nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sops xps

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2024-06-03 19:53:43 +02:00
parent fce5f49e57
commit aff6992949
4 changed files with 44 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@@ -4,10 +4,12 @@ keys:
- &nx2 22FB2CC03DC5292AB81CF67D0AF27B383170E634 - &nx2 22FB2CC03DC5292AB81CF67D0AF27B383170E634
- &hosts: - &hosts:
- &north age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e - &north age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e
- &xps age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6
creation_rules: creation_rules:
- path_regex: sops-secrets.yaml$ - path_regex: sops-secrets.yaml$
key_groups: key_groups:
- age: - age:
- *north - *north
- *xps
pgp: pgp:
- *nx2 - *nx2

50
sops-secrets.yaml
View File

@@ -5,11 +5,18 @@ example: ENC[AES256_GCM,data:WH4=,iv:dQ7quTadSmPNi3F86Xfzne02CVMzyFipcrHYfHdKmf8
#ENC[AES256_GCM,data:8rASr+5XsQ==,iv:1uCh1v+k4wGUlsYTh/yHVBsrUZtTOsQur8RL2YW3V3A=,tag:+3YzUslU/YVTHnU2QzY1ow==,type:comment] #ENC[AES256_GCM,data:8rASr+5XsQ==,iv:1uCh1v+k4wGUlsYTh/yHVBsrUZtTOsQur8RL2YW3V3A=,tag:+3YzUslU/YVTHnU2QzY1ow==,type:comment]
ssh: ssh:
NxNORTH-ssh_host_ed25519_key: ENC[AES256_GCM,data:4zIDtZzL196XTXg4qxCXLDvk9cD7cBvuK01TB/5ZjQp51jvbDA4aNgujEcVtcBQbCi34TsKMHa3j4VAdfeGrt6hmPLb1krog6/qsqSyFV9u9pBq2EqBokC0JIM8j5xpYWsswxa7/IWWuKTuJA3SXVey2SxJWMCzEXhov54L068ObVMJeKpg8C1+Ax6AohTG+ntYrvxIDz06RxyddfV/OBY/EbUafiDsNCa3rJo5jvsDSErChpXqvP0zInWnQF0bSyvo2CCwzAhHrN+c7dYkZ4cRMIMTnbfx93Qi3soWzfXvyZZsPIRW6UcvNfvNLY3g5amkQzUCYTxgXfiJbpoUHv4EZybOfGTU9sS+2s73OfWzkeQpJDp3QYDGCIdEctFkJ1ntFhdL2XKKHsvMPIWuOHbBuE7dG7yNyzICRAaQH4MDIrDDywXloGC+J6Vwjte/ZiNOjZA1WUPpVhlABppM0XQNauRz+uXcF7JCSn8mj1KNaD0JM2AR9tlu6sDociLq3JyoJMXoNNhuM//zu0Ac9,iv:BGc1rCP9LHpYpIMY94tsEE+YltQBx4ZouOmHZlM7WlU=,tag:7DpI9vXJ1vkZjDj2UtQ/Ag==,type:str] NxNORTH-ssh_host_ed25519_key: ENC[AES256_GCM,data:4zIDtZzL196XTXg4qxCXLDvk9cD7cBvuK01TB/5ZjQp51jvbDA4aNgujEcVtcBQbCi34TsKMHa3j4VAdfeGrt6hmPLb1krog6/qsqSyFV9u9pBq2EqBokC0JIM8j5xpYWsswxa7/IWWuKTuJA3SXVey2SxJWMCzEXhov54L068ObVMJeKpg8C1+Ax6AohTG+ntYrvxIDz06RxyddfV/OBY/EbUafiDsNCa3rJo5jvsDSErChpXqvP0zInWnQF0bSyvo2CCwzAhHrN+c7dYkZ4cRMIMTnbfx93Qi3soWzfXvyZZsPIRW6UcvNfvNLY3g5amkQzUCYTxgXfiJbpoUHv4EZybOfGTU9sS+2s73OfWzkeQpJDp3QYDGCIdEctFkJ1ntFhdL2XKKHsvMPIWuOHbBuE7dG7yNyzICRAaQH4MDIrDDywXloGC+J6Vwjte/ZiNOjZA1WUPpVhlABppM0XQNauRz+uXcF7JCSn8mj1KNaD0JM2AR9tlu6sDociLq3JyoJMXoNNhuM//zu0Ac9,iv:BGc1rCP9LHpYpIMY94tsEE+YltQBx4ZouOmHZlM7WlU=,tag:7DpI9vXJ1vkZjDj2UtQ/Ag==,type:str]
NxXPS-ssh_host_ed25519_key: ENC[AES256_GCM,data:tdWOujPO,iv:jATctkrtEhrdQvw1jf7UCNYqltQaN8ySMpob5VApKJY=,tag:s0zu/eXnzW6eqqnGTwBJqg==,type:str] NxXPS-ssh_host_ed25519_key: ENC[AES256_GCM,data:OOkbAOl8BYNBC0mv2LLyhXHiugnfp8ULM1H2upHD+D041MZeUjAvN+E7XaHuLHv1yddYvnT/CcX0yrn29mHzhlA/gEaOt7jr1n/pEPasOuxh476oSot6fIEkCbXCCEX3KF5t6Qr5y2Z8ZKiETRthqqcTxvYc/sy5ER+FPx3qqdnhWTQKi5wsXzYXqcAR8f8YyTDnHwxc98AC5MK1AEhIZ98eiJy8ifPIp3VVD3uVYtDYX1pT5hyntIa+LfvGi+Wk96rktEVO81HskKsDeif26fbnzqlqXvpwmkiH1IUTdp+8zJp9kXbL+W0S5RINmkmDT38+z2kNT9l6e2WOKwrL7hUoc6BV57QrtwxClQEZv6RuekX9DGI3pOP96ZNi7BZ7UwzmdkgK/suaGTtF/RgdccCs9FyBZfsYDNElMQqQBlXvXG/hnyIxHIPCLAnFEgFvkCtLOZjYH8Rp/BO5n53wOFkG884Wn615o98bD4CL17tLaIkoWtwUIpmJj5COqLWJvziCa2sEwvbWDfb35xzR,iv:MFIv7bXxyXDr8pQnVE/lAjQ69CnTPRr+out5/yRkeJk=,tag:++jnOAabbc/1ROerlwZn/g==,type:str]
NxACE-ssh_host_ed25519_key: ENC[AES256_GCM,data:1dh3SYzf,iv:tG5maEax2fke5bhdcdAoMp8AObKbs8kKI1p5akysu4g=,tag:JTDa1beKwTQ9ggwlkdpYtg==,type:str] NxACE-ssh_host_ed25519_key: ENC[AES256_GCM,data:1dh3SYzf,iv:tG5maEax2fke5bhdcdAoMp8AObKbs8kKI1p5akysu4g=,tag:JTDa1beKwTQ9ggwlkdpYtg==,type:str]
syncthing: syncthing:
NxNORTH-cert.pem: ENC[AES256_GCM,data:nmI2a5G345pkmEbaQXsNWRMTbZGnH3zWZFWDJ0Gys5e9l1+Y8GndRHaiGnnPwAjswk7GRt3VqUtluCXEq1hYOEjRWqzziNGs2GjJGw8ddz5DNKtD4jriAKMYhZWTZXg/3rx/mSx/9qk79eGxbZmPzi9qAZi+phnjh+dUFuTZEvn3WM16+JBc8FEgX3AvgTbGR9bJcBjINvGSiYIQWKSLIScay9zHSYU62Qf24nPVRuXGibL7xOiV+HgBqA2N3VKY0Th/l4X/SrXrRAFSWJ+/ZuhRI6gS9ZcawlZIKpYtbKmiDpI0C/qGLhjjF2HKQMrElI3Nb+iHRoIS+zUMsa0RflgEMLCU71Ix22LzGLlbpyhvNja8sFLS1WnDLYafBg4/zw8cEJxPo+XZFtwms0GfQdAmvTTdtFTWHOqacuGMz1mZAYG+QLKd5xwYlkxVOarqGXX2l1TbbkyqaKAl7rWIx/3nF5Mhvob65DWNhPtSAj+39oHF1mMLmEitHiyHFn8nzSRvCkKiBAz4Xgngkq2HRyjpuxXcSk+RnbD2Ahuv4+X6IxSTYQnxSaxPvBqttvNLOIwSFbVqHiQgaH0bggecvQ3W/wBuXw50oUwK2baBKf5ENq58E6kVpO/IXvUCP1Oa5kVNKkQSc1Xig7SCFxTufEU2NmHPJxs2W0Pnf/tA2EyunkdHCMTO9aeRm5WCncbsvsHnTvQKO+F6CFL98zFItL74q831QGdFLxqYfiIhxG/cFjmzbESJJ+SDF25uNtsDrLoGTUJYeCIq3W+zMwUbEuCNiKpn7RvvHO4gP/pwwh7at6kmUbwjUNW9Ex3wwtIXQIsa5g1fIhTBXAATm4USOOWjN6XuHmqoVdjbgJ2VuAtwJyF7jP3JZvhiEaIJOjeAUvv5G4Zzp9FgyNJ6YTtOpzD/bobRDpDaVmitDNef2rDggbWACcGZ3uTgn4bylnCowyPS0T2JzolR3AhsC/xbjesBkHcnWJCrREdsvPFgeKm77IIFLwfNIq1RXYKt4vjmvTMe+dFoFscybV1v1lG3qQc9PaPezw==,iv:7N8WtW/yJWcK7iFzHhV+vjnA6uxDl1YrW/rnXlRWi6o=,tag:EMcVWqJHs3YCj4j+xz//FA==,type:str] NxNORTH:
NxNORTH-key.pem: ENC[AES256_GCM,data:Zdtype95U/u6HXMsBQ9lG7LRv9jCksuiYCj5LB1pzO9w4O8VhcoaT54tgel9g9YBr5VWKbu2AOqrsVnwtmEUfx70Thsa6sYgYnFxkrxIMnXCPEvs9yTKOyO8OPaBFSO5eKOCZFYSx5jJ5anlxZ6JA6nDpevf/C93zaZYGveucYbcLZcdm785j1eQ6uS0HvCnYACgoy54Q6GcuZ3/mSioy4MIsEW/QCm/67rRlL3kRmdXTJBd2S57ZpS4ECxwcnzxbNVItS3YhmlaJpxRB9M/UwSiXce86AowKTmj5ckzwKRcM9bVP2c5oHLenVQIMQOvq2BUVpYk6/5kQ2HBb83E1/dkC7ZL81lfKpNspJP5upaXmZ/U6HmAS6vT31Lsj7NZ,iv:/vt0Z4a9QEu8a53c0djtkvtglqnKo96CYmBMXSccz3U=,tag:qCinJ/DoUbc8vPSJVY+rgA==,type:str] cert.pem: ENC[AES256_GCM,data:G/cFGWFRryPoSnxNw9QF8oMFmwSDNOYhpWDWqON9akjQISBco72BqN08k/J1GA+c/5+IkhZRqKJKZGt8UsuZPErLH3uLrMgqyMwcfoMWqf1Bv/dJWPkv2hk4vsVl1lrNLwgN5075tfDqLNhRO7NYGXbh0oaL4OjyQmkkgJov8omhnLE6K089gdRYaPlcbitReBuv6xTLnJ8LVWyZe7n31FoEcwrj7zKt6uMxTCUMyDs9ONgN+JwXcL/E4gZ+8PbFwmpW7eR2T5vw7Hw+1ZgzBEDqdiAE3wuDajfYXnXMd0DfBLPbPHmeLklXRcqFNWn3jW7NPLASivqxABWrjsNwpqZWZFA1z7GAsz9LGoal6jUQELBbQv0oCrsfvcRaD8xGNVUwRwHIkAjh0Ia5GZPUGRPeeyVpoLdH5NfZLjU2erB44L4ClxqR0lk0ovZ8i11M42wtJp6uErGIgTdOfd7Sg7fkIvfgIB0C1h3MC5KGR9xlz2rcOW5Lh5rBhzs+81LZXpW/dOXHktEFiWRn+FFjpInLno/V5wFJXpRrlytIvNO+SsJAhyWU6Cko7nQRQYT5HaTHQW+yTAUEmP6K6PcT5zCQax/F3E/j5TccNjPjvVpLs0weL7DUG/j+UOh64U2e1pLZnYt0ARXytcXcfy0ht8S0+aDiLZ+kZbY0BwsY8IsoB/8S9TtxR4WYzPr+U7ldgVNGTdDAUlldH1zjPQH8FMblYDC07TCZJR66RQDDYgC+g7AekP/CO6qaz8P2R+ghk5wuaVUCSqXWolXKzlo+VY/qUTRCbuAW4+s4y+rwVRLVfaZglyqXCkfCNwtE1lH5ZIkZIuVFBF9aRvgiuMYoBTpaCEie+md2P9nYqGm70il+vaKqQfThM/+1UX0C8BKkSL4yIswSHtaZKVeScPEtJg6+DqgdwZEQ8WLotdoNcI8qNFNTO+HSBfUYtudYKOkujgt9Dm6H1OCIB1Axbj3ukYufXhcSATNI/m5jGOWwf0RAV/JrWsdnvou5PSEVg97D2DjPuG3a2dVyTke5kszr7uqdrUfixA==,iv:2vhqS0MFm4IoSu5BFzimg+p2bDTIqeqgvBbhse2jcU4=,tag:sxUlLyhn3Jb0Z+kl6ohEQg==,type:str]
key.pem: ENC[AES256_GCM,data:bo3adkzno1JlGRllvm+UXg/PWJpoDwHoNoH7RDNLW1f+3yhVj7jW9mJYwTcSD+hrAHjPa7MNAzz/uT0EOX6EgB83CLxCmYOxWJM8CJIvbeLA1djdqS5YLtkhQEiV+upuP1tElisSUVJao/0v4W6CAqRd5mv5FMOtm5GVMk0w0O4O9FZOOY9RjFh+x8rXjhKUxmLi8OdHg5EU43+pP95nqF99uLQxtTttxRsbeoN4666d2b9Xwp7j5HcOhAdkvdijJj5NKOwvG/bpak98lO3jFY3NrcJGFUAPMsb9xwWLxWuPvpvQAQSJRWOupvvvSDXEpjedeHUOOPoUqa2bNcZWw00t7UrAabS2yg5Lfo8GPQ6lHPGQuarZeKHJBIoab5r/,iv:d4nzWfUkrmZEFDr1C4+MI2vzyLBgT4OwRZb4hPskP6s=,tag:DoWTkwZnRHibM9kqqXUGRg==,type:str]
NxXPS:
cert.pem: ENC[AES256_GCM,data:DQhlDJ99Qbbv+qq79w+rvZJApH51U7KzvCWgUb5D/MBEYYv4Gq7Srntn/BrZjfUBUQCtK91cR3lHsWtRI/QkBzOtMxJcO7GhEC6mlrJ6hkukmZ5Z/e4W+kUrVbgSqUqq2UB4fDGrBNRcli9vleRmtswMgzcPv207p8n0OyYypkAsgaDlxKbylpOLcF2BFXoIR+R6cpbis5nU3vMWJopEdzVDDgl6qW4gZXjTOPcWUJ96IGXKSuTBN1rbqMAI3e3D2u/aK+RTs0KKGmSfqWZkJFM1GJERAa6OHzgLLXftERl565aBBKMgxHi7G9Z4vTSYvsdBzOHqKsK0V/JL8AGsCtVcgM9F8GMYRGq7mSJEcRK7B5hY/zzVJZZ2acLSuUoN92c5R/ZvMwD465nqaemVuc4gP2nu6bqyLFuOYEkuajXRJJElhoegPxGVyVtQm66093pPUB0zFHfkhT5CbN/qyo6ubuj7J8FwR4eBFUPI5aDrKb9diSHduohh7lzB2y9w/JwiZC4JqGZIPh6hJ8U56mA5GxLaiPv00p1CIIZKKdEX1j0IKPXkyVytmcveOHFuJj+iw3ysPkOD2Z0pUAt0DCfSmhx1MSzbEk3KDL4Z1w0mcH+28IZQ277t6Rq9vWp1Bvv6OSw6qcKTl4YSVsFrdoFZbZVkd0UYkb17jk6dEXt2aDU2V5D29FhuQrStygEvA3mxKUT7SOAmcsWDSTnnyfEdO1t4/z/2rW+bWl2CqnOXhs8j+a+PMUw3zhIs7alx1hD9H6yEUY9AmIBXETco37fwzP0WrM+R6h4G+fPu6LBuk+Xdi3hda485Z2RVFhCRrZk/GJ/BNGHJ45OmXi08G/G0IhtBjJVavScnO8f2CLq/OMAwrgDeoX/Bdp5MegjfHcj9BpnqkI6j1c28P1/GbIg5QgWv9xJfDAsgCuziNZKzXhi1jEeo6jbcOc3nqJBJS3bbWLZrAkDPIscZyhAJrBs+Ay5R39v853MNOWTbdUMwqX5ksyBuM3E3fxaO97FFxfDXpL/LaSrgNvYsagm07DAHbbhXz1jQbDc=,iv:ABR974ZNDnWCzA0rcI86PPztX7/hZCadc2dhxJfrldg=,tag:9oAAMs12m8qMhTKai7p3ow==,type:str]
key.pem: ENC[AES256_GCM,data:etNgxfryF0MJGX+X0guZKAaEh/PbaR9sVmbi7RikvL1okBUDxnVewOFuPQLKjDIpqhD8MIhUb4gdoWKq02MpqEvrlj3C+ffri8/8HLuwsm/vBniNvZHwdKyyWcodTUa5TpJt6nJMUzjJtKfv8u0dEEoQUbGN+nmWnJRSIczsWdw4RE30Hj/byiIWDZXmNtcXE5M6O7+buhqbmPpciFh6YjjofnJZ4KOD59Cmkl/KdGjaJUymsFMDmbDQsmeYmmzbfXuAZkW7C5KpBovAppLIn0m7H+ORyBK3wEZl+Hc9zK2pzKPb83qTclXkLQEx2Yfjdw6eK11IaqVBBSPPDgR0SZRwuPTlsoZqdlo1IUaKO77D8ARAohj+4X3JKfu0EeM6,iv:oGBk17V69Z/Nffc/pgqRoqsUFH7ZhCnQS3CR6uh4mQM=,tag:f4j2u6vr3tJpess37m46vw==,type:str]
NxACE:
cert.pem: ENC[AES256_GCM,data:Hg==,iv:NWaLNrHid5jUvAuiXUj3Rm4QLtXQPG+7NTITA7DBtwI=,tag:HuyWANId50xpByZBWSyjYA==,type:str]
key.pem: ENC[AES256_GCM,data:/w==,iv:QHILq9oHJ0nK3Wwy9ClDIBpppgQmyFJHU+Cb+ReVEXE=,tag:i2uPgiNKDjSldcORBPaYVQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@@ -19,25 +26,34 @@ sops:
- recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e - recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuQitqblRZVjZGS3p1RlpP YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrdkZKYWFJQ1Nyc1AxMktY
cGRPRWI4SGYwekw3bXhTOVIzcTJZaE9nR3lVCllMWHFrNTZPNTBXUWg2VDRMTUlW d3AyT2Zsc01ZUjNFdzBPU0srUnFzVklxNnkwCm9Pek4zVnBqNEZoZ1RlMmxibis1
SVRDU0wwNmN2bXhjcFhNbE1zNXVsWVUKLS0tIDNCcTBxVUYwbDhJWGdlVUo2ck5z VW5vRHpPbENSbTl2cnl3a2JQNzlTelUKLS0tIEpUSHpwYytBT21BTWdWQlhHcFJt
UlV2VWNjcjUzcC9KZjdsa25qU0wxWk0KqH+D2YWSk51R5qsRnom1xAu/jAEe0Wx9 SUIzR09xMmhWbzFOUlhmRUxHUWc1MU0KwXJtg+4bf1ao9x5tJU5fm9MUKYwz7GMz
A5Nfrr+P+5oTnrF0MSP5o4zqFzs99PEcCE6sCksZoqkMYXbhXozgPg== dUua5Wy6DGgiGBLVTLxXaBjc6uRTNHHiRCdd4xja1apnh0dqkVsRIw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-03T14:14:15Z" - recipient: age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6
mac: ENC[AES256_GCM,data:0ik8M9+V6qlc+5Z5rPi0X9UOa2Yf/cZdrpsXXfPj7hV9WSVnlDn2kJGt2PeLT5TwllAWm5mMVgovKEnuI/2hrck4AAGcvretvC0EPHr5Q4FOx84A8pDTsvff4x555mYyaGC4C5s8hUPe/OwwJXG19FWqHBVq638K/jFBS6mUk6Y=,iv:f8g+2vhqwgaYtG0sk5MdjQwPOVgBt/uNwojFyGgWUNY=,tag:HQyWQNRaAhmIJ+A/Uvbi+w==,type:str] enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjT283YjMrWFBWODQ2UU1x
T1djNW5HTUlRdWtPdGtJUjdVcUhOWEtzdkhnCmdOUVhTNzF6UzZpSTkvNUJFVDhF
WDZId2o3dkdHOG5QL05RaXpLNk0zZU0KLS0tIHUwT3BCOVZEYVR2YXc1UTZVdEp4
NzBKelE5NENBczJIc28xVkVmU3FKWkUKBEyLzVMSlID+p/ZcpZiMzqXhHoQyBnbt
AJ/vc2SStdXtuKOzCj2cKm2HV3U0nBlp0AFSRsreQZ3nPYya8fryZQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-03T16:42:49Z"
mac: ENC[AES256_GCM,data:pssDZOSjK8BY3i5aiJxmNfCX/L6zN+9U3QdQw6TEaLVWpcW8QjtAATh+/5z8G88ROQR/exW51C+saNrnuWsNU/oQ5MSC1r/9fbqjs6MLAHXS9Kl11xdzMw1KnIDRUB1tzPzL/WgqTnaRV5ND0mZdfbMqk7ivynjJGwqIjbhEybE=,iv:2wFVEL70D8zfKdYEnTV2qGC9MqTghpabzKnhF1ZOXow=,tag:CFZw6s4NttzCMv+mhUefTg==,type:str]
pgp: pgp:
- created_at: "2024-06-03T14:32:43Z" - created_at: "2024-06-03T17:01:02Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hF4DCvJ7ODFw5jQSAQdAw7WVNFgl452xdetQH5D9TjUe/CINVE19hjBMNNqn+X0w hF4DCvJ7ODFw5jQSAQdAoSxKmoTPq3yDgcXE3Dn6oS/yy/aHkFZEgQAR/UC7xwYw
qnbUM5s3wCofJSdVDSgleVXXZA1KcbW0ORbd6FVPv8dKX3x2mUMDb/tdLTkYzOL1 8Oqo6j5XATs/hoShbQRNPkLjtagmehW87qk2QckfiVH08MM3SZ8lhFTWs9/jsQSi
1GgBCQIQ+10jG029Xa1Psa3J0ZXs9UOz2vGiuLj3kCDke2yfwUM6CHKEWlsaJXNE 1GgBCQIQqOSY+v/i1JWEPvXW/3nLRa1lvpnj8P6yYbRZQ6F3Dd+wgzAcmckko+M8
QYphW1hlKYZmcMU2ZjKTVzyKHbsr6X+guakozwiDW2DQDxZTFtaNKcrr0oPKa1Cn x+T1x9XcKUtr1eEMhozzzy0hEMPCl7AzDIl7AUALnaCkT6Wxd9ce6NkEneMroHol
ZOkzYH6Zwoc0Cw== YK1GYaVYIR+cgw==
=4e5L =DI3a
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634 fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

2
system-modules/sshd.nix
View File

@@ -4,7 +4,7 @@
environment.etc."ssh/ssh_host_ed25519_key.pub".text = if (host == "NxNORTH") then environment.etc."ssh/ssh_host_ed25519_key.pub".text = if (host == "NxNORTH") then
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1r5gUQPPS/dGB0SsvWtP6WdNWoxMwhhHRrqlO19cJt root@NxNORTH" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1r5gUQPPS/dGB0SsvWtP6WdNWoxMwhhHRrqlO19cJt root@NxNORTH"
else if ( host == "NxXPS") then else if ( host == "NxXPS") then
"" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPf+08+t8a0lY2+nR1mhIU3vuksStiJOlojJjzCwFk7r root@NxXPS"
else else
""; "";
sops.secrets."ssh/${host}-ssh_host_ed25519_key" = { sops.secrets."ssh/${host}-ssh_host_ed25519_key" = {

23
system-modules/syncthing.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, user, host, secrets, ...}: { config, lib, user, host, secrets, ...}:
let let
# helper funcitons # helper funcitons
conv = _: device: with device; { "${name}" = {id = id;};}; conv = _: device: with device; { "${name}" = {id = id;};};
@@ -25,14 +25,8 @@ lib.mkIf (user != "tv")
{ {
sops.secrets = { sops.secrets = {
"syncthing/${host}-cert.pem" = { "syncthing/${host}/cert.pem" = { owner = user; };
owner = user; "syncthing/${host}/key.pem" = { owner = user; };
# path = "/home/${user}/.config/syncthing/cert.pem";
};
"syncthing/${host}-key.pem" = {
owner = user;
# path = "/home/${user}/.config/syncthing/key.pem";
};
}; };
services.syncthing = with (builtins.mapAttrs conv devices); { services.syncthing = with (builtins.mapAttrs conv devices); {
@@ -40,10 +34,8 @@ lib.mkIf (user != "tv")
user = "${user}"; user = "${user}";
dataDir = "/home/${user}/.local/share/syncthing"; # useless ? dataDir = "/home/${user}/.local/share/syncthing"; # useless ?
configDir = cd; configDir = cd;
# key = "/home/${user}/.config/syncthing/key.pem"; key = config.sops.secrets."syncthing/${host}/key.pem".path;
# cert = "/home/${user}/.config/syncthing/cert.pem"; cert = config.sops.secrets."syncthing/${host}/cert.pem".path;
key = config.sops.secrets."syncthing/${host}-key.pem".path;
cert = config.sops.secrets."syncthing/${host}-cert.pem".path;
overrideDevices = true; overrideDevices = true;
overrideFolders = true; overrideFolders = true;
guiAddress = if ( host == "NxACE" ) then "0.0.0.0:8384" else "127.0.0.1:8384"; guiAddress = if ( host == "NxACE" ) then "0.0.0.0:8384" else "127.0.0.1:8384";
@@ -58,12 +50,13 @@ lib.mkIf (user != "tv")
folders = with dirs; if (host == "NxXPS") then { folders = with dirs; if (host == "NxXPS") then {
"${default.name}" = { "${default.name}" = {
path = default.path; path = default.path;
devices = with devices; (justname [ north ace s21u ]); devices = with devices; (justname [ north s21u ]);
# devices = with devices; (justname [ north ace s21u ]);
}; };
} else if (host == "NxNORTH") then { } else if (host == "NxNORTH") then {
"${default.name}" = { "${default.name}" = {
path = default.path; path = default.path;
devices = with devices; (justname [ s21u ]); devices = with devices; (justname [ s21u xps ]);
# devices = with devices; (justname [ xps ace s21u ]); # devices = with devices; (justname [ xps ace s21u ]);
}; };
} else { } else {