🔒️ setting up sops-nix
This commit is contained in:
parent
459cd7392c
commit
91b3d32222
9
.sops.yaml
Normal file
9
.sops.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
keys:
|
||||
- &walkah age16yv7atd8n880ja98pksqqvunu2yw00660lkh4n0sg39j5vt3dujshyu95j
|
||||
- &plato age12m47c7xvqttncps0e79pwamzqa4nmnxekwumtwcv5ju6q74fufaqp9d0xh
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *walkah
|
||||
- *plato
|
@ -34,5 +34,17 @@
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/d14ae62671fd4eaec57427da1e50f91d6a5f9605.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"sops-nix": {
|
||||
"branch": "master",
|
||||
"description": "Atomic secret provisioning for NixOS based on sops",
|
||||
"homepage": "",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "a8cbd0c796e4678f0fd2e59f274e49705ee523ed",
|
||||
"sha256": "1rqwrhc8fcaf1c8d0h9mirpznnypg8afnrzsya4r4lvvifz16kgi",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/Mic92/sops-nix/archive/a8cbd0c796e4678f0fd2e59f274e49705ee523ed.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
}
|
||||
}
|
||||
|
30
secrets/secrets.yaml
Normal file
30
secrets/secrets.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
testing: ENC[AES256_GCM,data:L7u7KRH74FPLtYi/,iv:yloHuSqAbxz95L3Bpye8VRJFR87dVGMkArTBj5GFVtA=,tag:pKbC5EsdBM4zqrUwzb0abA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age16yv7atd8n880ja98pksqqvunu2yw00660lkh4n0sg39j5vt3dujshyu95j
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMW9GbTVQWjdOaUVJNjJH
|
||||
VUhsSGxLb1NlU2NXTjRqYklLUlYxRnpkbm44CjRZU2lNTTlERmFHYTRoL0dRWjRq
|
||||
QUhkYjBsK2NyWDMzL004aDZBMGJrNjgKLS0tIFNHbEl2ejZJK0tGeEcyRTk3TU9S
|
||||
MmFZc29kdEFlL202emU3cUhwMytUeXMK429JtnxnZfDl8Op2NSz40xUXKO2XWICY
|
||||
I0Z2xOATxOq9N1MvNbD6HheT8ngUtu/LQJXcsDIHk0MkzBJRe8u79A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12m47c7xvqttncps0e79pwamzqa4nmnxekwumtwcv5ju6q74fufaqp9d0xh
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNklPdm52OHVzL0cxOHRI
|
||||
cVdFcW0zL0RuYXJJbzlTZjI0dkxoQThjVG5zCldCLzE3cGF0ZGJTZ0dBajFaMktr
|
||||
ZDA3WHFaQzJONmlUSXBrNzY5MHJTT1EKLS0tIHczU2JVc2RhVmc1Y01NOWZHclly
|
||||
QXJkUkFMS1ZCcXl1ZCsvUmdqeVVvc0EK9xP+VkSN61gLwMwwlOFCpLsfL6Jzk7CB
|
||||
5LfW5lsyWCMqnw00W52h177kHZdf/nLmnoLDz2jZ7hPXiDpS7G9MrA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2021-11-12T04:16:10Z"
|
||||
mac: ENC[AES256_GCM,data:o4Pbvl/ry70zqKZnQ95I0zff/8Vzz1g+5i5PrrClmAlrq4OKiXKhmAyriMSknYzcBA4JnHqjfyHWzB7VpIPCAfiT5jmSjQgMaixVkFvtjDKNtuVXP9ECSY1sb3EeKBnlkR4Ev9aodkoJGxeaiTChadadkG09M6pjSwwyn6r1yNM=,iv:6GjWlgSHRDqwqeAI2J8IgGFo7/cTwKLcxz2h8tj+iYY=,tag:T3W+cvDk0t3G/c/mkcqoyw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.1
|
@ -1,9 +1,14 @@
|
||||
let
|
||||
sources = import ./nix/sources.nix;
|
||||
pkgs = import sources.nixpkgs { };
|
||||
in pkgs.mkShell {
|
||||
in
|
||||
pkgs.mkShell {
|
||||
name = "athens";
|
||||
buildInputs = [ pkgs.morph ];
|
||||
buildInputs = [
|
||||
pkgs.age
|
||||
pkgs.morph
|
||||
pkgs.sops
|
||||
];
|
||||
|
||||
shellHook = ''
|
||||
export NIX_PATH="nixpkgs=${sources.nixpkgs}:home-manager=${sources.home-manager}:."
|
||||
|
Loading…
Reference in New Issue
Block a user