makefu/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

secrets: add kiosk user to wbob

Browse source
This commit is contained in:
makefu 2023-07-05 15:26:05 +02:00
parent 27df4d49b1
commit c0e18e4564
4 changed files with 76 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
.sops.yaml
View file

@ -5,6 +5,7 @@ keys:
- &gum_host age13ekyvn5ux7zyvclwlrpnhgauw5s6dzn538msjka8vpwhu535ychqa7dk7a
- &omo_host age1g0h4fhgnfr7zvp3mqa32u24k4nlfpqmk4dvl5pwnj7t3m6zl2cfs3mw7ht
- &wbob_host age1fz3fm09mpur0r5pp43tyuzemkx3f0gfwtgfxj6usv28apq8pfc6qnw3z2s
- &cake_host age12xhv7z8w3zaq2c0mf940a8afnardplye9fd6p2m5ynnck3k7vd7q00sqjy
creation_rules:
- path_regex: secrets/common.yaml$
key_groups:
@ -13,6 +14,10 @@ creation_rules:
age:
- *tsp_host
- *x_host
- *wbob_host
- *cake_host
- *omo_host
- *gum_host
# host secrets
- path_regex: secrets/x.yaml$
key_groups:
@ -51,3 +56,9 @@ creation_rules:
- *makefu
age:
- *wbob_host
- path_regex: secrets/cake.yaml$
key_groups:
- pgp:
- *makefu
age:
- *cake_host

1
2configs/bureautomation/default.nix
View file

@ -1,7 +1,6 @@
{ config, pkgs, lib, ... }:
let
kodi-host = "192.168.8.11";
unstable = import <nixpkgs-unstable> {};
confdir = "/var/lib/homeassistant-docker";
in {
imports = [

86
secrets/common.yaml
View file

@ -10,42 +10,78 @@ sops:
- recipient: age1p7jqdpahxtf7j70kmzy7vg6za7wg63u6sq7ywuw6qkw0qek395nq5kyzae
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUUQwRjVYSzhDZFVXWTBS
czB4TXZuc2VXSDNtbkZZZC9hZ3c5bkNqaXdNCnJJV2RHWWVES1hpSlI5WURWOGRv
a1J1MTd0Q3pFVHFSNDNWdGFEWEp2emcKLS0tIGhndkxkQitzZ3QwUEJGdU5FMjFP
S2xPTlVlOHNvQVc0L3NaaG52cmM0QXMK6Y/PpW55BwjUniYa2Q07QzIgVxTwH/gy
4qZnGaOPi+BTwMWG9/h5kbbdVBZ/PdpmzzGw2qcfFA4SotA4xj9cyw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtVGJUVUNRWjdlbkd2eUtt
MXltYjFQN1VrRWs4UkUyNGF5RXdkbndzOHg4CjhLazVwV2JxVUNLWkNRdkRyZUsz
MkJXWW9sYk9xcXFXZW01dER6V3pzbEEKLS0tIExFbWZucXE0d1lDcFJLdTY1ZkJk
czU3YjNsbjNORm9RazRMSGM3U2hmODgKX1e8G/Ld2diBR5flF/33E0h0hbaxoKVy
6UAQJN9pVlPPgo6PBDiyGHK3Qt8eg7bKoc1lYjhHYmO7uh/2C9TA6A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hqe5hs2jz2fk5zvw346ajhwlagkheunacahpu42uruxu0nlnwy7qn9q5k6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNjQzMVl4cVNWWWlJMnl4
cWdYRE5va0ZhM2pRY21Nb0NFcnVqMjc5ZlhjCllUOFNNZ3oyUzRVUzE5Q0J2aGI0
ak1GR1lvdVNzSEJxNUJRKzBSOU15K2cKLS0tIGE5V09lVmVwUHhuVUZDWDljNDYx
TlZpeGU5YnF0V3V4T1drYTJGcC96MUUK89QI1fgqaMqgqjnTkokuQIvUEOLznHE7
EanxjY1iez8dKrgdm67GHRPtd54m7wckDnAvENq7FxwOAyZrmnfW7w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQ0pZZjdJMjh0cWVRWSsv
anUwQzlMbHUvNlpQaEFPWG42VTV4dENiRkRRCnpOSDZCK2c3M0IzcERld2txMkY4
WC9GMkwzQUR3WUFoMDN3VEd3ekVGOEUKLS0tIGs1NERjSWZteUJqUXpuNjRucXk1
VlBZdDlHdWpaM05DUFMwZWNNajJmZHcKRRpmco1pRfS31nCshqqvF3UNtG2ajSkB
LMOozuNa4u0zsEcr9y0FzYnUfUFTEkmvbcuXSUlm9krnlndH2imzLw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fz3fm09mpur0r5pp43tyuzemkx3f0gfwtgfxj6usv28apq8pfc6qnw3z2s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUGdCaThNU2F6Q1BWbHNZ
c29lZzg1STZBNXk3TzBlZVY2SzdlNlpQYWtzCm9RS1psdVlINkk0UjVTME9SRFpJ
RnNIZEVmQm5pQVNOWU5LL0NlMnQwVzgKLS0tIHlPMEhRK0pkQ2UrWUhYeTlOQjJa
UmRQcTVpeVVEMGVCTVh5Sk1TaXF6a0EKuI32xWBrxE953zifNzmacf7T/Pg5dpNM
iwPOWfw8mTQhY8DDZf4RRK/4cdbDPnl8GXH8KGIAnyxEqh6iECq1UQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age12xhv7z8w3zaq2c0mf940a8afnardplye9fd6p2m5ynnck3k7vd7q00sqjy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNHMwc1lCYVlTVktOVnpT
NWZydmtZY0NFOEdKcjBoeFl4VjBuOFJnclZrCmxNdTRqUmdoUUU0UG9pUFA5bHBk
clZsNERPV2p3R3pMQ3Y1NmRUWkVWZU0KLS0tIEdjZFpIK3JoYjlxRVhKcmxpN2lh
MkhXb1BSVGJJOFhWQ2NjWDFUdm5HczgKMByO5trpPmju/1JOpIu/OWnLsoNE7fmX
9807+BALsXiS/GXw4Ys1zPD8SNzQyIUR/YMd43Ks/PFzTVCJFn8asw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g0h4fhgnfr7zvp3mqa32u24k4nlfpqmk4dvl5pwnj7t3m6zl2cfs3mw7ht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUanl3SGxnaGo3U2NXbTJC
eWVybFk5MXhYZENhUXAzNndYMExQd2lkNFVnCjlLK1Jzb0o3bEZteWhtSkJtMVpO
cjBQWmttUW51dEpvVUdYQjhGMy90WDAKLS0tIFhmeDZGYjN2Wm1iSVpDQTRnSHRx
UVhWQjN6V25XUU13ZVdMRGxtNFFOcWsKVAjwpu+4dp5yejW5UF7T1fiCv7HJl/vx
s+IdLZh3YmFNfqp1GAF2A+pp8gLHR5HmuUsldbSy0lgb773NHSrOLA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13ekyvn5ux7zyvclwlrpnhgauw5s6dzn538msjka8vpwhu535ychqa7dk7a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxVTBMclNGQU1RcG40WXBH
ZW1hMXdlZzRrMUJlbjR1UWpZVTRmdnJRT2pnCjFUT3BSOUtGOUpXeDJsYUx0cmFx
Skl3ZFMxMWo4TlA2b25sVk1pcDhKL00KLS0tIDBid2JNUHFTTVFFSkI1bHo1b3Fs
bEdXYVBZcTc1d2FWY0tMVUZibTJvcDgKEMP2T9YL3tvMggk0ysLeJPm48pJzub06
6Mhcfh+jvgitqfRGvWa2r14xzWuFLjI6v//rVw56IH5usAdiaPm/PA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-14T19:55:31Z"
mac: ENC[AES256_GCM,data:OJ2vp00y6k/KDJ1jqyK4/QAt383Mi4mP/cnLTS4OOiZzNhujIAFLg5l/STdPrZe7y4GuczH08+kzSUgENwwYQApYEzupKsd+TUyXWYQzVuXX2pmrkVJD9umdsGt/gY3P7ykxM3gaN5SeflJIij/MQSlnuvYPVuI1dyCnyPnK6aE=,iv:on00K4KOk43Js8+/wPcU0e6qwwlZP4q2uiHc9hHYalQ=,tag:8JW4EhictAqOSzpk1h9oBg==,type:str]
pgp:
- created_at: "2023-06-14T20:06:20Z"
- created_at: "2023-07-05T12:24:40Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA9JutVRDNegnAQ/6A/jLsJmB/g5nWE/Fu//krIkf9dw9a4hM1juKT2IxfDue
HX/KUhMNvSPNWqQ49WJUJOzl0gCSIp8NyzZCztYRQ2/kLW5Vh0YA/ifS/jMv3dkx
mDhZikFsjw4aIhxobys3jb5WjrP0/Z7ASBegkSM5gONgu2RaereCPJXGT9rnZB8m
M2ZAiqLXf0qVcdUh1Wjbe23oqPFAGu9a7kZ1XntXGwTlrfJH0Rjq+xIs1UKNB2ux
v/gSC5xP0Fzed56PTv7k62CjSUqnSWlb98oJroQ+diK23wRwHGukvpGldId/nvUo
3JiY4/I/2LDQCu+8Thd7WvQ2K4J7ioG6TkMS3+9F4SMHuW0hOT4KrBblA04RYF/x
PRWCHrTVDZunzDW3boPZIR1i37KfgoYFA+5YlR8KaLWHXe8Tg4jVPrbzYTd7ggFd
96xnL4IsNabnLrihXg8+ir/w35bmY5wwwal3aGCNhCpWCQWDn/ZwsKtvAOmFOmqG
QkUjp95u/iW6AcahgjNy9IzNPVfzLqyzQrf/7jG/D/FD+r1t/6ShdARR5QxEQ85t
y7CcJ+vEuKQhAd0SP7oshZZ3cl1OpkEtl5rpdUiSRO3F7wWj8tu05PfDfr2OikUv
rgouK4NmvTX2y0PtJK2uX0BLNkNWgxjmvcpqZwQNDX6mNPd9L277YQCBQhXcu7zS
UQFMO7mn9rJx6jJzWlAL41CIXQ1VE+/uB8ZGJp//46QspaeGNPge5GQH3B7SvQq7
NjejELOh+2VJIWUSlykkTeWOmGK60luDuww3G8FTG+p55A==
=Tk8d
wcFMA9JutVRDNegnARAAnKof3fBDfMyYJGq1N3Bgy2zEJAaAd3Y5CAcEj0Q6AvId
QRKX7nNzptXDru+2rH1rQbt6l0yeTOlXnPGdghlk3tMxghh5umZaAJP8uyt+4krQ
1HquSCKylpJ43InPiaCNo3uBgDIcd2c841W/CRiL8yTzr7fm6UDTxq4m2y+vEgX7
qKS5smoAfsQDaCO/ZavaQr7jZqmI0z9sPbv8Hn4lLT7w361rsQrd05rxwCX+PVc1
EZ3XETzwtStkZqCHRGiYo91gcrm2TIkuVSUEGzvNhitA2d0oS0VcXe3EJtXNLQdw
3c8hfZeOmybwFUnGe8UhWX3e4iEpbgdHCP5qYea/JLTpWV5YtWErUPJDRl+xgsDA
9ofychP4SMVSIsSBz6iagA6VMJFrAXo3aqluTOyYkCF3U+mFMfkdbTT8u46qX0ve
ghuTdpTU3KmaNR9+KLaEIPuLYfhcir3LItA/2+cWjCxsx6bSxhprpo32NoVSdmx0
4PZUF1G/9pOJiWqOndOrMPHFUao6yt3Lm+WwCNNGccad3ySW0zCdKWYVOSMyC5Ql
FTyXlYgrzfxO1tBT1hwKeRP8eT28P0bEhS1wuju3Mnri+KsWkTKa/T7ospdJObQC
J61htquYKL+pHRvocK/TFSA2d4fJh1PRXb9g4uejzmMdHWcXON0PMP94wWjc4FzS
UQGxa2X0HtkLsRkF2RqCTYqcvQGO1NuzhGguYG4He3IJhVdxlWV+qKRJT67+DJxa
Rf9gFLj6DZ95L09f31tJHbWXKl8idKLSGr81rk5wkyi59w==
=uS2I
-----END PGP MESSAGE-----
fp: F7B8DCE46BC6B0A8F95477C8563B8DFE2A0E2029
unencrypted_suffix: _unencrypted

7
secrets/wbob.yaml
View file

@ -1,7 +1,8 @@
borg.priv: ENC[AES256_GCM,data:AkhsyDg9ryOfS5qnK9UBf4BAhg+rBTcvRJrBKiO5WQAHMFUYbFQ9VqONZWk1Z/+HYdUhXFyih6hH4WMGOvb7Rk0JgCPoZjFFdMkcKZ157HQxgiattFIqcFmuD3R1KWDGjKX4pEYjPRPEqalesoiI2e73EyFRmEfDF3KIu558y7FXWFGXUrEBLzi1kdyqs3OM4n5Ze27FFWf17VGe9Pu66aZPLYP7jaKxZKq+E3baXPsl/1F65oTsaNHq1BSLmtol5lHfyx0O8RMuktfS+bpuov9w8wgyI7f/IwzPDDOgMomWn4no2ADXx/7ZJbqLULKkrYOUDFD7LyqNFA+mzQhW4Z1g7OiVwSZa8VSz8iUsgYxOw4ghfsGo9YmyPH/Ro7/ZJRlPFhSdQGMGcV4DlED8wDl1wg4J75C8fdyVWbxwDzXvhOfcGqNL2KaGsmbPFcbjzke0bCvmU58J4HJRQqwYNIZqf4+8tg2h2aF2prwpGrjzLYjYOcHRNRVuIR/U5DJ4x5+FNI1uq2smmHlF7TiD,iv:OK+qEal5ZRr33FbeTYhzA+38VlF7j3X9cI/pcKhWnYU=,tag:3FL/Y/l84hIl9LrF20iA9g==,type:str]
borg.pub: ENC[AES256_GCM,data:BAw0LgxQxYrl3zledLqPmg6cxSdGg8Jc5pWfyK5rJsMhaWl9MZlKdxb0aDD7hCWSflqh44kvKfzvG5Kas9DZ/A4Ebv4v1tgbfpUViqN/eyCCiNdCuJCibOsZ,iv:3dbmKrM5kPVFrmhqw5rIex3Z7RkUMKdz4/c8z4U48eQ=,tag:/RCFzGtz4Ci0iP+DMmNIsg==,type:str]
borg.pw: ENC[AES256_GCM,data:BLVPPuawSGx5F2A8/rDpx4hv7fAVSTdSPzU=,iv:Gjl6UQfosDRuIGTiFmGqBkQTz5q7jhtYhp4PwduRXeg=,tag:qj4ZrT+y0ODD41+teoyhfA==,type:str]
hashedPasswords.nix: ENC[AES256_GCM,data:eGXjBoMOFLBU5RQudkizUxGzrvkDgRMTcXcLstYAto/UwnhFqXDIhK8moLQD8Q3LrFPsrCI/uF1SK9+va9UU9fbc6XfiOj8OuZ+OC08+eY+jIljgevCSEoU+acSdy2sS9FA6B0DVB+dhH9tQgVTrBJrGHs51HJ9FAE4OHnMyXa40QOBGTXdawJafmvu0Pd51VazHlc1HSHzvzKVbFjEBF2CRhMjQ2D6UZMp38CdIJ9RAZgmFJGSyoJoQV+YTQK7x+NeXbBotAZpffaUmfjXpaaEsoinpBWdmdzoJrHxNXXT7cCRDR+DquoDZ3nFULT3u7GFDCVOIbR68cK8snkRBCoGUkCzVa/pJTtYk2quW3/TgC75lf8k0WmzCDW7FKFkw9I4LiyPhZ51qbE1FtMBVv/hvPBLTkiUT1e2AmkXxiJkTKy2lC5ag5/hZbIUJMF7Qx5qPdkT7ez9b8EUn6Pp6kEtMDwDkDiDE38hYkA==,iv:tEWR3zE2jwb1gNT9Tj5JDAjPxY8JvHPveAfRWgQQLRA=,tag:uR55yaqHdBuaAzYXdKdLyA==,type:str]
passwd:
kiosk: ENC[AES256_GCM,data:YcWwptGozxMZpqUvCSdrQ3Gi90PpUC6ydwR2kC5O7tLx4N+mxnF+sNekA768/o6lkZSOiUiS3zKaZy/pxyrbv/YUvR0utxyex3O5ngfz3/l6gpiELtBiLu3+4N6ZljpBiG1b0ENMq6QGv5o=,iv:jNgH6ZdHhy4FgNgppc3SVT6QIgs6++SAEFxH+uH4zCw=,tag:EHa4DMzTtdfEbezJBnenog==,type:str]
netdata-stream.conf: ENC[AES256_GCM,data:P0rvI7p474pbpvSnvpPdxeYpgSuj9Md2rqzHjhX2ZWgnfv3V317xyK+ZRwfwFBiIFgX2Drv/Il24VCkWm6PqQnJFcUyYfjDMxBq8x/XkdmhoIUhHflFOhXIXvWVkEY4apnuo3cPJJmppSTA=,iv:woZdvhHua8JnSct6uCFUtqq1hqpeuFL3MvkqKcxLWAI=,tag:8AZnb6qdK8QAX20rIxK0nA==,type:str]
retiolum.ed25519_key.priv: ENC[AES256_GCM,data:aebIRItPT5M/Cu0fD22K8QVFbrn1IfE/x3LAJxzu2oE6SUKzyNA3C+2adiRhe0R0hcyCTKNJSsIhrmGKFdbyWA7yIe/V5R0WGLM3YRELfCuBgugCMno5gcCK2kC387K7zsYh000DULFgfwPG82afSw+tJ9oC+h9UJ065KBQfh6/SOs6dkO8sYuKb2EpqweDhlkOTcaE4z+jXXpsqFJzQ7pmAzSSRwKvWKPHvDLTNgLFwYPmtqNcO/Tq8kxB7Z6oETq30p8304CU=,iv:fRd/M5SPbMIy3v+TtgLfEaUppe17jDMAuYjUBDBAYT8=,tag:phF+vbkEPuGp2PqIQUqXIQ==,type:str]
retiolum.ed25519_key.pub: ENC[AES256_GCM,data:rY3fgKxcskDcVHLX7IqL5qw2BHTzoE1K30hQDLyf7k9mDmgLrs5w8ciVjCN4B0qQoIMdEzlYOxEW15iHGxHT,iv:YA8Hais3Ridn8mgeENTyWykS/XQmtfKcNI22iKwR6ss=,tag:G9xZGuwZG9uFzqgY19y1Kg==,type:str]
@ -37,8 +38,8 @@ sops:
bTVZMWhISWRSd1g4QnFoTjZnQVNKdWcK0MN1a5EO1nt7Qcf/Eon/mucGvnZ7pMUZ
1Nv2qNt0w4OU0ZElIUK88rXr0CTjzaL1JWk9ruzxL5Z7V4Dk2uPnGw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-14T23:46:16Z"
mac: ENC[AES256_GCM,data:fF29polOe7785XeTFB5O3zpti74zNxMcL6HvUOgUG8klFO6wi6uziGDl0EuCIAs7A+6tjGkpYUqstgmOOibQDNYG0oclpvImI8PuhcUhbZpa6GIuh2a2swmlHLT2lZ0C42wbJMRVtr7hZvhRpZqqrzXIDtG5IAX+EQRKxFBWvTU=,iv:lNaNosuHKHiJwo6v0jcjeYtESv8THlzhTush1w3zY5w=,tag:BpaShGefZPZyDhVeq7ijYA==,type:str]
lastmodified: "2023-07-05T12:19:20Z"
mac: ENC[AES256_GCM,data:ehwvSRsOdiPINe0dU9aKteBDHckEeqzk1pTspKlDB/NhSV0hLbn71oQqXKY3z0RdXYDYuKKC3Tz8MhLVD/BDHTX7wSoFuODHBytGEsLVVOYK01xxHT6cyTJ2GcI5MT84pbwpbAPkkJWoE9Ai4sQGqzTXcUXC4BWULy5GNJPyofc=,iv:hkGexbE03jkqwjJ5bzFagsWlVFxs24KVHo4+9igns34=,tag:Hjbc3bVncbriIZeD/+YquA==,type:str]
pgp:
- created_at: "2023-07-02T20:53:14Z"
enc: |-