walkah/athens
1
0
Fork 0
Code Issues 9 Pull Requests Projects Releases Wiki Activity

🔒️ setting up sops-nix

Browse Source
This commit is contained in:
James Walker 2021-11-13 21:54:02 -05:00
parent 459cd7392c
commit 91b3d32222
Signed by: walkah
GPG Key ID: 3C127179D6086E93
4 changed files with 58 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.sops.yaml Normal file
View File

@ -0,0 +1,9 @@
keys:
- &walkah age16yv7atd8n880ja98pksqqvunu2yw00660lkh4n0sg39j5vt3dujshyu95j
- &plato age12m47c7xvqttncps0e79pwamzqa4nmnxekwumtwcv5ju6q74fufaqp9d0xh
creation_rules:
- path_regex: secrets/[^/]+\.yaml$
key_groups:
- age:
- *walkah
- *plato

12
nix/sources.json
View File

@ -34,5 +34,17 @@
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/d14ae62671fd4eaec57427da1e50f91d6a5f9605.tar.gz", "url": "https://github.com/NixOS/nixpkgs/archive/d14ae62671fd4eaec57427da1e50f91d6a5f9605.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"sops-nix": {
"branch": "master",
"description": "Atomic secret provisioning for NixOS based on sops",
"homepage": "",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "a8cbd0c796e4678f0fd2e59f274e49705ee523ed",
"sha256": "1rqwrhc8fcaf1c8d0h9mirpznnypg8afnrzsya4r4lvvifz16kgi",
"type": "tarball",
"url": "https://github.com/Mic92/sops-nix/archive/a8cbd0c796e4678f0fd2e59f274e49705ee523ed.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
} }
} }

30
secrets/secrets.yaml Normal file
View File

@ -0,0 +1,30 @@
testing: ENC[AES256_GCM,data:L7u7KRH74FPLtYi/,iv:yloHuSqAbxz95L3Bpye8VRJFR87dVGMkArTBj5GFVtA=,tag:pKbC5EsdBM4zqrUwzb0abA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16yv7atd8n880ja98pksqqvunu2yw00660lkh4n0sg39j5vt3dujshyu95j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMW9GbTVQWjdOaUVJNjJH
VUhsSGxLb1NlU2NXTjRqYklLUlYxRnpkbm44CjRZU2lNTTlERmFHYTRoL0dRWjRq
QUhkYjBsK2NyWDMzL004aDZBMGJrNjgKLS0tIFNHbEl2ejZJK0tGeEcyRTk3TU9S
MmFZc29kdEFlL202emU3cUhwMytUeXMK429JtnxnZfDl8Op2NSz40xUXKO2XWICY
I0Z2xOATxOq9N1MvNbD6HheT8ngUtu/LQJXcsDIHk0MkzBJRe8u79A==
-----END AGE ENCRYPTED FILE-----
- recipient: age12m47c7xvqttncps0e79pwamzqa4nmnxekwumtwcv5ju6q74fufaqp9d0xh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNklPdm52OHVzL0cxOHRI
cVdFcW0zL0RuYXJJbzlTZjI0dkxoQThjVG5zCldCLzE3cGF0ZGJTZ0dBajFaMktr
ZDA3WHFaQzJONmlUSXBrNzY5MHJTT1EKLS0tIHczU2JVc2RhVmc1Y01NOWZHclly
QXJkUkFMS1ZCcXl1ZCsvUmdqeVVvc0EK9xP+VkSN61gLwMwwlOFCpLsfL6Jzk7CB
5LfW5lsyWCMqnw00W52h177kHZdf/nLmnoLDz2jZ7hPXiDpS7G9MrA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2021-11-12T04:16:10Z"
mac: ENC[AES256_GCM,data:o4Pbvl/ry70zqKZnQ95I0zff/8Vzz1g+5i5PrrClmAlrq4OKiXKhmAyriMSknYzcBA4JnHqjfyHWzB7VpIPCAfiT5jmSjQgMaixVkFvtjDKNtuVXP9ECSY1sb3EeKBnlkR4Ev9aodkoJGxeaiTChadadkG09M6pjSwwyn6r1yNM=,iv:6GjWlgSHRDqwqeAI2J8IgGFo7/cTwKLcxz2h8tj+iYY=,tag:T3W+cvDk0t3G/c/mkcqoyw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.1

9
shell.nix
View File

@ -1,9 +1,14 @@
let let
sources = import ./nix/sources.nix; sources = import ./nix/sources.nix;
pkgs = import sources.nixpkgs { }; pkgs = import sources.nixpkgs { };
in pkgs.mkShell { in
pkgs.mkShell {
name = "athens"; name = "athens";
buildInputs = [ pkgs.morph ]; buildInputs = [
pkgs.age
pkgs.morph
pkgs.sops
];
shellHook = '' shellHook = ''
export NIX_PATH="nixpkgs=${sources.nixpkgs}:home-manager=${sources.home-manager}:." export NIX_PATH="nixpkgs=${sources.nixpkgs}:home-manager=${sources.home-manager}:."