From ff5de39a1972288b5d1ebcc218514dfd127f78a2 Mon Sep 17 00:00:00 2001 From: "Lennart J. Kurzweg (Nx2)" Date: Sun, 5 Oct 2025 01:50:43 +0200 Subject: [PATCH] all use vault sops age --- .sops.yaml | 2 ++ home-modules/sops.nix | 13 +------- sops-secrets.yaml | 71 ++++++++++++++++++++++++------------------- 3 files changed, 43 insertions(+), 43 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 202d793..5694f7e 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,6 +3,7 @@ keys: - &nx2 22FB2CC03DC5292AB81CF67D0AF27B383170E634 - &nx2_key_13 age1x2lpsennl74n0f5jl60uv2ffjcuqymzf9ap3frlz2quyv0x3hq3scnewwq - &xps-home age1pn4utvwpqdrswn0xurfdexn5nks9cd06jxzwg3m3m6za25ap4vxqxd0p3k + - &ace-home age1ur5zpr325cv7w0yn49azz9f48xsxd73w2sytt22yrnw5qs9r34nsv3vl05 - &hosts: - &north age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e - &xps age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6 @@ -16,5 +17,6 @@ creation_rules: - *ace - *nx2_key_13 - *xps-home + - *ace-home pgp: - *nx2 diff --git a/home-modules/sops.nix b/home-modules/sops.nix index e3737c7..bc34252 100644 --- a/home-modules/sops.nix +++ b/home-modules/sops.nix @@ -1,18 +1,7 @@ { pkgs, ... }@all: with all; { imports = [ inputs.sops-nix.homeManagerModules.sops ]; sops = { - age.keyFile = if (hyper.host == "NxXPS") then - "${hyper.home}/vault/age/sops-xps-home.key" - else if (hyper.host == "NxACE") then - "${hyper.home}/.age_nx2_key_13.txt" - else if (hyper.host == "NxNORTH") then - "${hyper.home}/.age_nx2_key_13.txt" - else "unkown host in sops.nix"; + age.keyFile = "${hyper.home}/vault/age/sopsnix-${hyper.host}-home.key"; defaultSopsFile = ../sops-secrets.yaml; - secrets = { - "example" = { - path = "%r/secrets/example"; - }; - }; }; } diff --git a/sops-secrets.yaml b/sops-secrets.yaml index ee4ff59..ea8f94e 100644 --- a/sops-secrets.yaml +++ b/sops-secrets.yaml @@ -58,60 +58,69 @@ sops: - recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUSW9RSEE1aGV1RVUzZXh0 - M3FhS01jYU90S3pOUzhKMUFndXVzSk8wYkZrCnhRdkE4cnNxWHJWYjVzUGZVMmNQ - N1kxM240OC9oOEloUjhEUmx3c3RTQzQKLS0tIGIwNUhjOURaVXNIeHR5SjNEQmly - QUFHYUxTSWREcU9GT2JUSXNBNndkMkEKCIPVu8VbDjsdDaePoivW0jMvzD/GZpHk - 9P1zJ0fN1NPCTi7spAyiyDWpJa6sfwAVj7Bs2zzFZoJZUxvE054YPw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxODZibjJwSGRJYVpyRXFh + UmFmRVIwOGhFaHhpb05iRGtTSnV0UUlkOUd3CnFiOTJ4cTN0OHYvQTlScy9NYXAr + a1A1YzFkdkttenhRa1NIUnhuVEZiLzgKLS0tIFVkTDRZNWhHeHN3MWNTSHJRbSs0 + Nk5FcnBaSkhWcXZaeCtQMDJaVEc1aEEK71jQkA/mOqNIdcNYHDnb43MEVKyNIOpT + 8J/CV6U5M+YGNvkHXafNFccHKY8dFPVDzcJl0lthECjcGrplzNEWNw== -----END AGE ENCRYPTED FILE----- - recipient: age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjb3R0bFhqZzg3MC9rZFVi - elJCTHdjVlpTVUtaUzcwQklmbVd6TXJsSUNRClk0VExaYVFkaE5KYWtGYmU1bGk4 - OHJYQUpKZ1gzUnQyaVpudVdiZ0RYb1UKLS0tIGNINzBHRHE3YkhMNVY4dVVlUVBs - TzhkWmxYU016TXN5Z0JDUVFZeG1QMWsKiukK/zVn6WEr1E5qKPULsyJQX8qDgQoY - JIeoG+OehtZ33VIXJfiNw60taM4XJb+bv/u9dzCY9ahW8M5VthpIlg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBK0dKQWQyOW8xQ0RMOXlv + SStnV0R1QWNlZlVrUGdqSTVUSUJHL09RQW5BCk1OL2NLVFk1R1kzTjc1OUR5TmVC + MXI0ZnoxcVRoNHFOa2FJT0RvOUtTakUKLS0tIC82QzlJT0RjVHo0aXZOckNNNElO + WjZEL0NzL0NzOUdMK3FaOE5Ub2x5OXcKOAahFXWAQNagHz2G+O1TPiKB7UqUl8p2 + K89cGfal6M2ui403lb2ygEi+v6K908Kh9MzGaDtR0r2k7kGQS4aFmg== -----END AGE ENCRYPTED FILE----- - recipient: age1jj7kfjw3e7rf9kwg5f87zf4ns6yr5465wcasanr9gcgwrq7c6dmq6gprgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOStIUnJVVU5YRFg0T0dF - ZjBMVThZSFlRa0lCZ2RFZ1R4Mjk0Zjd4b0RRCkwveXN2SmIwajd6R1NScXpQS0FH - S25rOFRKRzd2SFRlZHYxMnZPY3Q3QUEKLS0tIDZRVU54UlFiSWJlWW9LWVRqcGpD - RXIxSVA3T0RwZEJDTk1JWHZVT09neUUKX7QgyC+yJ+eDvKX2dW9XU2UA8WPC5Tsm - fzlmjPWR/E2Gdnoi0k2+HLWo46SUeMYdpZfx3gK+UmDFUags+SCHpg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNGhjNHlubGp3QzRkRy9i + UmM0ZlE5UUxhM0tCeHkwOUt2VEt1YldnNnhrCnZHWlpWZ3BpZ1BlYTlVVmFZQ2Q4 + RlF5UldLdDNOZTB6UDlBcldqRmhyTDQKLS0tIG5OZjZkdnNnbTZ2K3kzNGdqdGFE + RUdad1FHMTVFVU8xRmpCdHRnK0Z5ZkkKb+25mUdPRozNnyPXGCJOe+xtsOZVe4oy + SDpdoSASzq2uljMxVPyINJcbEThJriZAzC30Qt2aroc2zo3dnsnVMg== -----END AGE ENCRYPTED FILE----- - recipient: age1x2lpsennl74n0f5jl60uv2ffjcuqymzf9ap3frlz2quyv0x3hq3scnewwq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMUw1OXpCN0F6WkdBWFVM - M0VWdGlVcllTQlJKQUpKTG9wQ2NqVGEzVFJzCjE4UU92MlljSEIrZENFdVZpQUcx - SUh3SUh4bnZFVFpJOThQdG8wM24xZVkKLS0tIGJsUUl1QmJiRUFFRERrWWlMK1Fk - V2ZCS0tFUHNKckY1YXNRa3lwS3dVYW8KzrtAPlNuWQxSR2PEqFyqI5yv8jD2ZE3j - CT1SFmY9vf++WiOt1epby2MNpYdgyNrvlcaNUiE8Pt5ce0Y21pbq5A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArV094ZWwvTzJuYlE1Um14 + K09wUlcxdFc1eFB3bXgrSXlRK3ZRSnB1QXhBClhNZVFIRHBVUGkwOVk3ejc5b0FN + cEtkSTFHZ1FWUDQzZUJBbHRsMnhWMUkKLS0tIDhQWGpvV01TRHY0VnJCclRsVHl6 + YkZJWm5xWlh2NmtibnVPYSs2QjF0TW8KRj+d44ttYXoElSzxv6n4u9NL/aeXJQpc + Fc0797glPXgInJZkQSzCmjKs6LzY82I5D34evwuFzuwD/TMAGyo0/g== -----END AGE ENCRYPTED FILE----- - recipient: age1pn4utvwpqdrswn0xurfdexn5nks9cd06jxzwg3m3m6za25ap4vxqxd0p3k enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MHZlREs5OGxqTkZadmx1 - R2hwMmc1YlZTd3owOHRIajJQMnVCbTFPOWtrCndMQ2Evc09VazNGVktrMXVHR2Vw - dFZWMm9rdi9iQWh3Y1lQT1g2SDJqNjQKLS0tIHYwVmVLeWQvc2ZWUzkxZzdKSnZt - TE44bHh2SFBMNldkdWZGcXc0c05LVWsK7LfqdRED2NkJxAxq+48MlLyIV30ihe0+ - t269ote4qHDBx0RCZd5/hYUph/8Xf/fPa7Q6JYl6fkKiWUA3uWdbFQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAreTRVWkxiNnZKeFFiNVA2 + ZldmbXpUN2lyYjh0M0ZNSHpHRGk0aHpkUUZzCmhrZnBTWTlTYU13K2YwNFVCT1px + ZUhWODQrZHlIR2RQOFhmUXY2NXI3QUkKLS0tIHlDcnI0dGt3a2h6a3l1YkRMNkVr + QVRCdkMza3JDb01mdW5mbTZtbFVVR3MK3dww+AlRaTwe2oveZzcRaKgLE++U0jxJ + kaC8DmqQh/XbiqlJ9sIIg6PfmyME7ACe31TkZVc1MhSvVePmxRRLYQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ur5zpr325cv7w0yn49azz9f48xsxd73w2sytt22yrnw5qs9r34nsv3vl05 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoR1g0Wk1idkFVbUlNaEls + dlRMWHNFMW5HSmtyUlF5YnBMZkFGUzFEZ0ZRCmZoZDZDRlFIbk5mQU1Kbk9hU0p6 + WldxaHpuZVlqVkJyK0hEZkFaV2FKZG8KLS0tIGxMdFJBc1pDMmpKVm5mbTFRUU9m + SUwwSStwcmw0VDFLdTlqZDViV0k3YTgKukCR3ZJaJpEHNCxoisES9/uIULz1E7XW + w4VVHk+0fuTUCcCWz/Lpw58OgNdNz7mAx8Ji2Uyid3qTkd6NjdCVaA== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-09-07T21:03:20Z" mac: ENC[AES256_GCM,data:x8eIqQQGxtB5ukScesN1Lf4cFicTOi3VSOr/hFxKzccgwW7HLLEqwjai6e67KUFC2otaN9TR7ft0tUsTVwWRVRCHnpEoQ5KshLHy2zsk+CmPIpWTLCZJBpe154z3rRLlc10DCM7yhqArzepw0HgE4j1knADqLVwC7e0k+o/OmE8=,iv:uXeIv19J3LmYg7gtA2SGUSoMe9uccrvvztlDFSSs1V8=,tag:YTJpZdw1K+7//EARR+MviA==,type:str] pgp: - - created_at: "2025-10-04T19:49:10Z" + - created_at: "2025-10-04T23:33:42Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DCvJ7ODFw5jQSAQdA2lEw0/JamW2LbvTLg0PhRxyNFbBunqhNa0/Bgv9riF8w - 4MIL+i7o3KOAGF4h3NQpQNkG1rgMImzlXbSOzLJJV/uEMkew6VASKENAa+4FFo7t - 0l4B3QpXdQzCWe07HXhqG+YetjR8tM9Rtk5XZuw4XTyca49BZezXPCbqgstoSW+U - TSjvpKr4FeE3tA3ePo4Jo7HYa1qotJe97pgDqziWIqEIJNwNhwROv9aLagWX9cVd - =dhDw + hF4DCvJ7ODFw5jQSAQdAwFhdvVSDAhK6TQhL1Jd+Bw9KNHD5BhzMxM04+tsOmVMw + DDFAuBEfqGGzsJfrWPfdJJOPGYHK3vz/O6zitpCy1cF7EuSkak11nLDAG6Itozuv + 0l4BS8mBaxvNcJUePYCq0SY7qVmu+OGnchKJ2e3suJllxZ+Uxc9WDSBxRVGMcwXo + N2d/0dtdU8HAP70/L2SeTDMgK+lX++71DGAO45+c040GbMnB1SGJfWDa71b0BHVS + =5jtR -----END PGP MESSAGE----- fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634 unencrypted_suffix: _unencrypted