diff options
| author | David Morgan <djm_uk@protonmail.com> | 2024-09-24 16:04:13 +0100 |
|---|---|---|
| committer | David Morgan <djm_uk@protonmail.com> | 2024-09-24 16:04:13 +0100 |
| commit | 726b0673a5c1bd2134a1d7e415b9a2cc4912ef53 (patch) | |
| tree | 251c2d7e9d3efe55d750c942b3b76c6331dc8dc1 /nix-conf/machines/djmuk2 | |
| parent | cba5a2b170c5a2120164bd20029c41254afed31d (diff) | |
| download | dotfiles-726b0673a5c1bd2134a1d7e415b9a2cc4912ef53.tar.gz | |
Move secrets files for easier linking
Diffstat (limited to 'nix-conf/machines/djmuk2')
| -rw-r--r-- | nix-conf/machines/djmuk2/configuration.nix | 2 | ||||
| -rw-r--r-- | nix-conf/machines/djmuk2/secrets.yaml | 21 |
2 files changed, 22 insertions, 1 deletions
diff --git a/nix-conf/machines/djmuk2/configuration.nix b/nix-conf/machines/djmuk2/configuration.nix index 9cc0a85..a84ddf8 100644 --- a/nix-conf/machines/djmuk2/configuration.nix +++ b/nix-conf/machines/djmuk2/configuration.nix @@ -38,7 +38,7 @@ # Emulate nix-sops. Technically an anti-pattern, but this isn't a real secret, and this has to be embedded here, as we cannot set a file path to read it from. # Populate/update with: - # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["openiscsi_name"]' secrets/djmuk2.yaml | doas tee /root/.config/secrets/openiscsi_name + # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["openiscsi_name"]' machines/djmuk2/secrets.yaml | doas tee /root/.config/secrets/openiscsi_name services.openiscsi.enable = true; services.openiscsi.name = builtins.readFile "/root/.config/secrets/openiscsi_name"; #services.openiscsi.enableAutoLoginOut = true; diff --git a/nix-conf/machines/djmuk2/secrets.yaml b/nix-conf/machines/djmuk2/secrets.yaml new file mode 100644 index 0000000..3216fd3 --- /dev/null +++ b/nix-conf/machines/djmuk2/secrets.yaml @@ -0,0 +1,21 @@ +openiscsi_name: ENC[AES256_GCM,data:RZtrRGCnYgiAwq1bVnyK8fiYCxCKbtNs5diV3nUmNWAhU8CYRxau6SIAhB9t3f7p1fKgVC1V0fxV0nko6tdK,iv:M7qSnfBdxdTaCIb2/QZfrTUOZGX19IJY69IncTEk68w=,tag:eIo0fSKZTMEakGHh2zi5oQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age17j56andser5ddtlfunm35m25xueua4djh9glxlscfcet8865yv9s5aqvla + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5UFgxckhMa1RWL3hGQkZw + M25XN1JkT2dnQk9iVXdyaFJsa3hMM0pVam04CmZSWFdJbnl4RzFpUUpYK2JmRXFO + L3ZZbXZ3aHA4NjBuRCtnYlpsNG94ZVkKLS0tIFNIUTVjOUxhS00zZFlyODVuQ1lB + bC9sLzdObkpFNTJRcmk3N3Y0TG1xakkKvFbr1YlLFS7c0BfK1MYczTXgjwcaNjxH + tHCQWzVyx1VzLID1TCQDGXWApkaaQYxa2d/afTTRxk98w6xJIvLj2g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-03T15:08:24Z" + mac: ENC[AES256_GCM,data:CtMDdk/tY52HLDuTHIUWF8qV3wdyykWnEKJk0bGMT+feWd/+PAzJRzCOVDuL6AxT1FmtZGx2lFZz6A9vzFbGsn1fawXVo40q+6TWpdcv80tRaicfyh1FTppWGNOJn/bh7DILuX41HRTEP2ngpMHwSr3cbCUfhxrV+r7giguj1do=,iv:uGe15h57SyQr8yi19sqDRPwtC/4WmBAwqvsHI5g5pAc=,tag:2Lv+QZf0CsgusJMay9MyQQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 |