diff options
| author | David Morgan <djm_uk@protonmail.com> | 2024-09-24 16:04:13 +0100 |
|---|---|---|
| committer | David Morgan <djm_uk@protonmail.com> | 2024-09-24 16:04:13 +0100 |
| commit | 726b0673a5c1bd2134a1d7e415b9a2cc4912ef53 (patch) | |
| tree | 251c2d7e9d3efe55d750c942b3b76c6331dc8dc1 /nix-conf | |
| parent | cba5a2b170c5a2120164bd20029c41254afed31d (diff) | |
| download | dotfiles-726b0673a5c1bd2134a1d7e415b9a2cc4912ef53.tar.gz | |
Move secrets files for easier linking
Diffstat (limited to 'nix-conf')
| -rw-r--r-- | nix-conf/.sops.yaml | 6 | ||||
| -rw-r--r-- | nix-conf/home/includes/common.nix | 2 | ||||
| -rw-r--r-- | nix-conf/home/includes/secrets.yaml (renamed from nix-conf/secrets/home.yaml) | 0 | ||||
| -rw-r--r-- | nix-conf/machines/djmuk2/configuration.nix | 2 | ||||
| -rw-r--r-- | nix-conf/machines/djmuk2/secrets.yaml (renamed from nix-conf/secrets/djmuk2.yaml) | 0 | ||||
| -rw-r--r-- | nix-conf/machines/edrahil/configuration.nix | 2 | ||||
| -rw-r--r-- | nix-conf/machines/edrahil/network-configuration.nix | 2 | ||||
| -rw-r--r-- | nix-conf/machines/edrahil/secrets.yaml (renamed from nix-conf/secrets/edrahil.yaml) | 0 |
8 files changed, 7 insertions, 7 deletions
diff --git a/nix-conf/.sops.yaml b/nix-conf/.sops.yaml index c9f1394..2cb1a1e 100644 --- a/nix-conf/.sops.yaml +++ b/nix-conf/.sops.yaml @@ -3,16 +3,16 @@ keys: - &server_edrahil age1tjfctwnwldmyxnu6qmeufgr9l79vyzmrs7fy58v3d0qj4x4nhqhq2gjmlp - &server_djmuk2 age17j56andser5ddtlfunm35m25xueua4djh9glxlscfcet8865yv9s5aqvla creation_rules: - - path_regex: secrets/edrahil\.(json|yaml)$ + - path_regex: edrahil/secrets\.(json|yaml)$ key_groups: - age: - *server_edrahil - *admin_djm - - path_regex: secrets/djmuk2\.(json|yaml)$ + - path_regex: djmuk2/secrets\.(json|yaml)$ key_groups: - age: - *server_djmuk2 - - path_regex: secrets/[^/]+\.(json|yaml)$ + - path_regex: secrets\.(json|yaml)$ key_groups: - age: - *admin_djm diff --git a/nix-conf/home/includes/common.nix b/nix-conf/home/includes/common.nix index 2dc3a8a..339d470 100644 --- a/nix-conf/home/includes/common.nix +++ b/nix-conf/home/includes/common.nix @@ -45,7 +45,7 @@ in sops = { age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt"; defaultSopsFile = builtins.path { - path = ./../../secrets/home.yaml; + path = ./secrets.yaml; name = "home-secrets.yaml"; }; secrets."ssh_config/oci" = { }; diff --git a/nix-conf/secrets/home.yaml b/nix-conf/home/includes/secrets.yaml index 8222439..8222439 100644 --- a/nix-conf/secrets/home.yaml +++ b/nix-conf/home/includes/secrets.yaml diff --git a/nix-conf/machines/djmuk2/configuration.nix b/nix-conf/machines/djmuk2/configuration.nix index 9cc0a85..a84ddf8 100644 --- a/nix-conf/machines/djmuk2/configuration.nix +++ b/nix-conf/machines/djmuk2/configuration.nix @@ -38,7 +38,7 @@ # Emulate nix-sops. Technically an anti-pattern, but this isn't a real secret, and this has to be embedded here, as we cannot set a file path to read it from. # Populate/update with: - # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["openiscsi_name"]' secrets/djmuk2.yaml | doas tee /root/.config/secrets/openiscsi_name + # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["openiscsi_name"]' machines/djmuk2/secrets.yaml | doas tee /root/.config/secrets/openiscsi_name services.openiscsi.enable = true; services.openiscsi.name = builtins.readFile "/root/.config/secrets/openiscsi_name"; #services.openiscsi.enableAutoLoginOut = true; diff --git a/nix-conf/secrets/djmuk2.yaml b/nix-conf/machines/djmuk2/secrets.yaml index 3216fd3..3216fd3 100644 --- a/nix-conf/secrets/djmuk2.yaml +++ b/nix-conf/machines/djmuk2/secrets.yaml diff --git a/nix-conf/machines/edrahil/configuration.nix b/nix-conf/machines/edrahil/configuration.nix index cbaf435..2054253 100644 --- a/nix-conf/machines/edrahil/configuration.nix +++ b/nix-conf/machines/edrahil/configuration.nix @@ -20,7 +20,7 @@ sops = { defaultSopsFile = builtins.path { - path = /etc/nixos/secrets/edrahil.yaml; + path = /etc/nixos/secrets.yaml; name = "edrahil-secrets.yaml"; }; secrets.restic_password = { diff --git a/nix-conf/machines/edrahil/network-configuration.nix b/nix-conf/machines/edrahil/network-configuration.nix index b8ce55f..4b85912 100644 --- a/nix-conf/machines/edrahil/network-configuration.nix +++ b/nix-conf/machines/edrahil/network-configuration.nix @@ -6,7 +6,7 @@ # Emulate nix-sops. Technically an anti-pattern, but IP addresses aren't real secrets, and this has to be embedded here, # as we cannot set a file path to read it from. # Populate/update with: - # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["ipv6_address"]' secrets/edrahil.yaml | doas tee /root/.config/secrets/ipv6_address + # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["ipv6_address"]' machines/edrahil/secrets.yaml | doas tee /root/.config/secrets/ipv6_address address = builtins.readFile "/root/.config/secrets/ipv6_address"; prefixLength = 64; } diff --git a/nix-conf/secrets/edrahil.yaml b/nix-conf/machines/edrahil/secrets.yaml index 1f4c31e..1f4c31e 100644 --- a/nix-conf/secrets/edrahil.yaml +++ b/nix-conf/machines/edrahil/secrets.yaml |