Daholli/nixos-config
1
0
Fork 0
Code Issues 2 Pull requests Releases Packages Activity Actions

sops: workaround for hashedPassword Mic92/sops-nix#627

Browse source
This commit is contained in:
Christoph Hollizeck 2025-12-04 11:46:27 +01:00
parent 8d5f52de19
commit c7bdc2d7fd
Signed by: Daholli
GPG key ID: 249300664F2AF2C7
3 changed files with 30 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -1,5 +1,6 @@
keys: keys:
- &primary age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47 - &primary age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47
- &yggdrasil age1gtu702a6crx4e450ny25acvsjffvt7kljhhadwhydlreew7z8gvs28d9st
- &loptland age13xshg5e6ucvnu3vqgn344mxpk5kcqutv2lf4gdffvwadq0ku5ewqy4cck6 - &loptland age13xshg5e6ucvnu3vqgn344mxpk5kcqutv2lf4gdffvwadq0ku5ewqy4cck6
- &nixberry age1mje6kvzzxl6slgpj4rtvmzz3dej3kdq9v85uu69xjcqy6947de6sue05z9 - &nixberry age1mje6kvzzxl6slgpj4rtvmzz3dej3kdq9v85uu69xjcqy6947de6sue05z9
creation_rules: creation_rules:
@ -7,6 +8,7 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *primary - *primary
- *yggdrasil
- *loptland - *loptland
- *nixberry - *nixberry

5
modules/base/default.nix
View file

@ -25,6 +25,7 @@
config, config,
inputs, inputs,
pkgs, pkgs,
lib,
... ...
}: }:
{ {
@ -51,8 +52,10 @@
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
age = { age = {
keyFile = "/home/cholli/.config/sops/age/keys.txt";
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = lib.mkIf (
config.networking.hostName == "yggdrasil"
) "/home/cholli/.config/sops/age/keys.txt";
}; };
}; };

39
secrets/secrets.yaml
View file

@ -8,29 +8,38 @@ sops:
- recipient: age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47 - recipient: age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcXozOHRMMkpwR1Q2K1pW YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMHBnKzlNcVlPRm9zd0xY
L01QSzduUTRjZ3haZjMvaGJOQW0zaytadWdNCnkxa0VXWFdwMjRaTkJoalVDZUgw eXVTNmN5VXFRK3VqNy9EOUo0RkFhcW1PaFZBCkJnSFc4SmdNYmhMcmZ0Z3N4WDF4
OFdnMjRIU1pmek12OXkyUkR1a1BVUzgKLS0tIGZpM1Era3RHWDQ3ek9ZOEpIWmxo S3ZDV3ZXenowU2hxT2ZTZXltdE43K2sKLS0tIG5NaFJ2ZlY2VmtNeXZrUlpGS1RN
QVBvT1RZUGlMNnM0cTNMaGI4aW9ES28KVoBcR+oDhu3oT3Gbau+0mkFOQujjSdWg N0tFUUFoZXk2dUkxYUZHNTR5YjlmcjQKQY0sxMfMTzoYVvu0YZoe8AEJixkHzwvs
Ytyo6vhJPQU0tyWUkAC1BHmKmfmiV4qjQEVIZRD+8gl4Tw2v8kwSTw== v+Q4JIbjNE1KX7cbCQTw+7OiYfd5XHtae5mlbJC4RK/+hJRzBihLVQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1gtu702a6crx4e450ny25acvsjffvt7kljhhadwhydlreew7z8gvs28d9st
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eDVzbXhKK2lCOGVxWjBw
ZUhuOHYwdXFSYTJHQzB5WnIzWkNJSXFzOW1ZCmV4THhXTGR5NzhFanpselpRUUpT
aGdtNHlhNXh2aHpRbU1mUlc4REMzTWcKLS0tIDVscHF4eTNlRHdQWmFvTEJFU0pw
aEtQam9Cd2dlR09ERCtJTFhXMmdBZVUKShOcEmqheV/Ol9YfXFsTXH5/KK1d5K1y
f5kLYLPUDXM90UxmEXXVs8TUnjknLVH0eTrPKGrdKSiF37xJ1466Ww==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age13xshg5e6ucvnu3vqgn344mxpk5kcqutv2lf4gdffvwadq0ku5ewqy4cck6 - recipient: age13xshg5e6ucvnu3vqgn344mxpk5kcqutv2lf4gdffvwadq0ku5ewqy4cck6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneGlDK2xRVkxzRzd4emZC YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnejF2elZqZSt1STk1emZU
djI3MkY4NndLZjZjZkFiaDk2TU55SEtTM1c4CkVQTms4WVJWZ2ZjMTI4d1ZmT0FS NUFQdWJWYUIyUFNFc0U0NUhOMXo0Qm5tMVNvCjhxUjdHanRGWmJab3R3ZnE0aW1S
M2ZLZ1NiZGdWL0VyZXdEK1BrV3VBRG8KLS0tIEdWQnR4bHhxN1d0VDg0VUlScnZL THRxbkFhUHFoTm1ob3RxTjNwNkhtd2MKLS0tIGlkSFJXUHpLS05mampZT2VRc0tq
U1F5aXZVd1lvVFVJOFBBSGFLM2U1aXcK8tKAdnvtPIer6XUsm3Ls+raMTUYAhFDz VnhDemNvVzdjTjUrWGVoOXVEdi9ucE0K2wRZFNkDidY7piWyOR0VgAON12RleXYk
PEJtm1X3j/UI4+xdGC6V60KQA4uUl/hSzAY6NDkKVsDW3AHv/whW1Q== Fzxtee0SCfMm0Wj2rkQj0B7SMoLXPRHNJahBLrl4MfDXwmw1Rd2gSQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1mje6kvzzxl6slgpj4rtvmzz3dej3kdq9v85uu69xjcqy6947de6sue05z9 - recipient: age1mje6kvzzxl6slgpj4rtvmzz3dej3kdq9v85uu69xjcqy6947de6sue05z9
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrK2FaOTI1djRhTjdxNWJJ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3L0Y2ZHJqVmVFcTdJUkY3
SG9lSGM4MEdvUkpoN1dBTHhHVk9nU1V5RHlZCnlxTitGZ3J0cU95L3RXcGJadzda MElOWFZSb1BqME5COHArTGJWVGx0UjQya1JvCnJvSm5DMFN2TG00MEFlazNzVmky
V0hTdnRpQmxDVUVWbk13M0FET1NHYTAKLS0tIHBjcTVTMHNWcW5naWNXQmJyKzlC MDlqbVRoZTJKaEhtS3NPVE1LNTZBdU0KLS0tIFVpbHRkZUlvSnE5dXBOZFc5TG5J
QUFsdmlYay9lLzF2YWJHVUlBOUhDaHcKKXKuk3ki8WYSrg2YVtaB4PliR/LFy390 SzFFeFVFcVBzWWRIajQrSHhjTzR6U1kKml6XZjf2DeNqfLazpCU3qXN0ak+kIbM6
gvCdS/LwqBJlDAwwtOoml7gtgPmn4bACO3z8XnrLfpctDdYgDkqcgQ== 7wuEOmWZCTD++CI/Fdb/TjgAJeJ7u3Dtd1I4+xi0f/9BEL4+mwFxWA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-04T08:42:30Z" lastmodified: "2025-12-04T08:42:30Z"
mac: ENC[AES256_GCM,data:xXdrF1yI19G06GMmL9ZpOVIQGTN0uYpru5weMyFnvSc6Igt+GLznht9V4qIRHLW8gRhd+sfSfNvXptn0FbS9HdI5MfIDTvLLC1nVRVtvPPcWiYPKo5lqiFnCh5HV/3UBNVO+7Wz1/m1JtXEptc1cYhpx2JmFPSvH9dQXedGSgec=,iv:iyc2s2CNYNL1XsryV0a5hQN3Woc5bCjrVtfH7bLDVoo=,tag:4B03cEYJstryEJwHxWhrDw==,type:str] mac: ENC[AES256_GCM,data:xXdrF1yI19G06GMmL9ZpOVIQGTN0uYpru5weMyFnvSc6Igt+GLznht9V4qIRHLW8gRhd+sfSfNvXptn0FbS9HdI5MfIDTvLLC1nVRVtvPPcWiYPKo5lqiFnCh5HV/3UBNVO+7Wz1/m1JtXEptc1cYhpx2JmFPSvH9dQXedGSgec=,iv:iyc2s2CNYNL1XsryV0a5hQN3Woc5bCjrVtfH7bLDVoo=,tag:4B03cEYJstryEJwHxWhrDw==,type:str]