diff --git a/flake.lock b/flake.lock index 23a55e7..f9d60c6 100644 --- a/flake.lock +++ b/flake.lock @@ -388,11 +388,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1754897748, - "narHash": "sha256-835Ez+LG0vYZhSuVUreVwoL6qBk7EVtCGuPcluimlBE=", + "lastModified": 1755240913, + "narHash": "sha256-SSDNNnOjeON7DtoWL+8lDTordE6xqMgDOG2efoN2AaQ=", "ref": "refs/heads/main", - "rev": "148402e92b624b350a600cba8324a54ab014941d", - "revCount": 30, + "rev": "0cc52a34f20cd4de6d647986e1df1018aa8dbf82", + "revCount": 31, "type": "git", "url": "ssh://git@karaolidis.com/karaolidis/nix-secrets.git" }, diff --git a/hosts/common/configs/system/nix-install/install.sh b/hosts/common/configs/system/nix-install/install.sh index a7afd4b..1990e94 100644 --- a/hosts/common/configs/system/nix-install/install.sh +++ b/hosts/common/configs/system/nix-install/install.sh @@ -95,13 +95,13 @@ copy_secure_boot_keys() { SOPS_AGE_KEY_FILE="$flake/secrets/$key/key.txt" export SOPS_AGE_KEY_FILE - sops --decrypt --extract "['guid']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/GUID" - sops --decrypt --extract "['keys']['kek']['key']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.key" - sops --decrypt --extract "['keys']['kek']['pem']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.pem" - sops --decrypt --extract "['keys']['pk']['key']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.key" - sops --decrypt --extract "['keys']['pk']['pem']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.pem" - sops --decrypt --extract "['keys']['db']['key']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.key" - sops --decrypt --extract "['keys']['db']['pem']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.pem" + sops --decrypt --extract "['guid']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/GUID" + sops --decrypt --extract "['keys']['kek']['key']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.key" + sops --decrypt --extract "['keys']['kek']['pem']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.pem" + sops --decrypt --extract "['keys']['pk']['key']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.key" + sops --decrypt --extract "['keys']['pk']['pem']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.pem" + sops --decrypt --extract "['keys']['db']['key']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.key" + sops --decrypt --extract "['keys']['db']['pem']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.pem" chmod 400 "$root/persist/state/var/lib/sbctl/keys"/*/* diff --git a/hosts/common/configs/system/nix/default.nix b/hosts/common/configs/system/nix/default.nix index 9b81042..d132b12 100644 --- a/hosts/common/configs/system/nix/default.nix +++ b/hosts/common/configs/system/nix/default.nix @@ -2,8 +2,10 @@ { sops = { secrets = { - "git/credentials/github.com/public/username".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; - "git/credentials/github.com/public/password".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + "git/credentials/github.com/public/username".sopsFile = + "${inputs.secrets}/domains/personal/secrets.yaml"; + "git/credentials/github.com/public/password".sopsFile = + "${inputs.secrets}/domains/personal/secrets.yaml"; }; templates.nix-access-tokens = { diff --git a/hosts/common/configs/user/gui/darktable/default.nix b/hosts/common/configs/user/gui/darktable/default.nix index bba1a7e..3a9c7ba 100644 --- a/hosts/common/configs/user/gui/darktable/default.nix +++ b/hosts/common/configs/user/gui/darktable/default.nix @@ -82,6 +82,6 @@ in }; sops.secrets."jupiter/photos.karaolidis.com/admin".sopsFile = - "${inputs.secrets}/personal/secrets.yaml"; + "${inputs.secrets}/domains/personal/secrets.yaml"; }; } diff --git a/hosts/common/configs/user/gui/obsidian/default.nix b/hosts/common/configs/user/gui/obsidian/default.nix index 5fcea37..9a8a987 100644 --- a/hosts/common/configs/user/gui/obsidian/default.nix +++ b/hosts/common/configs/user/gui/obsidian/default.nix @@ -608,6 +608,7 @@ in } ) hmConfig.programs.obsidian.vaults; - sops.secrets."google/cloud/obsidian/geocoding".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sops.secrets."google/cloud/obsidian/geocoding".sopsFile = + "${inputs.secrets}/domains/personal/secrets.yaml"; }; } diff --git a/hosts/common/configs/user/gui/spicetify/default.nix b/hosts/common/configs/user/gui/spicetify/default.nix index 14a773d..fe09e25 100644 --- a/hosts/common/configs/user/gui/spicetify/default.nix +++ b/hosts/common/configs/user/gui/spicetify/default.nix @@ -64,7 +64,7 @@ in ]; }; - sops.secrets."spotify/username".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sops.secrets."spotify/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; xdg.configFile = { "spotify/prefs.init" = { diff --git a/hosts/elara/configs/ssh/default.nix b/hosts/elara/configs/ssh/default.nix index 5c17511..73c1070 100644 --- a/hosts/elara/configs/ssh/default.nix +++ b/hosts/elara/configs/ssh/default.nix @@ -11,13 +11,13 @@ in { sops.secrets = { "ssh/personal/key" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "ssh/key"; path = "/root/.ssh/ssh_personal_ed25519_key"; }; "ssh/sas/ed25519/key" = { - sopsFile = "${inputs.secrets}/sas/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "ssh/ed25519/key"; path = "/root/.ssh/ssh_sas_ed25519_key"; }; diff --git a/hosts/elara/users/nikara/configs/console/gpg/default.nix b/hosts/elara/users/nikara/configs/console/gpg/default.nix index 5c2012a..9347681 100644 --- a/hosts/elara/users/nikara/configs/console/gpg/default.nix +++ b/hosts/elara/users/nikara/configs/console/gpg/default.nix @@ -7,22 +7,22 @@ in home-manager.users.${user} = { sops.secrets = { "gpg/personal/key" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "gpg/key"; }; "gpg/personal/pass" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "gpg/pass"; }; "gpg/sas/key" = { - sopsFile = "${inputs.secrets}/sas/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "gpg/key"; }; "gpg/sas/pass" = { - sopsFile = "${inputs.secrets}/sas/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "gpg/pass"; }; }; diff --git a/hosts/elara/users/nikara/configs/console/podman/default.nix b/hosts/elara/users/nikara/configs/console/podman/default.nix index 0b7b53e..18759c2 100644 --- a/hosts/elara/users/nikara/configs/console/podman/default.nix +++ b/hosts/elara/users/nikara/configs/console/podman/default.nix @@ -13,17 +13,17 @@ in home-manager.users.${user}.sops = { secrets = { "registry/personal/git.karaolidis.com" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "registry/git.karaolidis.com"; }; "registry/personal/docker.io" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "registry/docker.io"; }; "registry/sas/cr.sas.com" = { - sopsFile = "${inputs.secrets}/sas/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "registry/cr.sas.com"; }; }; diff --git a/hosts/elara/users/nikara/configs/console/sas/default.nix b/hosts/elara/users/nikara/configs/console/sas/default.nix index 13a3ffe..8883084 100644 --- a/hosts/elara/users/nikara/configs/console/sas/default.nix +++ b/hosts/elara/users/nikara/configs/console/sas/default.nix @@ -2,7 +2,7 @@ { inputs, ... }: { home-manager.users.${user}.sops.secrets = { - "artifactory/cdp/user".sopsFile = "${inputs.secrets}/sas/secrets.yaml"; - "artifactory/cdp/password".sopsFile = "${inputs.secrets}/sas/secrets.yaml"; + "artifactory/cdp/user".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; + "artifactory/cdp/password".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; }; } diff --git a/hosts/elara/users/nikara/configs/console/ssh/default.nix b/hosts/elara/users/nikara/configs/console/ssh/default.nix index ff24a42..d2e95bf 100644 --- a/hosts/elara/users/nikara/configs/console/ssh/default.nix +++ b/hosts/elara/users/nikara/configs/console/ssh/default.nix @@ -15,55 +15,55 @@ in sops = { secrets = { "ssh/personal/key" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "ssh/key"; path = "${home}/.ssh/ssh_personal_ed25519_key"; }; "ssh/personal/pass" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "ssh/pass"; }; "ssh/sas/ed25519/key" = { - sopsFile = "${inputs.secrets}/sas/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "ssh/ed25519/key"; path = "${home}/.ssh/ssh_sas_ed25519_key"; }; "ssh/sas/ed25519/pass" = { - sopsFile = "${inputs.secrets}/sas/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "ssh/ed25519/pass"; }; "ssh/sas/rsa/key" = { - sopsFile = "${inputs.secrets}/sas/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "ssh/rsa/key"; path = "${home}/.ssh/ssh_sas_rsa_key"; }; "ssh/sas/rsa/pass" = { - sopsFile = "${inputs.secrets}/sas/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "ssh/rsa/pass"; }; "git/credentials/personal/git.karaolidis.com/admin/username" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "git/credentials/git.karaolidis.com/admin/username"; }; "git/credentials/personal/git.karaolidis.com/admin/password" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "git/credentials/git.karaolidis.com/admin/password"; }; "git/credentials/sas/github.com/admin/username" = { - sopsFile = "${inputs.secrets}/sas/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "git/credentials/github.com/admin/username"; }; "git/credentials/sas/github.com/admin/password" = { - sopsFile = "${inputs.secrets}/sas/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "git/credentials/github.com/admin/password"; }; }; diff --git a/hosts/elara/users/nikara/configs/console/viya4-orders-cli/default.nix b/hosts/elara/users/nikara/configs/console/viya4-orders-cli/default.nix index a1c042f..6f1403b 100644 --- a/hosts/elara/users/nikara/configs/console/viya4-orders-cli/default.nix +++ b/hosts/elara/users/nikara/configs/console/viya4-orders-cli/default.nix @@ -13,8 +13,8 @@ in { home-manager.users.${user} = { sops.secrets = { - "viya/orders-api/key".sopsFile = "${inputs.secrets}/sas/secrets.yaml"; - "viya/orders-api/secret".sopsFile = "${inputs.secrets}/sas/secrets.yaml"; + "viya/orders-api/key".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; + "viya/orders-api/secret".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; }; home.packages = [ selfPkgs.viya4-orders-cli ]; diff --git a/hosts/elara/users/nikara/default.nix b/hosts/elara/users/nikara/default.nix index 6e5a83e..feb5646 100644 --- a/hosts/elara/users/nikara/default.nix +++ b/hosts/elara/users/nikara/default.nix @@ -102,7 +102,7 @@ in # mkpasswd -s sops.secrets."${user}-password" = { - sopsFile = "${inputs.secrets}/sas/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "password"; neededForUsers = true; }; diff --git a/hosts/himalia/configs/ssh/default.nix b/hosts/himalia/configs/ssh/default.nix index fc4236e..ee12a3a 100644 --- a/hosts/himalia/configs/ssh/default.nix +++ b/hosts/himalia/configs/ssh/default.nix @@ -1,7 +1,7 @@ { inputs, ... }: { sops.secrets."ssh/key" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; path = "/root/.ssh/ssh_personal_ed25519_key"; }; diff --git a/hosts/himalia/users/nick/configs/console/gpg/default.nix b/hosts/himalia/users/nick/configs/console/gpg/default.nix index 9e8d630..6b0f468 100644 --- a/hosts/himalia/users/nick/configs/console/gpg/default.nix +++ b/hosts/himalia/users/nick/configs/console/gpg/default.nix @@ -6,8 +6,8 @@ in { home-manager.users.${user} = { sops.secrets = { - "gpg/key".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; - "gpg/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + "gpg/key".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + "gpg/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; }; programs.clipbook.bookmarks."GPG Passphrase".source = hmConfig.sops.secrets."gpg/pass".path; diff --git a/hosts/himalia/users/nick/configs/console/podman/default.nix b/hosts/himalia/users/nick/configs/console/podman/default.nix index ca22efc..c215f19 100644 --- a/hosts/himalia/users/nick/configs/console/podman/default.nix +++ b/hosts/himalia/users/nick/configs/console/podman/default.nix @@ -11,8 +11,8 @@ in { home-manager.users.${user}.sops = { secrets = { - "registry/git.karaolidis.com".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; - "registry/docker.io".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + "registry/git.karaolidis.com".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + "registry/docker.io".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; }; templates."containers-auth.json" = { diff --git a/hosts/himalia/users/nick/configs/console/ssh/default.nix b/hosts/himalia/users/nick/configs/console/ssh/default.nix index 68840e5..440c16f 100644 --- a/hosts/himalia/users/nick/configs/console/ssh/default.nix +++ b/hosts/himalia/users/nick/configs/console/ssh/default.nix @@ -14,17 +14,17 @@ in sops = { secrets = { "ssh/key" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; path = "${home}/.ssh/ssh_personal_ed25519_key"; }; - "ssh/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + "ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; "git/credentials/git.karaolidis.com/admin/username".sopsFile = - "${inputs.secrets}/personal/secrets.yaml"; + "${inputs.secrets}/domains/personal/secrets.yaml"; "git/credentials/git.karaolidis.com/admin/password".sopsFile = - "${inputs.secrets}/personal/secrets.yaml"; + "${inputs.secrets}/domains/personal/secrets.yaml"; }; templates."git/credentials" = { diff --git a/hosts/himalia/users/nick/default.nix b/hosts/himalia/users/nick/default.nix index 69dc828..c47d0a3 100644 --- a/hosts/himalia/users/nick/default.nix +++ b/hosts/himalia/users/nick/default.nix @@ -105,7 +105,7 @@ in # mkpasswd -s sops.secrets."${user}-password" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "password"; neededForUsers = true; }; diff --git a/hosts/installer/configs/ssh/default.nix b/hosts/installer/configs/ssh/default.nix index fc4236e..ee12a3a 100644 --- a/hosts/installer/configs/ssh/default.nix +++ b/hosts/installer/configs/ssh/default.nix @@ -1,7 +1,7 @@ { inputs, ... }: { sops.secrets."ssh/key" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; path = "/root/.ssh/ssh_personal_ed25519_key"; }; diff --git a/hosts/installer/users/nick/configs/console/gpg/default.nix b/hosts/installer/users/nick/configs/console/gpg/default.nix index 594c6af..4a0a226 100644 --- a/hosts/installer/users/nick/configs/console/gpg/default.nix +++ b/hosts/installer/users/nick/configs/console/gpg/default.nix @@ -2,7 +2,7 @@ { inputs, ... }: { home-manager.users.${user}.sops.secrets = { - "gpg/key".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; - "gpg/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + "gpg/key".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + "gpg/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; }; } diff --git a/hosts/installer/users/nick/configs/console/ssh/default.nix b/hosts/installer/users/nick/configs/console/ssh/default.nix index 660d20d..96882c4 100644 --- a/hosts/installer/users/nick/configs/console/ssh/default.nix +++ b/hosts/installer/users/nick/configs/console/ssh/default.nix @@ -14,17 +14,17 @@ in sops = { secrets = { "ssh/key" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; path = "${home}/.ssh/ssh_personal_ed25519_key"; }; - "ssh/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + "ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; "git/credentials/git.karaolidis.com/admin/username".sopsFile = - "${inputs.secrets}/personal/secrets.yaml"; + "${inputs.secrets}/domains/personal/secrets.yaml"; "git/credentials/git.karaolidis.com/admin/password".sopsFile = - "${inputs.secrets}/personal/secrets.yaml"; + "${inputs.secrets}/domains/personal/secrets.yaml"; }; templates."git/credentials" = { diff --git a/hosts/installer/users/nick/default.nix b/hosts/installer/users/nick/default.nix index ff9a850..cb6c031 100644 --- a/hosts/installer/users/nick/default.nix +++ b/hosts/installer/users/nick/default.nix @@ -45,7 +45,7 @@ in # mkpasswd -s sops.secrets."${user}-password" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "password"; neededForUsers = true; }; diff --git a/hosts/jupiter-vps/configs/ssh/default.nix b/hosts/jupiter-vps/configs/ssh/default.nix index fc4236e..ee12a3a 100644 --- a/hosts/jupiter-vps/configs/ssh/default.nix +++ b/hosts/jupiter-vps/configs/ssh/default.nix @@ -1,7 +1,7 @@ { inputs, ... }: { sops.secrets."ssh/key" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; path = "/root/.ssh/ssh_personal_ed25519_key"; }; diff --git a/hosts/jupiter-vps/default.nix b/hosts/jupiter-vps/default.nix index 2aa2c29..0148a80 100644 --- a/hosts/jupiter-vps/default.nix +++ b/hosts/jupiter-vps/default.nix @@ -31,5 +31,7 @@ environment.impermanence.enable = lib.mkForce false; - users.users.root.openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/personal/id_ed25519.pub" ]; + users.users.root.openssh.authorizedKeys.keyFiles = [ + "${inputs.secrets}/domains/personal/id_ed25519.pub" + ]; } diff --git a/hosts/jupiter/configs/ssh/default.nix b/hosts/jupiter/configs/ssh/default.nix index fc4236e..ee12a3a 100644 --- a/hosts/jupiter/configs/ssh/default.nix +++ b/hosts/jupiter/configs/ssh/default.nix @@ -1,7 +1,7 @@ { inputs, ... }: { sops.secrets."ssh/key" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; path = "/root/.ssh/ssh_personal_ed25519_key"; }; diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index 09162ce..1961aca 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -64,5 +64,7 @@ "v /mnt/storage/private 0755 root root - -" ]; - users.users.root.openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/personal/id_ed25519.pub" ]; + users.users.root.openssh.authorizedKeys.keyFiles = [ + "${inputs.secrets}/domains/personal/id_ed25519.pub" + ]; } diff --git a/hosts/jupiter/users/nick/configs/console/podman/default.nix b/hosts/jupiter/users/nick/configs/console/podman/default.nix index be839b3..6937132 100644 --- a/hosts/jupiter/users/nick/configs/console/podman/default.nix +++ b/hosts/jupiter/users/nick/configs/console/podman/default.nix @@ -10,7 +10,7 @@ let in { home-manager.users.${user}.sops = { - secrets."registry/docker.io".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + secrets."registry/docker.io".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; templates.containers-auth = { content = builtins.readFile ( diff --git a/hosts/jupiter/users/nick/configs/console/ssh/default.nix b/hosts/jupiter/users/nick/configs/console/ssh/default.nix index 8e9ba22..1666201 100644 --- a/hosts/jupiter/users/nick/configs/console/ssh/default.nix +++ b/hosts/jupiter/users/nick/configs/console/ssh/default.nix @@ -4,11 +4,11 @@ home-manager.users.${user} = { sops.secrets = { "ssh/key" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; path = "${home}/.ssh/ssh_personal_ed25519_key"; }; - "ssh/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + "ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; }; }; } diff --git a/hosts/jupiter/users/nick/default.nix b/hosts/jupiter/users/nick/default.nix index 07beeab..be23851 100644 --- a/hosts/jupiter/users/nick/default.nix +++ b/hosts/jupiter/users/nick/default.nix @@ -44,7 +44,7 @@ in # mkpasswd -s sops.secrets."${user}-password" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "password"; neededForUsers = true; }; @@ -63,7 +63,7 @@ in ]; linger = true; uid = lib.strings.toInt (builtins.readFile ./uid); - openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/personal/id_ed25519.pub" ]; + openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/domains/personal/id_ed25519.pub" ]; }; home-manager.users.${user}.home = { diff --git a/hosts/jupiter/users/storm/configs/console/podman/default.nix b/hosts/jupiter/users/storm/configs/console/podman/default.nix index 1e631eb..f359b57 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/default.nix @@ -40,7 +40,7 @@ in ]; sops = { - secrets."registry/docker.io".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + secrets."registry/docker.io".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; templates.containers-auth = { content = builtins.readFile ( diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/default.nix b/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/default.nix index e935426..06d83f9 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/default.nix @@ -20,8 +20,8 @@ in "jellyfin/admin".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "jellyfin/authelia/password".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "jellyfin/authelia/digest".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; - "opensubtitles/username".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; - "opensubtitles/password".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + "opensubtitles/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + "opensubtitles/password".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; }; templates = { diff --git a/hosts/jupiter/users/storm/configs/console/podman/shlink/default.nix b/hosts/jupiter/users/storm/configs/console/podman/shlink/default.nix index bfd203b..6b7db0f 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/shlink/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/shlink/default.nix @@ -17,7 +17,7 @@ in secrets = { "shlink/postgresql".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "shlink/apiKey".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; - "maxmind/licenseKey".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + "maxmind/licenseKey".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; }; templates = { diff --git a/hosts/jupiter/users/storm/configs/console/podman/sish/default.nix b/hosts/jupiter/users/storm/configs/console/podman/sish/default.nix index a0143c4..35854b5 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/sish/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/sish/default.nix @@ -33,8 +33,8 @@ in authorizedKeys = pkgs.writeTextFile { name = "authorized_keys"; text = lib.strings.concatStringsSep "\n" [ - (builtins.readFile "${inputs.secrets}/personal/id_ed25519.pub") - (builtins.readFile "${inputs.secrets}/sas/id_globalprotect_ed25519.pub") + (builtins.readFile "${inputs.secrets}/domains/personal/id_ed25519.pub") + (builtins.readFile "${inputs.secrets}/domains/sas/id_globalprotect_ed25519.pub") ]; }; in diff --git a/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix b/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix index c9f80f1..3362214 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix @@ -25,7 +25,7 @@ in home-manager.users.${user} = { sops = { - secrets."cloudflare/letsencrypt".sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + secrets."cloudflare/letsencrypt".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; templates.traefik-env.content = '' CF_DNS_API_TOKEN=${hmConfig.sops.placeholder."cloudflare/letsencrypt"} ''; diff --git a/hosts/jupiter/users/storm/default.nix b/hosts/jupiter/users/storm/default.nix index 999d510..70c97ea 100644 --- a/hosts/jupiter/users/storm/default.nix +++ b/hosts/jupiter/users/storm/default.nix @@ -31,7 +31,7 @@ in # mkpasswd -s sops.secrets."${user}-password" = { - sopsFile = "${inputs.secrets}/personal/secrets.yaml"; + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "password"; neededForUsers = true; }; @@ -53,7 +53,7 @@ in group = user; autoSubUidGidRange = true; useDefaultShell = true; - openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/personal/id_ed25519.pub" ]; + openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/domains/personal/id_ed25519.pub" ]; }; groups.${user}.gid = lib.strings.toInt (builtins.readFile ./uid); diff --git a/lib/scripts/add-host.sh b/lib/scripts/add-host.sh index 6d1f9e8..6f649d0 100755 --- a/lib/scripts/add-host.sh +++ b/lib/scripts/add-host.sh @@ -20,7 +20,7 @@ keys: - hosts: - &$host $age_key - namespaces: - - &personal $(age-keygen -y ./secrets/personal/key.txt | tr -d '\n') + - &personal $(age-keygen -y ./secrets/domains/personal/key.txt | tr -d '\n') creation_rules: - path_regex: .+\.(yaml|yml|json|env|ini|bin) diff --git a/packages/comentario/default.nix b/packages/comentario/default.nix index a139faa..b4e748e 100644 --- a/packages/comentario/default.nix +++ b/packages/comentario/default.nix @@ -69,7 +69,7 @@ pkgs.buildGoModule (finalAttrs: { installPhase = '' mkdir -p $out/bin $out/lib/${finalAttrs.pname} - cp -r "$GOPATH/bin/${finalAttrs.pname}" $out/bin/${finalAttrs.pname} + cp -r $GOPATH/bin/comentario $out/bin/${finalAttrs.pname} cp -r db templates $out/lib/${finalAttrs.pname} wrapProgram $out/bin/${finalAttrs.pname} \ diff --git a/packages/prometheus-fail2ban-exporter/default.nix b/packages/prometheus-fail2ban-exporter/default.nix index 67ad430..88fdb0c 100644 --- a/packages/prometheus-fail2ban-exporter/default.nix +++ b/packages/prometheus-fail2ban-exporter/default.nix @@ -26,6 +26,6 @@ pkgs.buildGoModule (finalAttrs: { installPhase = '' mkdir -p $out/bin - cp -r "$GOPATH/bin/fail2ban-prometheus-exporter" $out/bin/prometheus-fail2ban-exporter + cp -r $GOPATH/bin/fail2ban-prometheus-exporter $out/bin/prometheus-fail2ban-exporter ''; }) diff --git a/packages/sas/viya4-orders-cli/default.nix b/packages/sas/viya4-orders-cli/default.nix index 2492dc6..0f20891 100644 --- a/packages/sas/viya4-orders-cli/default.nix +++ b/packages/sas/viya4-orders-cli/default.nix @@ -23,7 +23,7 @@ pkgs.buildGoModule (finalAttrs: { installPhase = '' mkdir -p $out/bin - cp "$GOPATH/bin/viya4-orders-cli" $out/bin/viya4-orders-cli + cp $GOPATH/bin/viya4-orders-cli $out/bin/viya4-orders-cli ''; meta.mainProgram = finalAttrs.pname; diff --git a/secrets b/secrets index 148402e..0cc52a3 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit 148402e92b624b350a600cba8324a54ab014941d +Subproject commit 0cc52a34f20cd4de6d647986e1df1018aa8dbf82