john/jsl-home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

redid path

Browse Source
This commit is contained in:
John Lancaster
2025-07-07 00:53:56 -05:00
parent 5f3d3a224a
commit 1fe7f9b901
3 changed files with 27 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.sops.yaml Normal file
View File

@@ -0,0 +1,9 @@
keys:
- &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
- &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *john-p14s
- *john-pc

14
homeManagerModules/sops.nix
View File

@@ -1,17 +1,13 @@
{ inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
let
sopsConfigPath = "${config.home.homeDirectory}/.config/home-manager/jsl-home/.sops.yaml";
in
{ {
sops = { sops = {
# It's also possible to use a ssh key, but only when it has no password: # It's also possible to use a ssh key, but only when it has no password:
sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets.test = { defaultSopsFormat = "yaml";
# sopsFile = ./secrets.yml.enc; # optionally define per-secret files
# %r gets replaced with a runtime directory, use %% to specify a '%'
# sign. Runtime dir is $XDG_RUNTIME_DIR on linux and $(getconf
# DARWIN_USER_TEMP_DIR) on darwin.
path = "%r/test.txt";
};
}; };
programs.zsh.shellAliases.sops = lib.mkIf config.enableShell "${pkgs.sops-nix}/bin/sops --config ${sopsConfigPath}";
} }

35
keys/secrets.yaml
View File

@@ -1,5 +1,5 @@
hello: ENC[AES256_GCM,data:4uC3/Tig8jP77fzue3w/gevs7yj61h3hF8bEMLPBlJakpna3G8DVAFOlyqEjOg==,iv:3LCkLVdAdMdo9cD/1usIYu/akZ5anpMlqciHrVcwOLU=,tag:sOSoPPxoippFJAusbtIuVQ==,type:str] hello: ENC[AES256_GCM,data:4uC3/Tig8jP77fzue3w/gevs7yj61h3hF8bEMLPBlJakpna3G8DVAFOlyqEjOg==,iv:3LCkLVdAdMdo9cD/1usIYu/akZ5anpMlqciHrVcwOLU=,tag:sOSoPPxoippFJAusbtIuVQ==,type:str]
example_key: ENC[AES256_GCM,data:Cymjuys1ONFIWFcu4777OkhaSLv+lA==,iv:fRut7BsgyTgtiDT31AyAJ622b8PxyMvpRGaMEUNSecs=,tag:0iZ3kJw/7a+XUVUiIfFYIQ==,type:str] example_key: ENC[AES256_GCM,data:BfK4TdDYA0DTBvhtYVgsBwPbanY3gQ==,iv:1zIuW9vtTOR1hk2CpgxkLrja23itTXwQuPhqPqAOQJQ=,tag:cysHFWrQTgC50h5snrFErw==,type:str]
#ENC[AES256_GCM,data:c0Ay18GCW/gowNHmF67TMg==,iv:T+FN8xaVilVSETMQztl6lmpLqnGiyrXhJvWsO+dBdd0=,tag:1D6TkngB116dOeCAX85djg==,type:comment] #ENC[AES256_GCM,data:c0Ay18GCW/gowNHmF67TMg==,iv:T+FN8xaVilVSETMQztl6lmpLqnGiyrXhJvWsO+dBdd0=,tag:1D6TkngB116dOeCAX85djg==,type:comment]
example_array: example_array:
- ENC[AES256_GCM,data:yUJ7p5VfyQUANjbuz48=,iv:XTGb97tMV3mkPwNyKetSflLLlE31g9UgMPcelMPpNZ0=,tag:j5muB72Ogc/gtenvsWvpbQ==,type:str] - ENC[AES256_GCM,data:yUJ7p5VfyQUANjbuz48=,iv:XTGb97tMV3mkPwNyKetSflLLlE31g9UgMPcelMPpNZ0=,tag:j5muB72Ogc/gtenvsWvpbQ==,type:str]
@@ -13,31 +13,22 @@ sops:
- recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy - recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqQnBCcTJjTE4wY05nemkr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWkxDSnlNT2Vua1ZXWC8r
YnYxSDRMNk10Qi85OGVKZFZtRC9GUk5vbW1nCmc4ZnFsYmtaNW9GWitua1pvcUJ5 SU9UMnhaVXVEVlZGL3dtYTBJSzNGbHVaSTJNCm9ZTFM3RndpRktUcWhwZk1Fc2dk
N2Zmck5TNTlrUjNnY3AyMXFsbHNPU3MKLS0tIGxlT3dBNUQ1cnFpSmtDUWxRcm1I ZGtoWXdoOWVyK1F0YStSS3dsMkg2R28KLS0tIFkrdVFZNlVxRjhPaWdMZXl2elV3
ZHg4UHp3dkxEMXlsRGhKYTk2aEJRSEEKqjLQ4z/waAc/EIu5jZpTT+Q8HA23SUbX TVpyTzFsNFNmd3FNU0tlMnlTOHNTQWsKfKdN4epZokF74bCNr9+jxulZJFBQM83P
Xf0omGetuGECDPihS/ENtewt442CnvPrmqYgZ8gRFrekg2fSYVMCDw== quMhl+H85My8jAsEeC9CW7y2jdNPJkfk9gHun4ozoW8U7o6y5RLfJg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt - recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRmFNSGNrQkk0VVhvWmpU YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSakZRUnkraWtId2h3eUhB
Q3RiZzZnQklFL0gvSjUyWVI1MkhNSlBaT3hzCmJCcElPcDJTTFZWZlNaa2dPcisy REpkUHhYMm1MSmtFU2pvd1BpQ0xRTTlCWkZJCkxrTm1sdDBqclJ3RHR6VkllOFpo
MHlWYnBBdlc1ZjQyVStQTjlpNHIxUFEKLS0tIElRU09mbUtQVW1qaVVpMU5xTXBh ZXRtS2lsazRDS2lyRnZmT3FTTjJ6WUUKLS0tIExxNlFoeDhHQ3l5a1VvUHNRWUdw
dHJ4eC9GRFMweWVkZ2xlR1RBem5TN2sK1UU8GYLhO0q/l7yqPUrpdaEPw5vp354L Mms2UEhFSU82UWR5Z1VvU25qenJUQm8KtQeZDIfJIczm1l8ql/WmVEf8KI9dg0vw
lI8Ch3p8/IHgZMsHFoT/pcGQOu1V3BATjs4lM622Tqwk/nN7WnpGmw== 9rNSjtBkEttVd21zUSOziG4513abllE8NFTkAc1z3HacuXpHTBnd5A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age16qqdn7tdgzu9c259g854ls69aqyz5hwhg7d4q5mqn7ksvchkp9nqv0x2un lastmodified: "2025-07-07T05:36:09Z"
enc: | mac: ENC[AES256_GCM,data:28Ai18sIWB4HcofeSlifULZ+OKJJrThr9IXnByTkRt5Iw+mat2pChnCGetybnBQ3b848vwCuVhIHVBX2V8e/pVlGomfG/QeLSaKcrpzWLaQsLKymMzeltAFJdSLrUb0mi4kh+AwDV/aW8bdmCTjngw8a1sHu9nmDYFivbRvaPSw=,iv:gJpf4zDr6Zr2bKHWYwXohAAy9FDaSUfHKSA9Ulgij70=,tag:zn48hHpH3vuXqEjc5YOKSA==,type:str]
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSnEybEhHSjhOQ056OFpS
Qms1MmU5dWlRZmgzMHNDT0o1dm11WlRjTmh3CllhWUhUeWRMR0FPWVpJRnIvaGY3
ZHlYRnM2ZVljT1hSSGxWT2VVQllQdTgKLS0tIFk2Z3hIMFJVN0d1d1V4Z2czMHFL
c1ZOZElPTWk2ZGhNZUtPVTFaVlVsbjgKXaRZc9BNo/iYkXpP9xjMqaHwRUAQDpu2
XqMaAWyhcZ4Pw88sYOOElo5Gv3zmMBAwga3iOD8BVzA09B5pD2LXtA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-07T05:23:43Z"
mac: ENC[AES256_GCM,data:/0348AiJrwN6It2fWeZrFZGnAj+PSfsi04yibkHT+h8oRJVwCxkP9urPiZlVxxMwFGrLGJlxTpDw2w9Fij+rf0T8RBlXlbimJIlHVIZQWnwihokXTJzAb27IsUXwcus+KuRhuZlOBKuEqz7QrMQgYMV7MHVs07pc9yIL/z5FE8Q=,iv:bR/44LbWC9AGtwA7JEuIhzG8DT8VJ6kFLCEoobEsoF4=,tag:3uq7Ul9VWdp21nnq3z4A1w==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2