Refactor secrets

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-01-17 14:26:50 +00:00
parent 8f83098f93
commit 8a9355183d
8 changed files with 54 additions and 14 deletions
--- a/hosts/eirene/users/nick/default.nix
+++ b/hosts/eirene/users/nick/default.nix
@@ -108,14 +108,16 @@ in
    };

    sops.secrets = {
-      "ssh/personal/key" = {
+      "ssh/key" = {
        sopsFile = ../../../../secrets/personal/secrets.yaml;
        path = "${home}/.ssh/ssh_personal_ed25519_key";
      };
-      "ssh/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;

-      "gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
-      "gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
+      "ssh/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
+
+      "gpg/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
+
+      "gpg/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
    };

    theme.wallpaper = ../../../../static/wallpapers/clouds.png;
--- a/hosts/elara/configs/git/default.nix
+++ b/hosts/elara/configs/git/default.nix
@@ -2,6 +2,7 @@
 {
  sops.secrets."ssh/sas/key" = {
    sopsFile = ../../../../secrets/sas/secrets.yaml;
+    key = "ssh/key";
    path = "/root/.ssh/ssh_sas_ed25519_key";
  };

--- a/hosts/elara/users/nikara/configs/console/docker/default.nix
+++ b/hosts/elara/users/nikara/configs/console/docker/default.nix
@@ -5,4 +5,11 @@
 { lib, ... }:
 {
  virtualisation.docker.rootless.enable = lib.mkForce false;
+
+  sops.secrets = {
+    "docker" = {
+      sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
+      path = "${home}/.config/docker/config.json";
+    };
+  };
 }
--- a/hosts/elara/users/nikara/configs/console/git/default.nix
+++ b/hosts/elara/users/nikara/configs/console/git/default.nix
@@ -11,6 +11,7 @@
        sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
        path = "${home}/.config/git/credentials";
      };
+
      "git/cookies" = {
        sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
        path = "${home}/.config/git/cookies";
--- a/hosts/elara/users/nikara/configs/console/kubernetes/default.nix
+++ b/hosts/elara/users/nikara/configs/console/kubernetes/default.nix
@@ -28,10 +28,12 @@
        sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
        path = "${home}/.kube/d90270";
      };
+
      "kubeconfig/d90271" = {
        sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
        path = "${home}/.kube/d90271";
      };
+
      "kubeconfig/d90272" = {
        sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
        path = "${home}/.kube/d90272";
--- a/hosts/elara/users/nikara/default.nix
+++ b/hosts/elara/users/nikara/default.nix
@@ -114,22 +114,46 @@ in
      # Personal
      "ssh/personal/key" = {
        sopsFile = ../../../../secrets/personal/secrets.yaml;
+        key = "ssh/key";
        path = "${home}/.ssh/ssh_personal_ed25519_key";
      };
-      "ssh/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;

-      "gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
-      "gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
+      "ssh/personal/pass" = {
+        sopsFile = ../../../../secrets/personal/secrets.yaml;
+        key = "ssh/pass";
+      };
+
+      "gpg/personal/key" = {
+        sopsFile = ../../../../secrets/personal/secrets.yaml;
+        key = "gpg/key";
+      };
+
+      "gpg/personal/pass" = {
+        sopsFile = ../../../../secrets/personal/secrets.yaml;
+        key = "gpg/pass";
+      };

      # SAS
      "ssh/sas/key" = {
        sopsFile = ../../../../secrets/sas/secrets.yaml;
+        key = "ssh/key";
        path = "${home}/.ssh/ssh_sas_ed25519_key";
      };
-      "ssh/sas/pass".sopsFile = ../../../../secrets/sas/secrets.yaml;

-      "gpg/sas/key".sopsFile = ../../../../secrets/sas/secrets.yaml;
-      "gpg/sas/pass".sopsFile = ../../../../secrets/sas/secrets.yaml;
+      "ssh/sas/pass" = {
+        sopsFile = ../../../../secrets/sas/secrets.yaml;
+        key = "ssh/pass";
+      };
+
+      "gpg/sas/key" = {
+        sopsFile = ../../../../secrets/sas/secrets.yaml;
+        key = "gpg/key";
+      };
+
+      "gpg/sas/pass" = {
+        sopsFile = ../../../../secrets/sas/secrets.yaml;
+        key = "gpg/pass";
+      };
    };

    theme.wallpaper = ../../../../static/wallpapers/snow.jpg;
--- a/hosts/installer/users/nick/configs/console/git/default.nix
+++ b/hosts/installer/users/nick/configs/console/git/default.nix
@@ -10,6 +10,7 @@
        sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
        path = "${home}/.config/git/credentials";
      };
+
      "git/cookies" = {
        sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
        path = "${home}/.config/git/cookies";
--- a/hosts/installer/users/nick/default.nix
+++ b/hosts/installer/users/nick/default.nix
@@ -61,14 +61,16 @@ in
    };

    sops.secrets = {
-      "ssh/personal/key" = {
+      "ssh/key" = {
        sopsFile = ../../../../secrets/personal/secrets.yaml;
        path = "${home}/.ssh/ssh_personal_ed25519_key";
      };
-      "ssh/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;

-      "gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
-      "gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
+      "ssh/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
+
+      "gpg/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
+
+      "gpg/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
    };
  };
 }