karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor secrets

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-01-17 14:26:50 +00:00
parent 8f83098f93
commit 8a9355183d
8 changed files with 54 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
hosts/eirene/users/nick/default.nix
View File

@@ -108,14 +108,16 @@ in
}; };
sops.secrets = { sops.secrets = {
"ssh/personal/key" = { "ssh/key" = {
sopsFile = ../../../../secrets/personal/secrets.yaml; sopsFile = ../../../../secrets/personal/secrets.yaml;
path = "${home}/.ssh/ssh_personal_ed25519_key"; path = "${home}/.ssh/ssh_personal_ed25519_key";
}; };
"ssh/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml; "ssh/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
}; };
theme.wallpaper = ../../../../static/wallpapers/clouds.png; theme.wallpaper = ../../../../static/wallpapers/clouds.png;

1
hosts/elara/configs/git/default.nix
View File

@@ -2,6 +2,7 @@
{ {
sops.secrets."ssh/sas/key" = { sops.secrets."ssh/sas/key" = {
sopsFile = ../../../../secrets/sas/secrets.yaml; sopsFile = ../../../../secrets/sas/secrets.yaml;
key = "ssh/key";
path = "/root/.ssh/ssh_sas_ed25519_key"; path = "/root/.ssh/ssh_sas_ed25519_key";
}; };

7
hosts/elara/users/nikara/configs/console/docker/default.nix
View File

@@ -5,4 +5,11 @@
{ lib, ... }: { lib, ... }:
{ {
virtualisation.docker.rootless.enable = lib.mkForce false; virtualisation.docker.rootless.enable = lib.mkForce false;
sops.secrets = {
"docker" = {
sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
path = "${home}/.config/docker/config.json";
};
};
} }

1
hosts/elara/users/nikara/configs/console/git/default.nix
View File

@@ -11,6 +11,7 @@
sopsFile = ../../../../../../../secrets/personal/secrets.yaml; sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
path = "${home}/.config/git/credentials"; path = "${home}/.config/git/credentials";
}; };
"git/cookies" = { "git/cookies" = {
sopsFile = ../../../../../../../secrets/personal/secrets.yaml; sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
path = "${home}/.config/git/cookies"; path = "${home}/.config/git/cookies";

2
hosts/elara/users/nikara/configs/console/kubernetes/default.nix
View File

@@ -28,10 +28,12 @@
sopsFile = ../../../../../../../secrets/sas/secrets.yaml; sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
path = "${home}/.kube/d90270"; path = "${home}/.kube/d90270";
}; };
"kubeconfig/d90271" = { "kubeconfig/d90271" = {
sopsFile = ../../../../../../../secrets/sas/secrets.yaml; sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
path = "${home}/.kube/d90271"; path = "${home}/.kube/d90271";
}; };
"kubeconfig/d90272" = { "kubeconfig/d90272" = {
sopsFile = ../../../../../../../secrets/sas/secrets.yaml; sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
path = "${home}/.kube/d90272"; path = "${home}/.kube/d90272";

36
hosts/elara/users/nikara/default.nix
View File

@@ -114,22 +114,46 @@ in
# Personal # Personal
"ssh/personal/key" = { "ssh/personal/key" = {
sopsFile = ../../../../secrets/personal/secrets.yaml; sopsFile = ../../../../secrets/personal/secrets.yaml;
key = "ssh/key";
path = "${home}/.ssh/ssh_personal_ed25519_key"; path = "${home}/.ssh/ssh_personal_ed25519_key";
}; };
"ssh/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml; "ssh/personal/pass" = {
"gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; sopsFile = ../../../../secrets/personal/secrets.yaml;
key = "ssh/pass";
};
"gpg/personal/key" = {
sopsFile = ../../../../secrets/personal/secrets.yaml;
key = "gpg/key";
};
"gpg/personal/pass" = {
sopsFile = ../../../../secrets/personal/secrets.yaml;
key = "gpg/pass";
};
# SAS # SAS
"ssh/sas/key" = { "ssh/sas/key" = {
sopsFile = ../../../../secrets/sas/secrets.yaml; sopsFile = ../../../../secrets/sas/secrets.yaml;
key = "ssh/key";
path = "${home}/.ssh/ssh_sas_ed25519_key"; path = "${home}/.ssh/ssh_sas_ed25519_key";
}; };
"ssh/sas/pass".sopsFile = ../../../../secrets/sas/secrets.yaml;
"gpg/sas/key".sopsFile = ../../../../secrets/sas/secrets.yaml; "ssh/sas/pass" = {
"gpg/sas/pass".sopsFile = ../../../../secrets/sas/secrets.yaml; sopsFile = ../../../../secrets/sas/secrets.yaml;
key = "ssh/pass";
};
"gpg/sas/key" = {
sopsFile = ../../../../secrets/sas/secrets.yaml;
key = "gpg/key";
};
"gpg/sas/pass" = {
sopsFile = ../../../../secrets/sas/secrets.yaml;
key = "gpg/pass";
};
}; };
theme.wallpaper = ../../../../static/wallpapers/snow.jpg; theme.wallpaper = ../../../../static/wallpapers/snow.jpg;

1
hosts/installer/users/nick/configs/console/git/default.nix
View File

@@ -10,6 +10,7 @@
sopsFile = ../../../../../../../secrets/personal/secrets.yaml; sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
path = "${home}/.config/git/credentials"; path = "${home}/.config/git/credentials";
}; };
"git/cookies" = { "git/cookies" = {
sopsFile = ../../../../../../../secrets/personal/secrets.yaml; sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
path = "${home}/.config/git/cookies"; path = "${home}/.config/git/cookies";

10
hosts/installer/users/nick/default.nix
View File

@@ -61,14 +61,16 @@ in
}; };
sops.secrets = { sops.secrets = {
"ssh/personal/key" = { "ssh/key" = {
sopsFile = ../../../../secrets/personal/secrets.yaml; sopsFile = ../../../../secrets/personal/secrets.yaml;
path = "${home}/.ssh/ssh_personal_ed25519_key"; path = "${home}/.ssh/ssh_personal_ed25519_key";
}; };
"ssh/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml; "ssh/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
}; };
}; };
} }