liv/nixos-config
1
0
Fork 0
mirror of https://github.com/Ahwxorg/nixos-config.git synced 2026-05-06 11:02:20 +02:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

feat: initializes secrets file for fragile; adds yubikey u2f key to secrets and set it to be in the home path of ${username}

Browse source
This commit is contained in:
Ahwx 2026-04-29 00:06:01 +02:00
parent f12a9a2c09
commit 175f5eb789
3 changed files with 30 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.sops.yaml
View file

@ -2,6 +2,7 @@ keys:
- &sakura age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w - &sakura age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w
- &violet age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3 - &violet age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3
- &dandelion age1dpzajxcx7dcumda55qc3hncxqd43a7k85t2cdwtcvy5qsgp6k5tsugxqmd - &dandelion age1dpzajxcx7dcumda55qc3hncxqd43a7k85t2cdwtcvy5qsgp6k5tsugxqmd
- &fragile age1yu47wk9z3j5tspymyda8lw3u5snr66u96f2lzhqfdfmm7xv8xpxqcz9fcv
creation_rules: creation_rules:
- path_regex: secrets/sakura/secrets.yaml - path_regex: secrets/sakura/secrets.yaml
key_groups: key_groups:
@ -17,3 +18,7 @@ creation_rules:
- age: - age:
- *sakura - *sakura
- *dandelion - *dandelion
- path_regex: secrets/fragile/secrets.yaml
key_groups:
- age:
- *fragile

8
modules/core/sops.nix
View file

@ -49,6 +49,14 @@
"dandelionSyncthingId" = { }; "dandelionSyncthingId" = { };
"sakuraSyncthingId" = { }; "sakuraSyncthingId" = { };
} }
else if (host == "fragile") then
{
"systemMailerPassword" = { };
"yubikeySecret" = {
owner = username;
path = "/home/${username}/.config/Yubico/u2f_keys";
};
}
else else
{ }; { };
}; };

17
secrets/fragile/secrets.yaml Normal file
View file

@ -0,0 +1,17 @@
systemMailerPassword: ENC[AES256_GCM,data:N4xRgg40VtTgeHI16YC/ZOg4BN/N2GM67m81rqPrQUuMoFmarmBM0sYbxBVjpkyjyzH5kWyZ3Y6tY15FuY+d8kjFbCqmYc2B1OzaU/uHhyO4ewuZFBlgtu0PFWvPsKCfpx8D39sZwXpIQVnAbR7DbKaZmMdWCIxxfsYKJzhJiU8=,iv:xWLw1WTgqVt/I5ylbUjg2EIc7MoeMi4UPwm6zjmD3Xw=,tag:lPzhddRvi6qQZD7Gef2Uzg==,type:str]
yubikeySecret: ENC[AES256_GCM,data:L46VgDAtIlxtdtnYhb59cFeU3v/j1nlkXLF/lkCnCpIS28NeG+3YrSAm0Gv0uwqBX7/XU6hBg2r9y1e4KrfYJn5+pBku18rPJz8eNLl+/9fzRDRba3251AyaoC8n3TuNVvwrLmXu14r1bR8LCIFX4D8N9QFREQeLMELlPrSzaKY7AT9K/rNgFZ7vDmJCqpKlv2Y1nMCAl5kvvn6HrIp489fypBLqGNCA0Sn5kymM7wqzaKM76E66SzkzG0hxFhUf7Tvi3iOS,iv:2QIOOVwZYDyIN1I7NC4AOvr7CuNsR1LZzIsNPdKHj/c=,tag:frJtXeylLdefu5AeVtthoA==,type:str]
sops:
age:
- recipient: age1yu47wk9z3j5tspymyda8lw3u5snr66u96f2lzhqfdfmm7xv8xpxqcz9fcv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMm1mTzVxUE9zZGRyR2NB
V1VRbkgyTTJMMGVJanN0RGJwOURNejZKS1MwCklrUjZ5RTdWcTZNNC9KNWgvQ0R4
dVJtb2kvYjV5a04yVzJqaG8zKzhzRjAKLS0tIEpHOXpmbHdKZmJCNkxDeDlKUnZh
NURtNnR2T2MxaG52cEwvNEYxSUpDWXcK4VfTdWFJ33AwdOphxEfOSne/Aikgx46e
YeqjGdQslRCNutQnoJjefyToy/DCgd/wbdT1/Am7WwESA2O3xIzvoA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-28T20:36:04Z"
mac: ENC[AES256_GCM,data:p4PsH3iRHWOTADVAaFZhn+VP3IbaCKZNjiFbeqP9sjJfE+DE0ycAfw05IuzbqkDnwJX2J3wX5ufQyO8zmhjjLvR445jPoapwN1KuQO8L+eiPvbF3v7hNc2XISrYHbtnN7v1K2IfWgTqef+kEwFqjnPzMKhBFV+ObMg+CWVWVMVs=,iv:bSvX/jOQWn/HnVg/quokWdO36/01Isd4GrD566HFaQk=,tag:3M/fjgBYfprfe853ColVoQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.1