVmJjUy9BbjhCMG8KLS0tIHpsMGVLSlhKc3JUTlhnTE1HbVUv ZXVCSjIwcGU4QnJGVTRTLzNHSGlQa28KLS0tIG9SUDhxU3BqU2VoT1NDNUEweVdB
RVVGdEM3UFg5Y0ZhQmlJTGg1eUQxU1UK0U3aR79JWeFyvQRDVVmyICh1UTDIIeai Q2dGai9SQTgvbGNYVG5ZYllPWFBmQWsKSttlEZLdG/JMLHOkDUueHga3c5fa+Y8L
6E87FDE9XRhAbneR5sHw4ujnZCSyX7njfDMpN23dpWX3smRRKVIsNQ== 6UFRIprJZBu/kPBzIZmHtKFKaAs3TfJ4KaQMMg2F+49Nrv1cMYPPJg==
-----END AGE ENCRYPTED FILE-----
- recipient: age18eu0gy9uhyeppljlq2faqnhlmtxmkx9up75x27h3mn5zrpz8ncgsf7fhfw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5SUMxcTNrQnhTZUJnUmFW
cU5mU1F0aUM3OHFoZmE3TVpzNUgzZ1c0WUFVClU2YWNBRmI2Z2JGMlBLa0g1Q05G
RkxYTGhJcDNjS0o4UDcwRi8yZWJXMVkKLS0tIG1IRkJ5Vzk2bnBzV0t3U2lpT1N0
enkxR0hGZVZvWTVkZnY4RW1DZXQrUHcKTCBoJZOYRjQVbJdv6HTN36KmlOOkjnO1
1MnVVi8Iy5AfoJ4S+zYuExgAnpxvJE2OlDMZB7kfRAKHBo2xgoqjBw==
-----END AGE ENCRYPTED FILE-----
- recipient: age14r5jdwjan0ft0zerz7jtgqlr7hzzcuruvqnyqfp3l48cr0jdwuhsqkj4sq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbG8rOTZDQ0RsOVhKYmR1
a2I0Q050Qk1BQVdCc0V0aE92N053ZzFqbkdRCkhDNmRMZVd1VU5OZFozMCs0Vi9O
OEVPVDBib1RJei9SWkUwOUlOZkxSQTgKLS0tIG82OVQ3amdJcFY1OFdIUUs2YklV
cHJwSXV0cklmZHVuc1FLSFhPMm9jT0kKAD9kjdxt0r+PnbDU2qNFT326/raBTvn1
YKNGXFNMfUb3mVPwJxJQ4W72pvIRxTp9SaTzrCZypk+l1U/JgExEOA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-04T19:16:00Z" lastmodified: "2026-03-04T19:16:00Z"
mac: ENC[AES256_GCM,data:WuBte+LcIsI5z20OGMQ4A+gd5QxxM6MfIQ1Q0ZvVt8fbCRncweQyF7qBvhBi7l6XvUj6WECjJ1Oxm6mep4Bd4XXJhEjzwXCImvXfHAK4YQPoo5e7+r1WyaQih7zceaH9lfIYv1mijvrTW9KWHFzaNHiwK5LzeT5H3KWAPj5y2aE=,iv:WHv6oK5OgI18jXuwqqLSOxlEcsi+MSoZeXVFD+UyM1U=,tag:V34xzu8F24/UO2oPMS8j4Q==,type:str] mac: ENC[AES256_GCM,data:WuBte+LcIsI5z20OGMQ4A+gd5QxxM6MfIQ1Q0ZvVt8fbCRncweQyF7qBvhBi7l6XvUj6WECjJ1Oxm6mep4Bd4XXJhEjzwXCImvXfHAK4YQPoo5e7+r1WyaQih7zceaH9lfIYv1mijvrTW9KWHFzaNHiwK5LzeT5H3KWAPj5y2aE=,iv:WHv6oK5OgI18jXuwqqLSOxlEcsi+MSoZeXVFD+UyM1U=,tag:V34xzu8F24/UO2oPMS8j4Q==,type:str]

6
modules/users/sys/mo.nix
View File

@@ -4,6 +4,11 @@
sops.secrets."users/mo/password" = { sops.secrets."users/mo/password" = {
neededForUsers = true; neededForUsers = true;
}; };
sops.secrets."ssh/intern/public" = {
owner = "mo";
path = "/home/mo/.ssh/authorized_keys";
mode = "0600";
};
users.mutableUsers = false; users.mutableUsers = false;
users.users.mo = { users.users.mo = {
isNormalUser = true; isNormalUser = true;
@@ -12,7 +17,6 @@
shell = pkgs.zsh; shell = pkgs.zsh;
hashedPasswordFile = config.sops.secrets."users/mo/password".path; hashedPasswordFile = config.sops.secrets."users/mo/password".path;
}; };
home-manager.users.mo = { home-manager.users.mo = {
home.username = "mo"; home.username = "mo";
home.homeDirectory = "/home/mo"; home.homeDirectory = "/home/mo";