Daholli/nixos-config
1
0
Fork 0
Code Issues 2 Pull requests Releases Packages Activity Actions

security: start setting permissions on secrets properly

Browse source
This commit is contained in:
Christoph Hollizeck 2025-12-01 23:53:27 +01:00
parent 01fb6d8ec9
commit ad9862019c
Signed by: Daholli
GPG key ID: 249300664F2AF2C7
11 changed files with 126 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

8
secrets/secrets-loptland.yaml
View file

@ -18,6 +18,8 @@ netcup:
hydra:
cachix:
token: ENC[AES256_GCM,data:FqlJMfw7d1VfWhC+vI4SEMWzzADXK/np33fCsihq3wgC6nWNeTurNn1vDRLIRH+s6iT1C8Ni8iAAlndfUS5SPH6Ymswix9KuJCvYc8Jy+c8pPchYePtMQfv3dVe5a1i06b8I5c+MX8V7j2kaCijYDirnhiD0qlc8SW/mIyB5RNpAgKPTzLjLKJNSUkTGOWUnww==,iv:H2yQ5ioBVnezmhGHbJ7sAlXvUb2MUmHpQpS7f+nIph4=,tag:qvqsbgf2Y/PAd3s9ZFuxWA==,type:str]
remotebuild:
private-key: ENC[AES256_GCM,data:FqdXFj4/leKNtNJ1H1sBnb/Gnso9soaLtdUToMsx3O6LAn2smdkFrguY9EESm+o1nIBWwc1S2cE/sfH8FR89NWbyfCDTsQLHRIIEYMS2kKLv7hqqdsmyQojW38TnUYtSo5W1V9pdmeYuotUrM7bPmW/Io/7/G/vW6LxtI7Mx1qT7OXnyEJVYsvY6TtJitWO0/jGUAGOyvu/+YhV4yRmArM2kjT+iYb8/dN0HpqCwo6aLvY7ctAA6ggESciuovEtUMv19y+RpMUaHxloziM3SFz/GjXekrqtPGDkCUusSChXuhzfmZDoz4dzNnkKn8HsmxzByzaTyNH9kCxzNV7vULTKi6/O4ny64FOk6pjymz2Yv6pK+pm3tP2wrPwynn3C1giwFCGn+2Nazixj4g4wd5iSFwNeAsDbLU0b3YN/NgQv0TeKGXR01Xgqvt06vtAnkpu8byPBUX5cz15kJckeztVHYCQyz6Uthk6NN+ScLok1z3I7Vn37KsF0Ka7k22aPMwXLLKkfEneavT41x1VNBq7Nedf9EFjjUG8S7,iv:mTlEphmcoFMv7dxIeSpsi77e3CJULcXxcOF1Nq66mUM=,tag:K2aGpaw2xeEj8537kB/cGA==,type:str]
sops:
age:
- recipient: age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47
@ -38,7 +40,7 @@ sops:
czdSTjNGSEpURlZEUTlIaUtGQUk5cW8KvylMTgtmHNvGnN7DonAsYQZB31mVli75
3OTN+mOetq2YNxh/Se7vqzwbZnshfTDk9nJi9bKZQhBt2nYR8eLRkg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-30T16:13:29Z"
mac: ENC[AES256_GCM,data:KBJJJc30KARd79w7iTZ4DPwpgcZGTf3oE85xVO//KX8uq/rPPWuXBSwDGcIKlWGVpwiNbCqVvoH3DhKxJfKnuGKadK96xjv3KyIR2H8KMvhTQDXodt61ZyNERDEpa1HcuOemYpAe8W1cUzJkm1wxNublNYBdKz1kQKMQ43tgalk=,iv:wr+nqXKB5wW4VgIr1z61f+LXsw76mMs4kFAOYAkV+tk=,tag:m8uLg6HQhIL1oN1pWQoTAg==,type:str]
lastmodified: "2025-12-01T21:50:41Z"
mac: ENC[AES256_GCM,data:rtICn+ljt414EWhSmVqM3IttqBx07a+m0MHEADNQ7s3USSfq3oEXqfoA1Nt6nIF/ZjNYeebNW9hiiJcZw/Hh749p3Fdu64w63MUTwsBciT651DwNNHJHVGwELaU72nI8amtVln+Ka0VD58/cM0V4mcw+eNvfUS+ykUVZAqmOiHo=,iv:IlgqHdb1gtajBfWogN6EgZ1V6h7ToTR1cArP8jEYocg=,tag:bagJOpWoMSvsgmKT/LsAJg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0