martin/dot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add secrets

Browse Source
This commit is contained in:
Martin Pander
2026-02-07 16:11:52 +01:00
parent 61bb1578e0
commit 3bdd7e1c50
4 changed files with 29 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
nix/modules/home/secrets.nix
View File

@@ -10,7 +10,6 @@
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
age = { age = {
# This is the default location for the age key
keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
}; };
}; };

7
nix/modules/nixos/secrets.nix
View File

@@ -10,12 +10,9 @@
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
age = { age = {
# This will automatically import the SSH keys as age keys
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# This is where the age key for sops-nix is stored # keyFile = "/var/lib/sops-nix/key.txt";
keyFile = "/var/lib/sops-nix/key.txt"; # generateKey = true;
# This will generate a new age key from the SSH key if it doesn't exist
generateKey = true;
}; };
}; };
} }

2
nix/secrets/.sops.yaml
View File

@@ -1,8 +1,10 @@
keys: keys:
- &macbook age1hmgy68ukugduef75ev72jnpu77ff3lajadpf7u0zv3ex4nt7f5qs5nxx2l - &macbook age1hmgy68ukugduef75ev72jnpu77ff3lajadpf7u0zv3ex4nt7f5qs5nxx2l
- &macnix age1436laad6dysegssvnz3pm8m33tv6hl9xpqymslehfwjqr8c6hfwsn74u42
creation_rules: creation_rules:
- path_regex: secrets\.yaml$ - path_regex: secrets\.yaml$
key_groups: key_groups:
- age: - age:
- *macbook - *macbook
- *macnix

26
nix/secrets/secrets.yaml
View File

@@ -1 +1,25 @@
gemini_api_key: ENC[AES256_GCM,data:nN7Hng==,iv:uOL0UyHpiRpAXfkX8qyVAnJZFm4ljkgYiZycrdSoW9U=,tag:7A/rHJcEykcoyJLeTV/gaw==,type:str]
sops:
age:
- recipient: age1hmgy68ukugduef75ev72jnpu77ff3lajadpf7u0zv3ex4nt7f5qs5nxx2l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKNGdIVU9CRnJGVVdkREsw
OFNiS2tFQmRoUHZiZFR0Z1RVaExSaXZwejBJCk44MWJSalFvckNqckNxZUJGdFpT
VlV2eisySzl2aGJVL1hSZ25FMWtTWmMKLS0tIEVvODJxSG1ScllmRC93MHN0MVdZ
YW12MmkweUF3TWtiSTVyWkIvdGdXQXMKsEMlf2FRKxSvaaCaBGf3kM5MdsL571aq
sITsqoVo+J7CV0XdPjVpctHwSBNMlLUGJh+dM5+Rb96FUqVr9dpEIw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1436laad6dysegssvnz3pm8m33tv6hl9xpqymslehfwjqr8c6hfwsn74u42
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUd0x4MDhVMmhISnN0eFZz
c1c2emxRcFVLRWZDSkp2V1VYQUpUbXU3ZFJZCkN1VVRzR2VBeThMckFRZk9ZdFdE
czhpb0hybCsxUlJ4WmlXb0pPOG5JaHMKLS0tIDBCR29zbjVpNFJZWVNrSldxT08z
TEsvV3l2TEJqUWdVL2krOXlNaXlpR0EKMIaLbDOAx2Zw1rtNT6HSli3Yqw2rFnsa
6p5fa97RSDewFhg4MvaVo2L8SVpef65idmRXQ2Eh/ls4tbcpN8r6MA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-07T15:11:34Z"
mac: ENC[AES256_GCM,data:Pgi9tYWnrMrlM9NjqDy0+BrH51/0T4c7M6dornLCumnRtR2Y3MZYGyA2E97kbwuqoPJCOWkzhJt7smwCRI+H0rXveO+ps+v5iUxzP+7MQmepn5wjS32HoL5c2Oer4CR7PkKY7YvL7z5IT6QcIgRXMODhsVbWgB8CjPrn/GYqb5Y=,iv:A2AyCNHfQEdx/wvUJQGc9ndL2/OYGGxBMidYOTHXO7Q=,tag:9uzJcu3bogQgVj0bDOPCwg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0