john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed sops-nix on host system

Browse Source
This commit is contained in:
John Lancaster
2026-03-14 11:41:44 -05:00
parent d60a52edda
commit 4f3976a979
4 changed files with 36 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.sops.yaml
View File

@@ -1,7 +1,7 @@
keys: keys:
- &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy - &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
- &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt - &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
- &test-nix age1zru07t0jmfaqx2pnrvwahc70ujwxl2nhcscf90yfvdnd2thnwcwqn0ecqp - &test-nix age1gvplss0ddmyf6vpjy363wu3n057vhm0j6n7tc94cxd8kadapypws5mtaj0
creation_rules: creation_rules:
- path_regex: \.yaml$ - path_regex: \.yaml$
key_groups: key_groups:
@@ -14,3 +14,4 @@ creation_rules:
- age: - age:
- *john-p14s - *john-p14s
- *john-pc - *john-pc
- *test-nix

32
keys/secrets.yaml
View File

@@ -9,29 +9,29 @@ sops:
- recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy - recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOQW5WSFBreEZMVUl1WTUv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UEpja2kxdThZVWZhOGVP
Q01BWDlMNkJjMUtLaHhBTUxWL01ia2J6K0Y4Cld4amtlTlFXQSt1TnhPNnR6c1Jm S0NtSi84MjhnN0RORkh2NjZ4YlYvWS9kZDBNClFzYnVxWnhmQkpCRkRFVUx1RDdX
YlRFVExtd3B3ZkxMelJWTzE0V2ZjOEEKLS0tIHlrTi9jS2ZsSXduNlI4RXBmVjc1 ZHFqYXRqYXM0cWJzcU5EeEtSR1BUVzAKLS0tIDdEY2pnVTJqWlNZVkZldXVYVmFH
ZVhlZkJhV1VkRkRtNXA5UGFUa2g2bjQKAsnOhicHwkTba8+uTunL6s3Kb2w6K40y dVNBRUVodU5sRnpVcG1GZ1RiZzhjTXMKefqBvvD/qZwcSHmFjUnleukVRLueG36Y
YxWarndl4EQ0g98cPMB5qoG/+FIbZKUg2IoQId+jLye/8iKBE1zd6g== Q81KlwQweF2F8kHl7Bqsi+3hH1dZZbVm3vjuGpWFOoti7fowUV55Kw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt - recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4alRPTE8rUUJqMFFtbUs0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZFZxbDhVUWFEUGhPMlZI
a3BXeXdiQTIzUERJb2FRUVF5SjhCOUVWbEZJCjhpalNhTnM4TGRCb2NUVW1FT1pQ SFdBYkpxSnAxTUZXbjVwQnlZQ3l1SWtuZGg0CmVBdnVHbTNUcmwvK01iMnZKZTJh
ZEJGRldiaGpLaUZDd09sSlQ1aHFGN0UKLS0tIDNBUHpyc2EwWmxvSFRhSTlVdGw3 ajFla3kzYUl4ZWY3czA0WUdNM2lpVFUKLS0tIHo5Uk1pV296MXdnUTZGQ25haWZG
ZTkzYmEyRVRoM1d3OGtCL0s3YUJIMFUK33cTycXX/jEFMJkEqcG9L7N80b9jwABO QWZDWGRaRDBhY1ZkZk5oTHY0ZVV2RXMKanv+WWRhf5nl+aw/T6QZFVQQmhV1DZfB
JZw7+rwndm3JDzFsOanasuv2KPkYhU8puDS9Qo/Q51I+CAYcGl07DA== jkSzOAKOgPx7toYFmpq9E8fAH+zrMzDbxI2z2uyrOFI6v+QE0Ul/iQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zru07t0jmfaqx2pnrvwahc70ujwxl2nhcscf90yfvdnd2thnwcwqn0ecqp - recipient: age1gvplss0ddmyf6vpjy363wu3n057vhm0j6n7tc94cxd8kadapypws5mtaj0
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNmxpVXBITENjSU43ZEtz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZcGtMNi9RSG5aTVV5cWdT
K0xPcmlQNThCMjlkVWZqODBlZmhLSTNLcmowCmJCNGsraTNWQ1pNd0FCOTRYbk1C NittUXN0Qnpld1YvOU50OUh3Z3ZiSzhHOHdNCnc4TmdYbS9QQnBLbldHSytIdkJl
by92OWgyN0ZFaEcyc1VMa3lTTm5GODAKLS0tIHovV0ZZakl3MFU4QXo0eFJDWHpC R0psQWxkZTgyZTRzckkrTGpyNCsvR2sKLS0tIEdLb05aT2I2S3BKcFRrVmtvTGw5
Vk04Z3ZqS1hXOEo4ZUc1SW1OU3czYlkKx7HRRAQxFxfjPuXqz5Md3p75nK64DUs0 Z1orRCtkTDVXSktuck5pTmV4K05qZHMKZlHHu07q+GnyDDgdwW2Ic3P23PmoSPwn
TTK4ykODj4Xe7uQCJWrDW8JT/KrKZTU0+zqUYKRijsXGRxwI4WCXUQ== WuNLZdlZQleROaRb+zpD+9P1HGGJ3mWAlNlnmjGrRk453k1PbBQ5Og==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-12T19:06:28Z" lastmodified: "2026-03-12T19:06:28Z"
mac: ENC[AES256_GCM,data:lwBo9tL4AoJ1sllLM+HTgMdPlDKA4ebCo8c/z75H6TRthqR7HiVZRwxOAg423GU3IWp688qz96goouZtz0sD2PrGesCRYgTO2pWAk34vr1FlcVGbuFG+xUkwnroIs82ctsCohSw7GQuGwKp6vVK3cIV2t8VmKnFnqc0TbAQ6EMg=,iv:uO1Er43XMK/YVrBgUWBKGVgU5LWlms2uxZa7l0G9E8c=,tag:Y8WURiHVkRP93kPdVInH0w==,type:str] mac: ENC[AES256_GCM,data:lwBo9tL4AoJ1sllLM+HTgMdPlDKA4ebCo8c/z75H6TRthqR7HiVZRwxOAg423GU3IWp688qz96goouZtz0sD2PrGesCRYgTO2pWAk34vr1FlcVGbuFG+xUkwnroIs82ctsCohSw7GQuGwKp6vVK3cIV2t8VmKnFnqc0TbAQ6EMg=,iv:uO1Er43XMK/YVrBgUWBKGVgU5LWlms2uxZa7l0G9E8c=,tag:Y8WURiHVkRP93kPdVInH0w==,type:str]

0
keys/work
View File

20
modules/hosts/test-nix.nix
View File

@@ -12,10 +12,24 @@ in
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false; settings.KbdInteractiveAuthentication = false;
}; };
imports = with inputs.sops-nix.nixosModules; [
sops
];
sops.defaultSopsFile = ../../keys/secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.secrets."test-nix/ssh_host_key" = {
owner = "john";
path = "/home/john/.ssh/host_key";
};
}; };
flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem { flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem {
modules = with inputs.self.modules; [ modules = with inputs.self.modules; [
nixos."${hostname}"
nixos.lxc
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
nixos."${username}" nixos."${username}"
nixos.zsh nixos.zsh
@@ -23,9 +37,9 @@ in
nixos.step-client nixos.step-client
{ {
home-manager.users."${username}" = { home-manager.users."${username}" = {
# imports = with inputs.self.modules.homeManager; [ imports = with inputs.self.modules.homeManager; [
# step-client sops
# ]; ];
shell.program = "zsh"; shell.program = "zsh";
docker.enable = true; docker.enable = true;
ssh.matchSets = { ssh.matchSets = {