From 8a9355183d33f5597868420022b9685c9f6a32a1 Mon Sep 17 00:00:00 2001 From: Nikolaos Karaolidis Date: Fri, 17 Jan 2025 14:26:50 +0000 Subject: [PATCH] Refactor secrets Signed-off-by: Nikolaos Karaolidis --- hosts/eirene/users/nick/default.nix | 10 +++--- hosts/elara/configs/git/default.nix | 1 + .../nikara/configs/console/docker/default.nix | 7 ++++ .../nikara/configs/console/git/default.nix | 1 + .../configs/console/kubernetes/default.nix | 2 ++ hosts/elara/users/nikara/default.nix | 36 +++++++++++++++---- .../nick/configs/console/git/default.nix | 1 + hosts/installer/users/nick/default.nix | 10 +++--- 8 files changed, 54 insertions(+), 14 deletions(-) diff --git a/hosts/eirene/users/nick/default.nix b/hosts/eirene/users/nick/default.nix index ed7a054..53dcb4a 100644 --- a/hosts/eirene/users/nick/default.nix +++ b/hosts/eirene/users/nick/default.nix @@ -108,14 +108,16 @@ in }; sops.secrets = { - "ssh/personal/key" = { + "ssh/key" = { sopsFile = ../../../../secrets/personal/secrets.yaml; path = "${home}/.ssh/ssh_personal_ed25519_key"; }; - "ssh/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; - "gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml; - "gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; + "ssh/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; + + "gpg/key".sopsFile = ../../../../secrets/personal/secrets.yaml; + + "gpg/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; }; theme.wallpaper = ../../../../static/wallpapers/clouds.png; diff --git a/hosts/elara/configs/git/default.nix b/hosts/elara/configs/git/default.nix index 5d83038..bf0ef90 100644 --- a/hosts/elara/configs/git/default.nix +++ b/hosts/elara/configs/git/default.nix @@ -2,6 +2,7 @@ { sops.secrets."ssh/sas/key" = { sopsFile = ../../../../secrets/sas/secrets.yaml; + key = "ssh/key"; path = "/root/.ssh/ssh_sas_ed25519_key"; }; diff --git a/hosts/elara/users/nikara/configs/console/docker/default.nix b/hosts/elara/users/nikara/configs/console/docker/default.nix index 902018e..ff9dbb9 100644 --- a/hosts/elara/users/nikara/configs/console/docker/default.nix +++ b/hosts/elara/users/nikara/configs/console/docker/default.nix @@ -5,4 +5,11 @@ { lib, ... }: { virtualisation.docker.rootless.enable = lib.mkForce false; + + sops.secrets = { + "docker" = { + sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + path = "${home}/.config/docker/config.json"; + }; + }; } diff --git a/hosts/elara/users/nikara/configs/console/git/default.nix b/hosts/elara/users/nikara/configs/console/git/default.nix index 82e2dac..a7c23fb 100644 --- a/hosts/elara/users/nikara/configs/console/git/default.nix +++ b/hosts/elara/users/nikara/configs/console/git/default.nix @@ -11,6 +11,7 @@ sopsFile = ../../../../../../../secrets/personal/secrets.yaml; path = "${home}/.config/git/credentials"; }; + "git/cookies" = { sopsFile = ../../../../../../../secrets/personal/secrets.yaml; path = "${home}/.config/git/cookies"; diff --git a/hosts/elara/users/nikara/configs/console/kubernetes/default.nix b/hosts/elara/users/nikara/configs/console/kubernetes/default.nix index 49dbf52..eabf562 100644 --- a/hosts/elara/users/nikara/configs/console/kubernetes/default.nix +++ b/hosts/elara/users/nikara/configs/console/kubernetes/default.nix @@ -28,10 +28,12 @@ sopsFile = ../../../../../../../secrets/sas/secrets.yaml; path = "${home}/.kube/d90270"; }; + "kubeconfig/d90271" = { sopsFile = ../../../../../../../secrets/sas/secrets.yaml; path = "${home}/.kube/d90271"; }; + "kubeconfig/d90272" = { sopsFile = ../../../../../../../secrets/sas/secrets.yaml; path = "${home}/.kube/d90272"; diff --git a/hosts/elara/users/nikara/default.nix b/hosts/elara/users/nikara/default.nix index 5a6742a..79ea709 100644 --- a/hosts/elara/users/nikara/default.nix +++ b/hosts/elara/users/nikara/default.nix @@ -114,22 +114,46 @@ in # Personal "ssh/personal/key" = { sopsFile = ../../../../secrets/personal/secrets.yaml; + key = "ssh/key"; path = "${home}/.ssh/ssh_personal_ed25519_key"; }; - "ssh/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; - "gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml; - "gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; + "ssh/personal/pass" = { + sopsFile = ../../../../secrets/personal/secrets.yaml; + key = "ssh/pass"; + }; + + "gpg/personal/key" = { + sopsFile = ../../../../secrets/personal/secrets.yaml; + key = "gpg/key"; + }; + + "gpg/personal/pass" = { + sopsFile = ../../../../secrets/personal/secrets.yaml; + key = "gpg/pass"; + }; # SAS "ssh/sas/key" = { sopsFile = ../../../../secrets/sas/secrets.yaml; + key = "ssh/key"; path = "${home}/.ssh/ssh_sas_ed25519_key"; }; - "ssh/sas/pass".sopsFile = ../../../../secrets/sas/secrets.yaml; - "gpg/sas/key".sopsFile = ../../../../secrets/sas/secrets.yaml; - "gpg/sas/pass".sopsFile = ../../../../secrets/sas/secrets.yaml; + "ssh/sas/pass" = { + sopsFile = ../../../../secrets/sas/secrets.yaml; + key = "ssh/pass"; + }; + + "gpg/sas/key" = { + sopsFile = ../../../../secrets/sas/secrets.yaml; + key = "gpg/key"; + }; + + "gpg/sas/pass" = { + sopsFile = ../../../../secrets/sas/secrets.yaml; + key = "gpg/pass"; + }; }; theme.wallpaper = ../../../../static/wallpapers/snow.jpg; diff --git a/hosts/installer/users/nick/configs/console/git/default.nix b/hosts/installer/users/nick/configs/console/git/default.nix index 9b0dbef..9397663 100644 --- a/hosts/installer/users/nick/configs/console/git/default.nix +++ b/hosts/installer/users/nick/configs/console/git/default.nix @@ -10,6 +10,7 @@ sopsFile = ../../../../../../../secrets/personal/secrets.yaml; path = "${home}/.config/git/credentials"; }; + "git/cookies" = { sopsFile = ../../../../../../../secrets/personal/secrets.yaml; path = "${home}/.config/git/cookies"; diff --git a/hosts/installer/users/nick/default.nix b/hosts/installer/users/nick/default.nix index 190153d..0ed8193 100644 --- a/hosts/installer/users/nick/default.nix +++ b/hosts/installer/users/nick/default.nix @@ -61,14 +61,16 @@ in }; sops.secrets = { - "ssh/personal/key" = { + "ssh/key" = { sopsFile = ../../../../secrets/personal/secrets.yaml; path = "${home}/.ssh/ssh_personal_ed25519_key"; }; - "ssh/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; - "gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml; - "gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; + "ssh/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; + + "gpg/key".sopsFile = ../../../../secrets/personal/secrets.yaml; + + "gpg/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; }; }; }