sops: workaround for hashedPassword Mic92/sops-nix#627

2025-12-04 11:46:27 +01:00 · 2025-12-04 11:46:27 +01:00 · c7bdc2d7fd
commit c7bdc2d7fd
parent 8d5f52de19
3 changed files with 30 additions and 16 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,5 +1,6 @@
 keys:
  - &primary age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47
+  - &yggdrasil age1gtu702a6crx4e450ny25acvsjffvt7kljhhadwhydlreew7z8gvs28d9st
  - &loptland age13xshg5e6ucvnu3vqgn344mxpk5kcqutv2lf4gdffvwadq0ku5ewqy4cck6
  - &nixberry age1mje6kvzzxl6slgpj4rtvmzz3dej3kdq9v85uu69xjcqy6947de6sue05z9
 creation_rules:
@ -7,6 +8,7 @@ creation_rules:
    key_groups: 
    - age:
      - *primary
+      - *yggdrasil
      - *loptland
      - *nixberry

--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@ -25,6 +25,7 @@
          config,
          inputs,
          pkgs,
+          lib,
          ...
        }:
        {
@ -51,8 +52,10 @@
            defaultSopsFormat = "yaml";

            age = {
-              keyFile = "/home/cholli/.config/sops/age/keys.txt";
              sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+              keyFile = lib.mkIf (
+                config.networking.hostName == "yggdrasil"
+              ) "/home/cholli/.config/sops/age/keys.txt";
            };

          };
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -8,29 +8,38 @@ sops:
        - recipient: age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcXozOHRMMkpwR1Q2K1pW
-            L01QSzduUTRjZ3haZjMvaGJOQW0zaytadWdNCnkxa0VXWFdwMjRaTkJoalVDZUgw
-            OFdnMjRIU1pmek12OXkyUkR1a1BVUzgKLS0tIGZpM1Era3RHWDQ3ek9ZOEpIWmxo
-            QVBvT1RZUGlMNnM0cTNMaGI4aW9ES28KVoBcR+oDhu3oT3Gbau+0mkFOQujjSdWg
-            Ytyo6vhJPQU0tyWUkAC1BHmKmfmiV4qjQEVIZRD+8gl4Tw2v8kwSTw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMHBnKzlNcVlPRm9zd0xY
+            eXVTNmN5VXFRK3VqNy9EOUo0RkFhcW1PaFZBCkJnSFc4SmdNYmhMcmZ0Z3N4WDF4
+            S3ZDV3ZXenowU2hxT2ZTZXltdE43K2sKLS0tIG5NaFJ2ZlY2VmtNeXZrUlpGS1RN
+            N0tFUUFoZXk2dUkxYUZHNTR5YjlmcjQKQY0sxMfMTzoYVvu0YZoe8AEJixkHzwvs
+            v+Q4JIbjNE1KX7cbCQTw+7OiYfd5XHtae5mlbJC4RK/+hJRzBihLVQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1gtu702a6crx4e450ny25acvsjffvt7kljhhadwhydlreew7z8gvs28d9st
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eDVzbXhKK2lCOGVxWjBw
+            ZUhuOHYwdXFSYTJHQzB5WnIzWkNJSXFzOW1ZCmV4THhXTGR5NzhFanpselpRUUpT
+            aGdtNHlhNXh2aHpRbU1mUlc4REMzTWcKLS0tIDVscHF4eTNlRHdQWmFvTEJFU0pw
+            aEtQam9Cd2dlR09ERCtJTFhXMmdBZVUKShOcEmqheV/Ol9YfXFsTXH5/KK1d5K1y
+            f5kLYLPUDXM90UxmEXXVs8TUnjknLVH0eTrPKGrdKSiF37xJ1466Ww==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age13xshg5e6ucvnu3vqgn344mxpk5kcqutv2lf4gdffvwadq0ku5ewqy4cck6
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneGlDK2xRVkxzRzd4emZC
-            djI3MkY4NndLZjZjZkFiaDk2TU55SEtTM1c4CkVQTms4WVJWZ2ZjMTI4d1ZmT0FS
-            M2ZLZ1NiZGdWL0VyZXdEK1BrV3VBRG8KLS0tIEdWQnR4bHhxN1d0VDg0VUlScnZL
-            U1F5aXZVd1lvVFVJOFBBSGFLM2U1aXcK8tKAdnvtPIer6XUsm3Ls+raMTUYAhFDz
-            PEJtm1X3j/UI4+xdGC6V60KQA4uUl/hSzAY6NDkKVsDW3AHv/whW1Q==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnejF2elZqZSt1STk1emZU
+            NUFQdWJWYUIyUFNFc0U0NUhOMXo0Qm5tMVNvCjhxUjdHanRGWmJab3R3ZnE0aW1S
+            THRxbkFhUHFoTm1ob3RxTjNwNkhtd2MKLS0tIGlkSFJXUHpLS05mampZT2VRc0tq
+            VnhDemNvVzdjTjUrWGVoOXVEdi9ucE0K2wRZFNkDidY7piWyOR0VgAON12RleXYk
+            Fzxtee0SCfMm0Wj2rkQj0B7SMoLXPRHNJahBLrl4MfDXwmw1Rd2gSQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1mje6kvzzxl6slgpj4rtvmzz3dej3kdq9v85uu69xjcqy6947de6sue05z9
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrK2FaOTI1djRhTjdxNWJJ
-            SG9lSGM4MEdvUkpoN1dBTHhHVk9nU1V5RHlZCnlxTitGZ3J0cU95L3RXcGJadzda
-            V0hTdnRpQmxDVUVWbk13M0FET1NHYTAKLS0tIHBjcTVTMHNWcW5naWNXQmJyKzlC
-            QUFsdmlYay9lLzF2YWJHVUlBOUhDaHcKKXKuk3ki8WYSrg2YVtaB4PliR/LFy390
-            gvCdS/LwqBJlDAwwtOoml7gtgPmn4bACO3z8XnrLfpctDdYgDkqcgQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3L0Y2ZHJqVmVFcTdJUkY3
+            MElOWFZSb1BqME5COHArTGJWVGx0UjQya1JvCnJvSm5DMFN2TG00MEFlazNzVmky
+            MDlqbVRoZTJKaEhtS3NPVE1LNTZBdU0KLS0tIFVpbHRkZUlvSnE5dXBOZFc5TG5J
+            SzFFeFVFcVBzWWRIajQrSHhjTzR6U1kKml6XZjf2DeNqfLazpCU3qXN0ak+kIbM6
+            7wuEOmWZCTD++CI/Fdb/TjgAJeJ7u3Dtd1I4+xi0f/9BEL4+mwFxWA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-12-04T08:42:30Z"
    mac: ENC[AES256_GCM,data:xXdrF1yI19G06GMmL9ZpOVIQGTN0uYpru5weMyFnvSc6Igt+GLznht9V4qIRHLW8gRhd+sfSfNvXptn0FbS9HdI5MfIDTvLLC1nVRVtvPPcWiYPKo5lqiFnCh5HV/3UBNVO+7Wz1/m1JtXEptc1cYhpx2JmFPSvH9dQXedGSgec=,iv:iyc2s2CNYNL1XsryV0a5hQN3Woc5bCjrVtfH7bLDVoo=,tag:4B03cEYJstryEJwHxWhrDw==,type:str]