diff --git a/.sops.yaml b/.sops.yaml index 9ee981d..a601aeb 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,11 +2,7 @@ keys: - &motiejus 5F6B7A8A92A260A437049BEB6F133A0C1C2848D7 - &server_hel1a age1wxwfy32jwskgzudzc8kvvx4uya5kr6lc5vp03y07ly0wpe3jk9gqqree6q creation_rules: - - path_regex: secrets/[^/]+\.yaml$ - key_groups: - - pgp: - - *motiejus - - path_regex: secrets/hel1-a/[^/]+\.yaml$ + - path_regex: hosts/hel1-a/secrets.yaml$ key_groups: - pgp: - *motiejus diff --git a/configuration.nix b/configuration.nix index fc58dad..18bf21f 100644 --- a/configuration.nix +++ b/configuration.nix @@ -72,6 +72,10 @@ in { sops-nix.nixosModules.sops ]; + sops.defaultSopsFile = ./hosts/hel1-a/secrets.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sops.secrets.borgbackup-password = {}; + nixpkgs.overlays = [ (self: super: { systemd = super.systemd.overrideAttrs (old: { @@ -254,8 +258,8 @@ in { repo = "zh2769@zh2769.rsync.net:hel1-a.servers.jakst"; encryption = { mode = "repokey-blake2"; - #passCommand = "cat ${config.age.secrets.borgbackup-password.path}"; - passCommand = "cat /var/src/secrets/borgbackup/password"; + passCommand = "cat ${config.sops.secrets.borgbackup-password.path}"; + #passCommand = "cat /var/src/secrets/borgbackup/password"; }; paths = value.paths; extraArgs = "--remote-path=borg1"; diff --git a/secrets/hel1-a/borgbackup.yaml b/hosts/hel1-a/secrets.yaml similarity index 79% rename from secrets/hel1-a/borgbackup.yaml rename to hosts/hel1-a/secrets.yaml index 0846ed9..ff69622 100644 --- a/secrets/hel1-a/borgbackup.yaml +++ b/hosts/hel1-a/secrets.yaml @@ -1,4 +1,4 @@ -password: ENC[AES256_GCM,data:IVoMD1bSp15bPfPPws6k6u7SXioMPibxqg==,iv:U0zLdK4XEvty8eS/G80NcGlQrEn9M2fDH2oWv5cXIvI=,tag:IU3P9SjexZGGiOOxseUnLg==,type:str] +borgbackup-password: ENC[AES256_GCM,data:igLuxWZujydxdJO8Qt7sIOhIT9SqOkCvjw==,iv:pHk2V/VBb/HzHGieHyL4KY1RpmN6bqjjSDuTTnsH4bM=,tag:36aSlD6zY3AXE5X9ejs6CA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +14,8 @@ sops: YmdScHFndG1leTl0VFo0dzh2SjhZTU0Kp3aiUTvTWMzw6y+D0ELT9BE4enrJAVDD 1c0TvbFwDAJI3KB8T/Mz23qerExtZZQeCnm9zQKd+NsSKZCf52JEkg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-05T19:33:58Z" - mac: ENC[AES256_GCM,data:hqQoErSGafMyD43nQBInX1+wrCGlln1KvH6w1NLMw6GQwZ6EzdTBJKH05S67KjA1UtxLGi8MquBnjymHSctsuWtBiM0T+7dSQlF+FEvkGcRVf1aGbCWtZgNWS07iROAhCNxHpHaPMPUHj5Y0ih3zBh6q9OuDkXG/up1zvN4YRwM=,iv:qGgT5qj7dX82NWOb/s3Pj1n13nFn73p3fOiVJrbpav0=,tag:VjPMmLUmasq54xNqMeAvlQ==,type:str] + lastmodified: "2023-04-06T20:01:44Z" + mac: ENC[AES256_GCM,data:PRjs8bZ/DGGlfDjRexvImDdAuE/W74HPa+KdQtE1Qktu6nz1cqlFy8a+CiA/mw+Y3P4NntzXHxU30sONrZWXA+n5RXAn8kMgpOYzRWqZWn0zzIyfhZ9+jPmP7uLpJWGZIEayw8NRfHGthDb7SLTnM9OpbkIP9dl4NgMSvn0A2MA=,iv:ma2ekXqtJGlTE2lAIw9YapvtXns/P1BwSgj+Ly4W+gE=,tag:z/ypCNkpdi2B1BFoZx5Jyw==,type:str] pgp: - created_at: "2023-04-05T19:33:35Z" enc: |