filepimp: init with secrets

This commit is contained in:
makefu 2023-09-21 22:41:13 +02:00
parent 92bccb7713
commit 0cc0d62327
No known key found for this signature in database
GPG key ID: 36F7711F3FC0F225
4 changed files with 66 additions and 10 deletions

View file

@ -7,6 +7,7 @@ keys:
- &wbob_host age1fz3fm09mpur0r5pp43tyuzemkx3f0gfwtgfxj6usv28apq8pfc6qnw3z2s - &wbob_host age1fz3fm09mpur0r5pp43tyuzemkx3f0gfwtgfxj6usv28apq8pfc6qnw3z2s
- &cake_host age12xhv7z8w3zaq2c0mf940a8afnardplye9fd6p2m5ynnck3k7vd7q00sqjy - &cake_host age12xhv7z8w3zaq2c0mf940a8afnardplye9fd6p2m5ynnck3k7vd7q00sqjy
- &savarcast_host age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f - &savarcast_host age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f
- &filepimp_host age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f
creation_rules: creation_rules:
- path_regex: secrets/common.yaml$ - path_regex: secrets/common.yaml$
key_groups: key_groups:
@ -21,6 +22,12 @@ creation_rules:
- *omo_host - *omo_host
- *gum_host - *gum_host
# host secrets # host secrets
- path_regex: secrets/filepimp.yaml$
key_groups:
- pgp:
- *makefu
age:
- *filepimp_host
- path_regex: secrets/x.yaml$ - path_regex: secrets/x.yaml$
key_groups: key_groups:
- pgp: - pgp:

View file

@ -6,12 +6,12 @@ in {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hw.nix ./hw.nix
<stockholm/makefu> ../../2configs
<stockholm/makefu/2configs/home-manager> ../../2configs/home-manager
<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ../../2configs/fs/single-partition-ext4.nix
<stockholm/makefu/2configs/smart-monitor.nix> ../../2configs/smart-monitor.nix
<stockholm/makefu/2configs/tinc/retiolum.nix> ../../2configs/tinc/retiolum.nix
<stockholm/makefu/2configs/filepimp-share.nix> ../../2configs/filepimp-share.nix
]; ];
krebs.build.host = config.krebs.hosts.filepimp; krebs.build.host = config.krebs.hosts.filepimp;

View file

@ -38,10 +38,14 @@
lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0"; lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0";
lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
}; vscode-server.url = "github:nix-community/nixos-vscode-server";
description = "Flakes of makefu"; vscode-server.inputs.nixpkgs.follows = "nixpkgs";
outputs = { self, nixpkgs, lanzaboote, disko, nixos-hardware, nix-ld, sops-nix, stockholm, home-manager, nix-writers, ...}@inputs: let };
description = "Flake of makefu";
outputs = { self, nixpkgs, lanzaboote, disko, nixos-hardware, nix-ld,
sops-nix, stockholm, home-manager, nix-writers, vscode-server, ...}@inputs: let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
in { in {
nixosModules = nixosModules =
@ -53,7 +57,7 @@
(lib.attrNames (builtins.readDir ./3modules)))); (lib.attrNames (builtins.readDir ./3modules))));
overlays.default = import ./5pkgs/default.nix; overlays.default = import ./5pkgs/default.nix;
nixosConfigurations = lib.genAttrs [ "mrdavid" "x" "cake" "tsp" "wbob" "omo" "gum" "savarcast" ] (host: nixpkgs.lib.nixosSystem rec { nixosConfigurations = lib.genAttrs [ "filepimp" "mrdavid" "x" "cake" "tsp" "wbob" "omo" "gum" "savarcast" ] (host: nixpkgs.lib.nixosSystem rec {
# TODO inject the system somewhere else # TODO inject the system somewhere else
system = if host == "cake" then "aarch64-linux" else "x86_64-linux"; system = if host == "cake" then "aarch64-linux" else "x86_64-linux";
specialArgs = { specialArgs = {
@ -101,6 +105,7 @@
stockholm.nixosModules.urlwatch stockholm.nixosModules.urlwatch
self.nixosModules.default self.nixosModules.default
vscode-server.nixosModules.default
#self.nixosModules.krebs #self.nixosModules.krebs
(./1systems + "/${host}/config.nix") (./1systems + "/${host}/config.nix")
]; ];

44
secrets/filepimp.yaml Normal file
View file

@ -0,0 +1,44 @@
retiolum.ed25519_key.priv: ENC[AES256_GCM,data:g7LcQGS7GN8b3QxOtu14kF8Js/LCSSqMgnJFy7iLUc86Bu0hg+U3OzieIUMZnnWSZUItWGTNI12NOwyU+nwaSJxNEZCBAoqbeDrgQeGjhQquLddZrC9GHEQzTDhDpBEJBGRWCQuvcGr3cQy7lc/wRfl41sDB1gwieY8xVMsmccfN5NteuEVJEitrwM9uR9aF1+SWF18tzvp7K6IDAXW63+qyfSk6+eBWkbFCbnkqLeBQWrBPQmDq1b8pchmpKUcOrZo5wpd/hx8=,iv:3aAdU+ybx5vc6/Xmb1VkLQI260YgBqfqjTj7yxrHo3Q=,tag:67KTiBENs3Dw9S7GBS3v1g==,type:str]
retiolum.rsa_key.priv: ENC[AES256_GCM,data:Slq0kHwNE52lmzr5FazPbn3GKGnWDyUtCmOhbAChvcEWzI4+DhBDuTh1wKASjcSdXLxoIMWmEUjLqeYwfspvn9r3zPGpN0GWpJ4fIkqdElGXvZ/r2aiABqN9Ga9cIZf0oFL1A9F5e/L/Sbqjz43niAgRJM/qq/xff7M6GNGvB3/epuOyLUKejmgPqe0mQXQBtws7Kvh8OLaJQnMG2gFA9pq7wVY2KLmDdiELdjT8RlJSl5S4SFf3m0LuptSveC/FKmymch9NVoRFg5tewBRVvgH6kK/VAFrsfPjl1WRF00L3/1bBDuFOxq7fd1wEAc42vRRkTPoSilALDylmkPhd+XRGGKvTRoTodeApZhtu5B1ipHdEhtmkKOA2LTdkuGQ/leS+TnreEC3YpZL77GYBdDndpzT1BODWRcarkOObPJddglxnfYjTwdFmrD8FYWuBoYnJzSacuDyDO+1qCUAu6NRA0YGXIc7S1CvySQIC858zgCAbKZrs5nomvZPbE+dpSNNgE4anehVfWpNGxdd23eMZEiNIkJUmStXoEk8c3QdpZPvO+DofXhlFcDqvKGHW/Gf+1pAJBNQ1nWCIzoY+FPvUSzPkYpgq0wsMhb1xhXO5U65873bj3AnvUyS12+cJCGvPRKdUwc7JQpzjEw3pLme2uSKINqs7VO5BA8A56LU+bQnDxZnCQtf7UmDdLJSMGWzHgWGZsybXMQzD8eLw5cIF4R4GC04AkAVTDi5AM3TZq/eT3icR7R7DdNTsNQeQkTv5kVqWtf2kIW5ZyP7vwSGGvt03kk5wk45/Xl+wv7gx+eqeISuUCOrAFzyFOCdNokemQlvH2ILj3adgo7zr0Zkww1pHO5ZoMCEq7r/PW1JQLZYcxqnk+XqIBobGHx9nAy4hPRfYYncwA89yCJAW+pajr1ZlPmogr1Os4jBBt0olpuykYMfWJffcM45d4OuK65zyFCwFe5zSx8yypZJIh9yGAN0HW1E2BHRfa3iBXkNaKc5iE3lz0ULOjcbnIU7eKeeHgsJctx5iYjxSY1sVTbxzRo+1jS+fKeuNPa9qW51rMi7Hcp/0WeXLPwdIt7X1fjBQ9aJ5XFgUIcwMI1loIganag0BtwmqSG7uJFHlfITX42189bMvhzncSQsclsDoqB6s1q3bmmf5s+QasNwCetQPn4kkexmy29jwg8PRObEFatCgduDkNKjh9kuNDmiAU6chv0iPnt8qKZXUNvHefCUnF6NBQOaCUMCwKohx00HKhNyiOwkR5l6kpeDp7vgty8RMeLyVkxOPSM2CfKJNmLoaGCc38hdLDTXeBWkJANQwBkIn9G1SCyeYWJKjt2HLr9yzyrf3c+Qh428brsIXJdScXhGdTz/ELsWgHzBb3gsJ66OAnCHvu1qRIsm10FWvyDsquxe3HjQz8WSY1BcIEo4YlTIiwhTmPLygjHKkCXVJv9kLYSS+SuUtnafvxYYhLlruA2DbUMAxi6leyYl2gIH3L+03CeYDY0fcRtp2k4dG1x/MgbvNAHQUcg+4gr9ImgRq/WxkHYd4TFC6fUEALZGGindP/W0Ip+f9s5fEhRomkikEVQ9+67jN7RRy+1rwXl38uT2fkbco458BeyUpeD6X0SX4ESts7F7iZ1n/5KKzTHkGR5iQFUyRtXrOAvwMp2iTSz+qzdBoloipbUAEnYSP73OK0//Rh/H+jtycTjK8JHUU+zhoIiQclGBuGNze25+/6hVu17GGIF06bMN8huQ+IUuNogM/227KkUq7NgI9CuDfiy5YzSY2wtmV8yWk4TE2ZjrM6IP6iz8Kj15ydUJ0ivGLaS7uhrxEqvElAeW9mwKfUKxxul71MSGeidE42K7zygLNi6INI0pf3tOhkuZeBxqFwn0L0kDVc1YAM46Tu7BDLtuvIomftEQzIlLJQM0faLKl8MBDgvw53L+cKCJCxDQYok2fwx2dH80Xqm5pNjoFWRytRcz2tk/czEXXcTM2twOpApbIFRUi7fUnSJMk9wNOV17G9fN68Zt8+wiPyIPmj2QsqXRxKAepSXyEH5VGg3d6t/7BFuwM0BIWFwW2cbNw+PbH5Ppi2ACpX3tf6mEOsJbdrEfa+yRBzGR4b/1zbp/xJwSrMrfCq/WA/oKH3cGjDes+2/XfWfw/NeTDQP/wHMCTvqIyU0Ku34ri+iN2sHrxlGIPz/33XK2QC9c2XmZsmIAqqMBMbFZy0pnWs30Czxv3BQ4ELQ==,iv:tSQmA147RKKfiwnNOM3D+aqhd/EoZ2b+WCaxcL1BBhU=,tag:l6jpC4yrNQ9vbZD7xi4+TQ==,type:str]
retiolum.rsa_key.pub: ENC[AES256_GCM,data:RpNxJQxJkf8tw3m0tDKG8Du5M45sodfwtwwuacgOilsg22IPVZ+lfBtQeNR5R2psqEPmPBFi/4y6OTQlI97o5EZKQgAnpKetXlTuOVQaWjgRLYims+KCR+9C/sGYXDZvZCs5x+n+jTiFtCoppLAprW1XgEPmBuoh4u+pnKnu+RRQNgWIP10BPz3Vi6NmE0B+GNz5s4pQnNgkHhM20jrWgLa+S2A/VCfpeKOjrg3sOreZ1/fcNzB7J2/71vywjE0zt2jHCQ3MPT0EGX3NNYNxg6lQxUHlZc0wl8hUlSLMCBQInmdcWerMXWrYpImQmV7zW8wRq+4BiO0LVvNVrZwW33YhTxFQdpzakAPoAFmBXfEVVuAqRNFjvrmHmtwHnTKi4N2rhbY1luiy6d6LoiORqAbdv1ZY4K0zO+1lcHAYIhQ/wqb8YbMklJieweB0o202jCds/Nkf4QPoLkZaVgSSpNHxA8dFu4EiL3cGguZON5z+K5WeGk4kgpQWmuLCXeCPhXxbdBscfYxjHgET05FlSsFRc1pEVnUxFxPOW2sBzeK5JU4kXUBlG/3C,iv:x3S2vAwdmlzmhn4Hxrsaf+SykK3gi7RmGImUl2kR+KA=,tag:7qEj2TLXvGm5ma3tV5u4vQ==,type:str]
sambacred: ENC[AES256_GCM,data:2D+ykHX6IuBzWfW6rzv/uOcb43FY6NjNljHZFYS0rYd/DUEdNB1Ay0jN5b5fmXa16Q==,iv:n2ECPLH8ODyltL91s3WubfVGzBMy0/dxbrx2yHaLRMg=,tag:3xkUeu2wyHUrpkD587IGWg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxV2NRcGZXcXNwVVNMbHNh
M1FUMkc4TXREdThMMGZ2NkFBdVMvcEFaQUV3Cm85WHlhenBXajVRN0RvTnh1Skgv
NnJ1b3orTTRVd2p2QzdVRk9ycEMvOHMKLS0tIEpRS0xybisyU3YvTnk3aWJHWVk5
NEp0SG91am9oMGhIVEM3Rm4xZWw3OWMKhDxmEO0c/kj+SRhoJhB30txsddtlTPAw
9ruWXnIlOiBgxsbrTqC9JWDglYl8qV6xhWSMnhkqA7dh/pMSKykKqA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-21T20:30:35Z"
mac: ENC[AES256_GCM,data:L6qCecYAmgA6onal+O5M5OYzbEV4S1ol3KcIRSqdrcuhj8vC37EbW1uvRTq0P0vXC7hw9AFrRgbEpjVKiVTSkAU4kmGIY6dP7e88t5VdTQ5k2AIdCqDTXjqvKlDo/A/SneUgxq9yABngdHaT6xfT6YAPZAMHg1NkMwQ22w3fa/s=,iv:yNif70Sy+oBnPvl6FOu535b5gn7gIP0sKVdq/g+AYY0=,tag:0VxdZ5hhcdcVqsnWwI3SWQ==,type:str]
pgp:
- created_at: "2023-09-21T20:30:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA9JutVRDNegnAQ/9GInwub6EPJlUlSMCq7DdhryygmL1UvtYxuD/idcWWJG4
F/ARipjQIG9M2shLhBm5pWhqCMRJNsPSSAvKcJpDXke2lU3ihjcEYCjgu22lfJPv
x95gXpzShvVyUpFdKZ0+hLrJqtT24XS1eJ1S/5dCkNb/ADfgTfbFx8ZYNkDJaKky
lF9Bbt/YKPAJJg4lcBOb0VMK1Nu0FYgpbTo78HQ2p42PA20iQzacqGPtQPRiufvf
XJnUXHawEz+LvnjsfUVq8mBS9IODju0ULeDKnAwgp/sj02rW74ivAwH+lcI87YzV
7z+Em33OmZqAjU9w+wwGXG87bq5OpOJafcGOTNyTEK2eO6+drBNbtp+MG/97o3LB
ANOEsiXtUFAlCoOfhkzfsYEhoHggHXKQHuiWbap5wwRfXrhI8d510bUK/zNXFy0n
9/8PE7uhFUjuKXQga2qq8SH0uvYICchOOIo8jtZ1ZmAxkkFvQBnSnNlS7hgwxh3u
HDyapa0lDorZKAcSj5qt9hgaAZp81cO0IxkG/gjKDGvy0cnjVxQVmv/Vk3JB+4Wo
4eX2GD0Ywp23fndCoEgl0qTHcNc4pTbejTF7Y36sj2uvySz4mUUVatHueSn/zQv+
PE2hXsBkDe8jQvfd1Bj6k6GkvqpWfLT1qr5/yaCovlVcCyYcX1W+0N/IzxOsLOXS
UQEBK+VxlpqLuGyS1iKJmQwQ9HiA/ZqCvEeu8b5cGTZLURaJY5+zfEXt/NfEtgFG
d7ROgdESX38PsEyt+m60fUcECOKblHw+YBBB47jjdEEjIA==
=txlR
-----END PGP MESSAGE-----
fp: F7B8DCE46BC6B0A8F95477C8563B8DFE2A0E2029
unencrypted_suffix: _unencrypted
version: 3.7.3