From 1fe7f9b9017c63b706431134146fa70ba7dd2552 Mon Sep 17 00:00:00 2001 From: John Lancaster <32917998+jsl12@users.noreply.github.com> Date: Mon, 7 Jul 2025 00:53:56 -0500 Subject: [PATCH] redid path --- .sops.yaml | 9 +++++++++ homeManagerModules/sops.nix | 14 +++++--------- keys/secrets.yaml | 35 +++++++++++++---------------------- 3 files changed, 27 insertions(+), 31 deletions(-) create mode 100644 .sops.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..5878b26 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,9 @@ +keys: + - &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy + - &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt +creation_rules: + - path_regex: secrets.yaml$ + key_groups: + - age: + - *john-p14s + - *john-pc diff --git a/homeManagerModules/sops.nix b/homeManagerModules/sops.nix index 603bef2..2e4e40a 100644 --- a/homeManagerModules/sops.nix +++ b/homeManagerModules/sops.nix @@ -1,17 +1,13 @@ { inputs, config, pkgs, lib, ... }: +let + sopsConfigPath = "${config.home.homeDirectory}/.config/home-manager/jsl-home/.sops.yaml"; +in { sops = { # It's also possible to use a ssh key, but only when it has no password: sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; defaultSopsFile = ./secrets.yaml; - secrets.test = { - # sopsFile = ./secrets.yml.enc; # optionally define per-secret files - - # %r gets replaced with a runtime directory, use %% to specify a '%' - # sign. Runtime dir is $XDG_RUNTIME_DIR on linux and $(getconf - # DARWIN_USER_TEMP_DIR) on darwin. - path = "%r/test.txt"; - }; - + defaultSopsFormat = "yaml"; }; + programs.zsh.shellAliases.sops = lib.mkIf config.enableShell "${pkgs.sops-nix}/bin/sops --config ${sopsConfigPath}"; } \ No newline at end of file diff --git a/keys/secrets.yaml b/keys/secrets.yaml index 013f492..bebadc5 100644 --- a/keys/secrets.yaml +++ b/keys/secrets.yaml @@ -1,5 +1,5 @@ hello: ENC[AES256_GCM,data:4uC3/Tig8jP77fzue3w/gevs7yj61h3hF8bEMLPBlJakpna3G8DVAFOlyqEjOg==,iv:3LCkLVdAdMdo9cD/1usIYu/akZ5anpMlqciHrVcwOLU=,tag:sOSoPPxoippFJAusbtIuVQ==,type:str] -example_key: ENC[AES256_GCM,data:Cymjuys1ONFIWFcu4777OkhaSLv+lA==,iv:fRut7BsgyTgtiDT31AyAJ622b8PxyMvpRGaMEUNSecs=,tag:0iZ3kJw/7a+XUVUiIfFYIQ==,type:str] +example_key: ENC[AES256_GCM,data:BfK4TdDYA0DTBvhtYVgsBwPbanY3gQ==,iv:1zIuW9vtTOR1hk2CpgxkLrja23itTXwQuPhqPqAOQJQ=,tag:cysHFWrQTgC50h5snrFErw==,type:str] #ENC[AES256_GCM,data:c0Ay18GCW/gowNHmF67TMg==,iv:T+FN8xaVilVSETMQztl6lmpLqnGiyrXhJvWsO+dBdd0=,tag:1D6TkngB116dOeCAX85djg==,type:comment] example_array: - ENC[AES256_GCM,data:yUJ7p5VfyQUANjbuz48=,iv:XTGb97tMV3mkPwNyKetSflLLlE31g9UgMPcelMPpNZ0=,tag:j5muB72Ogc/gtenvsWvpbQ==,type:str] @@ -13,31 +13,22 @@ sops: - recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqQnBCcTJjTE4wY05nemkr - YnYxSDRMNk10Qi85OGVKZFZtRC9GUk5vbW1nCmc4ZnFsYmtaNW9GWitua1pvcUJ5 - N2Zmck5TNTlrUjNnY3AyMXFsbHNPU3MKLS0tIGxlT3dBNUQ1cnFpSmtDUWxRcm1I - ZHg4UHp3dkxEMXlsRGhKYTk2aEJRSEEKqjLQ4z/waAc/EIu5jZpTT+Q8HA23SUbX - Xf0omGetuGECDPihS/ENtewt442CnvPrmqYgZ8gRFrekg2fSYVMCDw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWkxDSnlNT2Vua1ZXWC8r + SU9UMnhaVXVEVlZGL3dtYTBJSzNGbHVaSTJNCm9ZTFM3RndpRktUcWhwZk1Fc2dk + ZGtoWXdoOWVyK1F0YStSS3dsMkg2R28KLS0tIFkrdVFZNlVxRjhPaWdMZXl2elV3 + TVpyTzFsNFNmd3FNU0tlMnlTOHNTQWsKfKdN4epZokF74bCNr9+jxulZJFBQM83P + quMhl+H85My8jAsEeC9CW7y2jdNPJkfk9gHun4ozoW8U7o6y5RLfJg== -----END AGE ENCRYPTED FILE----- - recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRmFNSGNrQkk0VVhvWmpU - Q3RiZzZnQklFL0gvSjUyWVI1MkhNSlBaT3hzCmJCcElPcDJTTFZWZlNaa2dPcisy - MHlWYnBBdlc1ZjQyVStQTjlpNHIxUFEKLS0tIElRU09mbUtQVW1qaVVpMU5xTXBh - dHJ4eC9GRFMweWVkZ2xlR1RBem5TN2sK1UU8GYLhO0q/l7yqPUrpdaEPw5vp354L - lI8Ch3p8/IHgZMsHFoT/pcGQOu1V3BATjs4lM622Tqwk/nN7WnpGmw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSakZRUnkraWtId2h3eUhB + REpkUHhYMm1MSmtFU2pvd1BpQ0xRTTlCWkZJCkxrTm1sdDBqclJ3RHR6VkllOFpo + ZXRtS2lsazRDS2lyRnZmT3FTTjJ6WUUKLS0tIExxNlFoeDhHQ3l5a1VvUHNRWUdw + Mms2UEhFSU82UWR5Z1VvU25qenJUQm8KtQeZDIfJIczm1l8ql/WmVEf8KI9dg0vw + 9rNSjtBkEttVd21zUSOziG4513abllE8NFTkAc1z3HacuXpHTBnd5A== -----END AGE ENCRYPTED FILE----- - - recipient: age16qqdn7tdgzu9c259g854ls69aqyz5hwhg7d4q5mqn7ksvchkp9nqv0x2un - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSnEybEhHSjhOQ056OFpS - Qms1MmU5dWlRZmgzMHNDT0o1dm11WlRjTmh3CllhWUhUeWRMR0FPWVpJRnIvaGY3 - ZHlYRnM2ZVljT1hSSGxWT2VVQllQdTgKLS0tIFk2Z3hIMFJVN0d1d1V4Z2czMHFL - c1ZOZElPTWk2ZGhNZUtPVTFaVlVsbjgKXaRZc9BNo/iYkXpP9xjMqaHwRUAQDpu2 - XqMaAWyhcZ4Pw88sYOOElo5Gv3zmMBAwga3iOD8BVzA09B5pD2LXtA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-07T05:23:43Z" - mac: ENC[AES256_GCM,data:/0348AiJrwN6It2fWeZrFZGnAj+PSfsi04yibkHT+h8oRJVwCxkP9urPiZlVxxMwFGrLGJlxTpDw2w9Fij+rf0T8RBlXlbimJIlHVIZQWnwihokXTJzAb27IsUXwcus+KuRhuZlOBKuEqz7QrMQgYMV7MHVs07pc9yIL/z5FE8Q=,iv:bR/44LbWC9AGtwA7JEuIhzG8DT8VJ6kFLCEoobEsoF4=,tag:3uq7Ul9VWdp21nnq3z4A1w==,type:str] + lastmodified: "2025-07-07T05:36:09Z" + mac: ENC[AES256_GCM,data:28Ai18sIWB4HcofeSlifULZ+OKJJrThr9IXnByTkRt5Iw+mat2pChnCGetybnBQ3b848vwCuVhIHVBX2V8e/pVlGomfG/QeLSaKcrpzWLaQsLKymMzeltAFJdSLrUb0mi4kh+AwDV/aW8bdmCTjngw8a1sHu9nmDYFivbRvaPSw=,iv:gJpf4zDr6Zr2bKHWYwXohAAy9FDaSUfHKSA9Ulgij70=,tag:zn48hHpH3vuXqEjc5YOKSA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2