wip sops
This commit is contained in:
parent
c7a0d74cb6
commit
6ffda9b1c2
@ -2,11 +2,7 @@ keys:
|
|||||||
- &motiejus 5F6B7A8A92A260A437049BEB6F133A0C1C2848D7
|
- &motiejus 5F6B7A8A92A260A437049BEB6F133A0C1C2848D7
|
||||||
- &server_hel1a age1wxwfy32jwskgzudzc8kvvx4uya5kr6lc5vp03y07ly0wpe3jk9gqqree6q
|
- &server_hel1a age1wxwfy32jwskgzudzc8kvvx4uya5kr6lc5vp03y07ly0wpe3jk9gqqree6q
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/[^/]+\.yaml$
|
- path_regex: hosts/hel1-a/secrets.yaml$
|
||||||
key_groups:
|
|
||||||
- pgp:
|
|
||||||
- *motiejus
|
|
||||||
- path_regex: secrets/hel1-a/[^/]+\.yaml$
|
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
- *motiejus
|
- *motiejus
|
||||||
|
@ -72,6 +72,10 @@ in {
|
|||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
];
|
];
|
||||||
|
|
||||||
|
sops.defaultSopsFile = ./hosts/hel1-a/secrets.yaml;
|
||||||
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
sops.secrets.borgbackup-password = {};
|
||||||
|
|
||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
(self: super: {
|
(self: super: {
|
||||||
systemd = super.systemd.overrideAttrs (old: {
|
systemd = super.systemd.overrideAttrs (old: {
|
||||||
@ -254,8 +258,8 @@ in {
|
|||||||
repo = "zh2769@zh2769.rsync.net:hel1-a.servers.jakst";
|
repo = "zh2769@zh2769.rsync.net:hel1-a.servers.jakst";
|
||||||
encryption = {
|
encryption = {
|
||||||
mode = "repokey-blake2";
|
mode = "repokey-blake2";
|
||||||
#passCommand = "cat ${config.age.secrets.borgbackup-password.path}";
|
passCommand = "cat ${config.sops.secrets.borgbackup-password.path}";
|
||||||
passCommand = "cat /var/src/secrets/borgbackup/password";
|
#passCommand = "cat /var/src/secrets/borgbackup/password";
|
||||||
};
|
};
|
||||||
paths = value.paths;
|
paths = value.paths;
|
||||||
extraArgs = "--remote-path=borg1";
|
extraArgs = "--remote-path=borg1";
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
password: ENC[AES256_GCM,data:IVoMD1bSp15bPfPPws6k6u7SXioMPibxqg==,iv:U0zLdK4XEvty8eS/G80NcGlQrEn9M2fDH2oWv5cXIvI=,tag:IU3P9SjexZGGiOOxseUnLg==,type:str]
|
borgbackup-password: ENC[AES256_GCM,data:igLuxWZujydxdJO8Qt7sIOhIT9SqOkCvjw==,iv:pHk2V/VBb/HzHGieHyL4KY1RpmN6bqjjSDuTTnsH4bM=,tag:36aSlD6zY3AXE5X9ejs6CA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -14,8 +14,8 @@ sops:
|
|||||||
YmdScHFndG1leTl0VFo0dzh2SjhZTU0Kp3aiUTvTWMzw6y+D0ELT9BE4enrJAVDD
|
YmdScHFndG1leTl0VFo0dzh2SjhZTU0Kp3aiUTvTWMzw6y+D0ELT9BE4enrJAVDD
|
||||||
1c0TvbFwDAJI3KB8T/Mz23qerExtZZQeCnm9zQKd+NsSKZCf52JEkg==
|
1c0TvbFwDAJI3KB8T/Mz23qerExtZZQeCnm9zQKd+NsSKZCf52JEkg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-04-05T19:33:58Z"
|
lastmodified: "2023-04-06T20:01:44Z"
|
||||||
mac: ENC[AES256_GCM,data:hqQoErSGafMyD43nQBInX1+wrCGlln1KvH6w1NLMw6GQwZ6EzdTBJKH05S67KjA1UtxLGi8MquBnjymHSctsuWtBiM0T+7dSQlF+FEvkGcRVf1aGbCWtZgNWS07iROAhCNxHpHaPMPUHj5Y0ih3zBh6q9OuDkXG/up1zvN4YRwM=,iv:qGgT5qj7dX82NWOb/s3Pj1n13nFn73p3fOiVJrbpav0=,tag:VjPMmLUmasq54xNqMeAvlQ==,type:str]
|
mac: ENC[AES256_GCM,data:PRjs8bZ/DGGlfDjRexvImDdAuE/W74HPa+KdQtE1Qktu6nz1cqlFy8a+CiA/mw+Y3P4NntzXHxU30sONrZWXA+n5RXAn8kMgpOYzRWqZWn0zzIyfhZ9+jPmP7uLpJWGZIEayw8NRfHGthDb7SLTnM9OpbkIP9dl4NgMSvn0A2MA=,iv:ma2ekXqtJGlTE2lAIw9YapvtXns/P1BwSgj+Ly4W+gE=,tag:z/ypCNkpdi2B1BFoZx5Jyw==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-04-05T19:33:35Z"
|
- created_at: "2023-04-05T19:33:35Z"
|
||||||
enc: |
|
enc: |
|
Loading…
Reference in New Issue
Block a user