about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorDavid Morgan <djm_uk@protonmail.com>2024-09-24 16:04:13 +0100
committerDavid Morgan <djm_uk@protonmail.com>2024-09-24 16:04:13 +0100
commit726b0673a5c1bd2134a1d7e415b9a2cc4912ef53 (patch)
tree251c2d7e9d3efe55d750c942b3b76c6331dc8dc1
parentcba5a2b170c5a2120164bd20029c41254afed31d (diff)
downloaddotfiles-726b0673a5c1bd2134a1d7e415b9a2cc4912ef53.tar.gz
Move secrets files for easier linking
-rw-r--r--nix-conf/.sops.yaml6
-rw-r--r--nix-conf/home/includes/common.nix2
-rw-r--r--nix-conf/home/includes/secrets.yaml (renamed from nix-conf/secrets/home.yaml)0
-rw-r--r--nix-conf/machines/djmuk2/configuration.nix2
-rw-r--r--nix-conf/machines/djmuk2/secrets.yaml (renamed from nix-conf/secrets/djmuk2.yaml)0
-rw-r--r--nix-conf/machines/edrahil/configuration.nix2
-rw-r--r--nix-conf/machines/edrahil/network-configuration.nix2
-rw-r--r--nix-conf/machines/edrahil/secrets.yaml (renamed from nix-conf/secrets/edrahil.yaml)0
8 files changed, 7 insertions, 7 deletions
diff --git a/nix-conf/.sops.yaml b/nix-conf/.sops.yaml
index c9f1394..2cb1a1e 100644
--- a/nix-conf/.sops.yaml
+++ b/nix-conf/.sops.yaml
@@ -3,16 +3,16 @@ keys:
   - &server_edrahil age1tjfctwnwldmyxnu6qmeufgr9l79vyzmrs7fy58v3d0qj4x4nhqhq2gjmlp
   - &server_djmuk2 age17j56andser5ddtlfunm35m25xueua4djh9glxlscfcet8865yv9s5aqvla
 creation_rules:
-  - path_regex: secrets/edrahil\.(json|yaml)$
+  - path_regex: edrahil/secrets\.(json|yaml)$
     key_groups:
     - age:
       - *server_edrahil
       - *admin_djm
-  - path_regex: secrets/djmuk2\.(json|yaml)$
+  - path_regex: djmuk2/secrets\.(json|yaml)$
     key_groups:
     - age:
       - *server_djmuk2
-  - path_regex: secrets/[^/]+\.(json|yaml)$
+  - path_regex: secrets\.(json|yaml)$
     key_groups:
     - age:
       - *admin_djm
diff --git a/nix-conf/home/includes/common.nix b/nix-conf/home/includes/common.nix
index 2dc3a8a..339d470 100644
--- a/nix-conf/home/includes/common.nix
+++ b/nix-conf/home/includes/common.nix
@@ -45,7 +45,7 @@ in
   sops = {
     age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
     defaultSopsFile = builtins.path {
-      path = ./../../secrets/home.yaml;
+      path = ./secrets.yaml;
       name = "home-secrets.yaml";
     };
     secrets."ssh_config/oci" = { };
diff --git a/nix-conf/secrets/home.yaml b/nix-conf/home/includes/secrets.yaml
index 8222439..8222439 100644
--- a/nix-conf/secrets/home.yaml
+++ b/nix-conf/home/includes/secrets.yaml
diff --git a/nix-conf/machines/djmuk2/configuration.nix b/nix-conf/machines/djmuk2/configuration.nix
index 9cc0a85..a84ddf8 100644
--- a/nix-conf/machines/djmuk2/configuration.nix
+++ b/nix-conf/machines/djmuk2/configuration.nix
@@ -38,7 +38,7 @@
 
   # Emulate nix-sops. Technically an anti-pattern, but this isn't a real secret, and this has to be embedded here, as we cannot set a file path to read it from.
   # Populate/update with:
-  # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["openiscsi_name"]' secrets/djmuk2.yaml | doas tee /root/.config/secrets/openiscsi_name
+  # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["openiscsi_name"]' machines/djmuk2/secrets.yaml | doas tee /root/.config/secrets/openiscsi_name
   services.openiscsi.enable = true;
   services.openiscsi.name = builtins.readFile "/root/.config/secrets/openiscsi_name";
   #services.openiscsi.enableAutoLoginOut = true;
diff --git a/nix-conf/secrets/djmuk2.yaml b/nix-conf/machines/djmuk2/secrets.yaml
index 3216fd3..3216fd3 100644
--- a/nix-conf/secrets/djmuk2.yaml
+++ b/nix-conf/machines/djmuk2/secrets.yaml
diff --git a/nix-conf/machines/edrahil/configuration.nix b/nix-conf/machines/edrahil/configuration.nix
index cbaf435..2054253 100644
--- a/nix-conf/machines/edrahil/configuration.nix
+++ b/nix-conf/machines/edrahil/configuration.nix
@@ -20,7 +20,7 @@
 
   sops = {
     defaultSopsFile = builtins.path {
-      path = /etc/nixos/secrets/edrahil.yaml;
+      path = /etc/nixos/secrets.yaml;
       name = "edrahil-secrets.yaml";
     };
     secrets.restic_password = {
diff --git a/nix-conf/machines/edrahil/network-configuration.nix b/nix-conf/machines/edrahil/network-configuration.nix
index b8ce55f..4b85912 100644
--- a/nix-conf/machines/edrahil/network-configuration.nix
+++ b/nix-conf/machines/edrahil/network-configuration.nix
@@ -6,7 +6,7 @@
         # Emulate nix-sops. Technically an anti-pattern, but IP addresses aren't real secrets, and this has to be embedded here,
         # as we cannot set a file path to read it from.
         # Populate/update with:
-        # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["ipv6_address"]' secrets/edrahil.yaml | doas tee /root/.config/secrets/ipv6_address
+        # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["ipv6_address"]' machines/edrahil/secrets.yaml | doas tee /root/.config/secrets/ipv6_address
         address = builtins.readFile "/root/.config/secrets/ipv6_address";
         prefixLength = 64;
       }
diff --git a/nix-conf/secrets/edrahil.yaml b/nix-conf/machines/edrahil/secrets.yaml
index 1f4c31e..1f4c31e 100644
--- a/nix-conf/secrets/edrahil.yaml
+++ b/nix-conf/machines/edrahil/secrets.yaml