redid path

2025-07-07 00:53:56 -05:00
parent 5f3d3a224a
commit 1fe7f9b901
3 changed files with 27 additions and 31 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -0,0 +1,9 @@
+keys:
+  - &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
+  - &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
+creation_rules:
+  - path_regex: secrets.yaml$
+    key_groups:
+    - age:
+      - *john-p14s
+      - *john-pc
--- a/homeManagerModules/sops.nix
+++ b/homeManagerModules/sops.nix
@@ -1,17 +1,13 @@
 { inputs, config, pkgs, lib, ... }:
+let
+  sopsConfigPath = "${config.home.homeDirectory}/.config/home-manager/jsl-home/.sops.yaml";
+in
 {
  sops = {
    # It's also possible to use a ssh key, but only when it has no password:
    sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
    defaultSopsFile = ./secrets.yaml;
-    secrets.test = {
-      # sopsFile = ./secrets.yml.enc; # optionally define per-secret files
-
-      # %r gets replaced with a runtime directory, use %% to specify a '%'
-      # sign. Runtime dir is $XDG_RUNTIME_DIR on linux and $(getconf
-      # DARWIN_USER_TEMP_DIR) on darwin.
-      path = "%r/test.txt"; 
-    };
-    
+    defaultSopsFormat = "yaml";
  };
+  programs.zsh.shellAliases.sops = lib.mkIf config.enableShell "${pkgs.sops-nix}/bin/sops --config ${sopsConfigPath}";
 }
--- a/keys/secrets.yaml
+++ b/keys/secrets.yaml
@@ -1,5 +1,5 @@
 hello: ENC[AES256_GCM,data:4uC3/Tig8jP77fzue3w/gevs7yj61h3hF8bEMLPBlJakpna3G8DVAFOlyqEjOg==,iv:3LCkLVdAdMdo9cD/1usIYu/akZ5anpMlqciHrVcwOLU=,tag:sOSoPPxoippFJAusbtIuVQ==,type:str]
-example_key: ENC[AES256_GCM,data:Cymjuys1ONFIWFcu4777OkhaSLv+lA==,iv:fRut7BsgyTgtiDT31AyAJ622b8PxyMvpRGaMEUNSecs=,tag:0iZ3kJw/7a+XUVUiIfFYIQ==,type:str]
+example_key: ENC[AES256_GCM,data:BfK4TdDYA0DTBvhtYVgsBwPbanY3gQ==,iv:1zIuW9vtTOR1hk2CpgxkLrja23itTXwQuPhqPqAOQJQ=,tag:cysHFWrQTgC50h5snrFErw==,type:str]
 #ENC[AES256_GCM,data:c0Ay18GCW/gowNHmF67TMg==,iv:T+FN8xaVilVSETMQztl6lmpLqnGiyrXhJvWsO+dBdd0=,tag:1D6TkngB116dOeCAX85djg==,type:comment]
 example_array:
    - ENC[AES256_GCM,data:yUJ7p5VfyQUANjbuz48=,iv:XTGb97tMV3mkPwNyKetSflLLlE31g9UgMPcelMPpNZ0=,tag:j5muB72Ogc/gtenvsWvpbQ==,type:str]
@@ -13,31 +13,22 @@ sops:
        - recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqQnBCcTJjTE4wY05nemkr
-            YnYxSDRMNk10Qi85OGVKZFZtRC9GUk5vbW1nCmc4ZnFsYmtaNW9GWitua1pvcUJ5
-            N2Zmck5TNTlrUjNnY3AyMXFsbHNPU3MKLS0tIGxlT3dBNUQ1cnFpSmtDUWxRcm1I
-            ZHg4UHp3dkxEMXlsRGhKYTk2aEJRSEEKqjLQ4z/waAc/EIu5jZpTT+Q8HA23SUbX
-            Xf0omGetuGECDPihS/ENtewt442CnvPrmqYgZ8gRFrekg2fSYVMCDw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWkxDSnlNT2Vua1ZXWC8r
+            SU9UMnhaVXVEVlZGL3dtYTBJSzNGbHVaSTJNCm9ZTFM3RndpRktUcWhwZk1Fc2dk
+            ZGtoWXdoOWVyK1F0YStSS3dsMkg2R28KLS0tIFkrdVFZNlVxRjhPaWdMZXl2elV3
+            TVpyTzFsNFNmd3FNU0tlMnlTOHNTQWsKfKdN4epZokF74bCNr9+jxulZJFBQM83P
+            quMhl+H85My8jAsEeC9CW7y2jdNPJkfk9gHun4ozoW8U7o6y5RLfJg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRmFNSGNrQkk0VVhvWmpU
-            Q3RiZzZnQklFL0gvSjUyWVI1MkhNSlBaT3hzCmJCcElPcDJTTFZWZlNaa2dPcisy
-            MHlWYnBBdlc1ZjQyVStQTjlpNHIxUFEKLS0tIElRU09mbUtQVW1qaVVpMU5xTXBh
-            dHJ4eC9GRFMweWVkZ2xlR1RBem5TN2sK1UU8GYLhO0q/l7yqPUrpdaEPw5vp354L
-            lI8Ch3p8/IHgZMsHFoT/pcGQOu1V3BATjs4lM622Tqwk/nN7WnpGmw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSakZRUnkraWtId2h3eUhB
+            REpkUHhYMm1MSmtFU2pvd1BpQ0xRTTlCWkZJCkxrTm1sdDBqclJ3RHR6VkllOFpo
+            ZXRtS2lsazRDS2lyRnZmT3FTTjJ6WUUKLS0tIExxNlFoeDhHQ3l5a1VvUHNRWUdw
+            Mms2UEhFSU82UWR5Z1VvU25qenJUQm8KtQeZDIfJIczm1l8ql/WmVEf8KI9dg0vw
+            9rNSjtBkEttVd21zUSOziG4513abllE8NFTkAc1z3HacuXpHTBnd5A==
            -----END AGE ENCRYPTED FILE-----
-        - recipient: age16qqdn7tdgzu9c259g854ls69aqyz5hwhg7d4q5mqn7ksvchkp9nqv0x2un
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSnEybEhHSjhOQ056OFpS
-            Qms1MmU5dWlRZmgzMHNDT0o1dm11WlRjTmh3CllhWUhUeWRMR0FPWVpJRnIvaGY3
-            ZHlYRnM2ZVljT1hSSGxWT2VVQllQdTgKLS0tIFk2Z3hIMFJVN0d1d1V4Z2czMHFL
-            c1ZOZElPTWk2ZGhNZUtPVTFaVlVsbjgKXaRZc9BNo/iYkXpP9xjMqaHwRUAQDpu2
-            XqMaAWyhcZ4Pw88sYOOElo5Gv3zmMBAwga3iOD8BVzA09B5pD2LXtA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-07T05:23:43Z"
-    mac: ENC[AES256_GCM,data:/0348AiJrwN6It2fWeZrFZGnAj+PSfsi04yibkHT+h8oRJVwCxkP9urPiZlVxxMwFGrLGJlxTpDw2w9Fij+rf0T8RBlXlbimJIlHVIZQWnwihokXTJzAb27IsUXwcus+KuRhuZlOBKuEqz7QrMQgYMV7MHVs07pc9yIL/z5FE8Q=,iv:bR/44LbWC9AGtwA7JEuIhzG8DT8VJ6kFLCEoobEsoF4=,tag:3uq7Ul9VWdp21nnq3z4A1w==,type:str]
+    lastmodified: "2025-07-07T05:36:09Z"
+    mac: ENC[AES256_GCM,data:28Ai18sIWB4HcofeSlifULZ+OKJJrThr9IXnByTkRt5Iw+mat2pChnCGetybnBQ3b848vwCuVhIHVBX2V8e/pVlGomfG/QeLSaKcrpzWLaQsLKymMzeltAFJdSLrUb0mi4kh+AwDV/aW8bdmCTjngw8a1sHu9nmDYFivbRvaPSw=,iv:gJpf4zDr6Zr2bKHWYwXohAAy9FDaSUfHKSA9Ulgij70=,tag:zn48hHpH3vuXqEjc5YOKSA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.10.2