From 8ade7f4a3edf6eb7e9aa0710741734d8be9e7afb Mon Sep 17 00:00:00 2001 From: Dan Nixon Date: Sun, 16 Jun 2024 18:54:53 +0100 Subject: [PATCH] Move user secrets to sops-nix via home-manager --- .sops.yaml | 12 ++-- configurations/akane/home-manager/default.nix | 3 + configurations/akane/nixos/default.nix | 4 +- .../kawashiro/home-manager/default.nix | 3 + configurations/kawashiro/nixos/default.nix | 4 +- configurations/maya/home-manager/default.nix | 3 + configurations/maya/nixos/default.nix | 6 +- .../mitori/home-manager/default.nix | 3 + configurations/mitori/nixos/default.nix | 4 +- configurations/yukari/nixos/default.nix | 2 +- configurations/yuyuko/nixos/default.nix | 2 +- modules/home-manager/base.nix | 4 +- .../terminal_environment/default.nix | 2 - .../hsxkpasswd/default.nix | 13 ++++ .../hsxkpasswd/hsxkpasswdrc.secret.txt | 34 +++++++++ .../rclone/config.secret.txt | 34 +++++++++ .../terminal_environment/rclone/default.nix | 13 ++++ .../ssh-config/config.secret.txt | 34 +++++++++ .../ssh-config/default.nix | 7 ++ modules/nixos/{dan/default.nix => dan.nix} | 0 modules/nixos/dan/secrets/default.nix | 6 -- modules/nixos/dan/secrets/rclone-config.nix | 10 --- modules/nixos/dan/secrets/secrets.yaml | 70 ------------------- modules/nixos/dan/secrets/ssh-config.nix | 10 --- 24 files changed, 163 insertions(+), 120 deletions(-) create mode 100644 modules/home-manager/terminal_environment/hsxkpasswd/default.nix create mode 100644 modules/home-manager/terminal_environment/hsxkpasswd/hsxkpasswdrc.secret.txt create mode 100644 modules/home-manager/terminal_environment/rclone/config.secret.txt create mode 100644 modules/home-manager/terminal_environment/rclone/default.nix create mode 100644 modules/home-manager/terminal_environment/ssh-config/config.secret.txt create mode 100644 modules/home-manager/terminal_environment/ssh-config/default.nix rename modules/nixos/{dan/default.nix => dan.nix} (100%) delete mode 100644 modules/nixos/dan/secrets/default.nix delete mode 100644 modules/nixos/dan/secrets/rclone-config.nix delete mode 100644 modules/nixos/dan/secrets/secrets.yaml delete mode 100644 modules/nixos/dan/secrets/ssh-config.nix diff --git a/.sops.yaml b/.sops.yaml index d463d59..0cd92c4 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,10 +2,10 @@ keys: - &users: - &dan 84E956241243C35EA286B410EA06B7ABA96D6BB8 - &hosts: - - &akane age1xl6gggups43c5j6stvjeaf0fky0u28mmthe45vfva3hg2vn7cyeqdv8md8 - - &kawashiro age1v6mp6g8qc0frz5r8tq4ajqc49ey0eul4yqeglevgrt8huga2s4qsym5hc0 - - &maya age1w908m223s5xg3xmsm3zxwxcudryc4hcp8xk5kveq09kgupjtpqhqq4nqsd - - &mitori age19tct0nf4cuvj0lveptda469raqtgewwg882rqr4y93g2m2wxrskqnttklq + - &akane age1jtvca4vw7evxej6jcx6qpd0dgwtxv403vwq3tw0dkswf42u0lv0qmrj9a7 + # - &kawashiro todo + - &maya age1lj6hkktydycuxw6q88490hh6g7hs3qg72taz3fle0rlcfuq4z3hqyuxl2w + - &mitori age1eqw40qudems2h872ft44qcnges4u0gfss9mh2hwcksvya9ul5saq4rrv4f creation_rules: - path_regex: modules/home-manager/email/secrets.nix @@ -13,12 +13,12 @@ creation_rules: - pgp: - *dan - - path_regex: modules/nixos/dan/secrets/secrets.yaml + - path_regex: modules/home-manager/.*.secret.(yaml|yml|txt) key_groups: - pgp: - *dan age: - *akane - - *kawashiro + # - *kawashiro - *maya - *mitori diff --git a/configurations/akane/home-manager/default.nix b/configurations/akane/home-manager/default.nix index 76eff6d..b582f58 100644 --- a/configurations/akane/home-manager/default.nix +++ b/configurations/akane/home-manager/default.nix @@ -10,6 +10,9 @@ in modules = [ ../../../modules/home-manager/terminal_environment + ../../../modules/home-manager/terminal_environment/hsxkpasswd + ../../../modules/home-manager/terminal_environment/rclone + ../../../modules/home-manager/terminal_environment/ssh-config ../../../modules/home-manager/desktop_environment ../../../modules/home-manager/borgmatic.nix ../../../modules/home-manager/cad.nix diff --git a/configurations/akane/nixos/default.nix b/configurations/akane/nixos/default.nix index 3d1d9dc..ea44693 100644 --- a/configurations/akane/nixos/default.nix +++ b/configurations/akane/nixos/default.nix @@ -10,10 +10,8 @@ inputs.nixpkgs.lib.nixosSystem { inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x230 inputs.nixos-hardware.nixosModules.common-pc-ssd - inputs.sops-nix.nixosModules.sops ../../../modules/nixos/base - ../../../modules/nixos/dan - ../../../modules/nixos/dan/secrets + ../../../modules/nixos/dan.nix ../../../modules/nixos/desktop-environment.nix ../../../modules/nixos/dnscrypt-proxy.nix ../../../modules/nixos/networkmanager.nix diff --git a/configurations/kawashiro/home-manager/default.nix b/configurations/kawashiro/home-manager/default.nix index 3f46793..b5ddd96 100644 --- a/configurations/kawashiro/home-manager/default.nix +++ b/configurations/kawashiro/home-manager/default.nix @@ -10,6 +10,9 @@ in modules = [ ../../../modules/home-manager/terminal_environment + ../../../modules/home-manager/terminal_environment/hsxkpasswd + ../../../modules/home-manager/terminal_environment/rclone + ../../../modules/home-manager/terminal_environment/ssh-config ../../../modules/home-manager/desktop_environment ../../../modules/home-manager/cad.nix ../../../modules/home-manager/development.nix diff --git a/configurations/kawashiro/nixos/default.nix b/configurations/kawashiro/nixos/default.nix index a3400b3..bad1e34 100644 --- a/configurations/kawashiro/nixos/default.nix +++ b/configurations/kawashiro/nixos/default.nix @@ -10,10 +10,8 @@ inputs.nixpkgs.lib.nixosSystem { inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-ssd - inputs.sops-nix.nixosModules.sops ../../../modules/nixos/base - ../../../modules/nixos/dan - ../../../modules/nixos/dan/secrets + ../../../modules/nixos/dan.nix ../../../modules/nixos/desktop-environment.nix ../../../modules/nixos/dnscrypt-proxy.nix ../../../modules/nixos/networkmanager.nix diff --git a/configurations/maya/home-manager/default.nix b/configurations/maya/home-manager/default.nix index 31fcf65..9ae8a74 100644 --- a/configurations/maya/home-manager/default.nix +++ b/configurations/maya/home-manager/default.nix @@ -10,6 +10,9 @@ in modules = [ ../../../modules/home-manager/terminal_environment + ../../../modules/home-manager/terminal_environment/hsxkpasswd + ../../../modules/home-manager/terminal_environment/rclone + ../../../modules/home-manager/terminal_environment/ssh-config ../../../modules/home-manager/desktop_environment ../../../modules/home-manager/borgmatic.nix ../../../modules/home-manager/cad.nix diff --git a/configurations/maya/nixos/default.nix b/configurations/maya/nixos/default.nix index d813eac..a747cd6 100644 --- a/configurations/maya/nixos/default.nix +++ b/configurations/maya/nixos/default.nix @@ -9,10 +9,8 @@ inputs.nixpkgs.lib.nixosSystem { ./hardware-configuration.nix inputs.nixos-hardware.nixosModules.common-pc-ssd - inputs.sops-nix.nixosModules.sops ../../../modules/nixos/base - ../../../modules/nixos/dan - ../../../modules/nixos/dan/secrets + ../../../modules/nixos/dan.nix ../../../modules/nixos/desktop-environment.nix ../../../modules/nixos/dnscrypt-proxy.nix ../../../modules/nixos/networkmanager.nix @@ -26,7 +24,7 @@ inputs.nixpkgs.lib.nixosSystem { ../../../modules/nixos/ssh.nix ../../../modules/nixos/syncthing.nix - ({pkgs, ...}: { + ({...}: { boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; diff --git a/configurations/mitori/home-manager/default.nix b/configurations/mitori/home-manager/default.nix index 83519d8..0f49863 100644 --- a/configurations/mitori/home-manager/default.nix +++ b/configurations/mitori/home-manager/default.nix @@ -10,6 +10,9 @@ in modules = [ ../../../modules/home-manager/terminal_environment + ../../../modules/home-manager/terminal_environment/hsxkpasswd + ../../../modules/home-manager/terminal_environment/rclone + ../../../modules/home-manager/terminal_environment/ssh-config ../../../modules/home-manager/desktop_environment ../../../modules/home-manager/cad.nix ../../../modules/home-manager/development.nix diff --git a/configurations/mitori/nixos/default.nix b/configurations/mitori/nixos/default.nix index 505e8a8..16c6bcf 100644 --- a/configurations/mitori/nixos/default.nix +++ b/configurations/mitori/nixos/default.nix @@ -17,10 +17,8 @@ inputs.nixpkgs.lib.nixosSystem { inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-ssd - inputs.sops-nix.nixosModules.sops ../../../modules/nixos/base - ../../../modules/nixos/dan - ../../../modules/nixos/dan/secrets + ../../../modules/nixos/dan.nix ../../../modules/nixos/desktop-environment.nix ../../../modules/nixos/dnscrypt-proxy.nix ../../../modules/nixos/networkmanager.nix diff --git a/configurations/yukari/nixos/default.nix b/configurations/yukari/nixos/default.nix index 33e00cd..bc0a6a5 100644 --- a/configurations/yukari/nixos/default.nix +++ b/configurations/yukari/nixos/default.nix @@ -16,7 +16,7 @@ inputs.nixpkgs.lib.nixosSystem { ./disk-config.nix ../../../modules/nixos/base - ../../../modules/nixos/dan + ../../../modules/nixos/dan.nix ../../../modules/nixos/dnscrypt-proxy.nix ../../../modules/nixos/networkmanager.nix ../../../modules/nixos/ssh.nix diff --git a/configurations/yuyuko/nixos/default.nix b/configurations/yuyuko/nixos/default.nix index 84d558b..d043e41 100644 --- a/configurations/yuyuko/nixos/default.nix +++ b/configurations/yuyuko/nixos/default.nix @@ -15,7 +15,7 @@ inputs.nixpkgs.lib.nixosSystem { ./disk-config.nix ../../../modules/nixos/base - ../../../modules/nixos/dan + ../../../modules/nixos/dan.nix ../../../modules/nixos/desktop-environment.nix ../../../modules/nixos/dnscrypt-proxy.nix ../../../modules/nixos/networkmanager.nix diff --git a/modules/home-manager/base.nix b/modules/home-manager/base.nix index 103a8e0..82863d6 100644 --- a/modules/home-manager/base.nix +++ b/modules/home-manager/base.nix @@ -3,12 +3,12 @@ inputs, outputs, config, - pkgs, ... }: { imports = [ inputs.base16.homeManagerModule inputs.nix-flatpak.homeManagerModules.nix-flatpak + inputs.sops-nix.homeManagerModules.sops ]; nixpkgs = { @@ -33,4 +33,6 @@ stateVersion = lib.mkDefault "23.05"; }; + + sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops-nix"]; } diff --git a/modules/home-manager/terminal_environment/default.nix b/modules/home-manager/terminal_environment/default.nix index 52b2e06..e0f20db 100644 --- a/modules/home-manager/terminal_environment/default.nix +++ b/modules/home-manager/terminal_environment/default.nix @@ -31,7 +31,6 @@ programs.jq.enable = true; home.packages = with pkgs; [ - perlPackages.CryptHSXKPasswd qrencode termdown zbar @@ -66,7 +65,6 @@ ffsend dogdns ipcalc - rclone rsync sipcalc sshfs diff --git a/modules/home-manager/terminal_environment/hsxkpasswd/default.nix b/modules/home-manager/terminal_environment/hsxkpasswd/default.nix new file mode 100644 index 0000000..d0d89aa --- /dev/null +++ b/modules/home-manager/terminal_environment/hsxkpasswd/default.nix @@ -0,0 +1,13 @@ +{ + config, + pkgs, + ... +}: { + home.packages = [pkgs.perlPackages.CryptHSXKPasswd]; + + sops.secrets.hsxkpasswdrc = { + sopsFile = ./hsxkpasswdrc.secret.txt; + format = "binary"; + path = "${config.home.homeDirectory}/.hsxkpasswdrc"; + }; +} diff --git a/modules/home-manager/terminal_environment/hsxkpasswd/hsxkpasswdrc.secret.txt b/modules/home-manager/terminal_environment/hsxkpasswd/hsxkpasswdrc.secret.txt new file mode 100644 index 0000000..ab6af3d --- /dev/null +++ b/modules/home-manager/terminal_environment/hsxkpasswd/hsxkpasswdrc.secret.txt @@ -0,0 +1,34 @@ +{ + "data": "ENC[AES256_GCM,data:4IgWYEnnARU4eMCkLEnnOL7vV3Ij60luXBmoULTNrJ90byrhWIrM7CUlA9FU3TwD8y/pskbG8rGjMbXrYSHGOyQm383qazvnUWWwSbcNoK403HwjFIlIB3Xw9vCBtgEqGW7Kj2ga3OQompbjWrCdhb+m2DtjSpc32NujSmFHnj+8AVtRBVj4ftnkEYnkPFZVyX1IO96g7nGblfVDXK2yVNBU5+9Z41xs8WNh4VioLZV6xqAm4j2LY/Ev3Nf42eaWoTdpyA8nIWTM6e8tnvcYF64hOUji1zhrjaoeKQCfETPzkMVas7s38LLp9M+8CAE97sgKNGp5WaXnFo2sZy+t2rcf0db2O8YrWoFmKQQDlfA729Tg1ChW6fbnlqMBZemkn3FMDZVMheLYKBdar/Qd6xo4AlQZpAef/4s2Q5KCR4bN/+XnrTDPvEp+elzb4ksf6WRsQWtV/NcsP32oOydIygEATUJBEz+0MR4LfZe79YYsQvnxweiL3LQ/IX5sCjUMwYtd+Oq7yhNbrw/aTyThqwEqmvTU3kDJy+ZUqIY6OGSZRXc5f8HmeV8o6D6q3qvSwitQ66gD389K59weMmRNjYkkN4jYqvNzEZYYtoqip8eKvce1uSvYzHV9eT7bbOBVAB9kkdB7704KD++Jg8CXZd2ov2iJdo/2UQvmmpZsWbxk/bk+meBavnYM09DydtusGADVMl1P0uv+aMxFQ38EEO+ocNNZXSyuLiHYubjEn3vinMI/hB++d0x1/RgATMsTDXNS5g7p4QU8luUs6mZ8/FfKY/xtfffiq/km9tAiiWGVS99hpNpk4eAaFe80xmvrAS1Ube8YzAD8Ax4uQ76+2YyoBe4tmhxakVDur7EWScM/BzSZVThG4U90qsEArTQ4XB6mqEZLDzOHLpY1Ky1+L/gQ5Dz0wBKQ+Wz0rRh8E8WErE5V+CfzevcKWgTEFsKOb3uYxzsewz7EpgkCJpjZvxhNj7GevnsvnRczPB3MAoHSxhRyS+feMKPtPHoZNeuZzLQl/5I3buYDvmrYnCvdHxfo4Mvxs2uxySvlds6LYxR6KZu5SyExpGUtXVW4SeKexkieNz26Igdee47pLNQV6XHDsOmS8MRnsoRIpR/nDiINm6boCKuiMwZ+aJ6HG7Ob4J5TXrewVyEj79K9WKjgNZvzgwTay3B1Nnnxjn0XiyD67fRf8ns9ZQnmV77zSHnFmCAOZ/mSKXjMkgdWxzyS2ZWZgn6+9O5RhyY30TyMUUJs0iQVmQGJBXLAyIh4HFLy8mxLvSSq9gRPNXenP3OYgraN/gj8evzhmPHSo9M=,iv:ColbCIZ761ZDin7Tf86w76kqbmQfawb01fo0wUjtHlI=,tag:382CxWX80QsqSHQWHBJjtg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1jtvca4vw7evxej6jcx6qpd0dgwtxv403vwq3tw0dkswf42u0lv0qmrj9a7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvM0lRWXUxSHMxanpabjdN\nTEd0YnozRVpRN0ZwRWtNbTc0Sy9iSzFxa2k0CkZraytTY0cxTmVEOFgrd0JGZ1Rn\nKzRHY1hydFEyRXpmSzA4WUcwVnpvdDQKLS0tIDlkMnNGalVrNXdoZlZwYUNFaVVM\nWitCemloL3I5U0F0UXB6MVpGUzdRUFkKmsKGOCB+a2WsT2AcKE6qutbswHcE35ly\nrZKNNP5LgkGVodgV1RrQq3WePwRK7/nTF6yhdGKLjBAIb618zljW8A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1lj6hkktydycuxw6q88490hh6g7hs3qg72taz3fle0rlcfuq4z3hqyuxl2w", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiclJYcTYrWk0vUnF3WC82\nYldiSlkyaTJuUmQxU2NLQW1zenhaNFVNMmxNCkR0ZzI5dWFjWjNmckZoWGRrdTlU\nODB6MTVLRXlGUWUxaFlkL0doQWtuUVEKLS0tIGpMblZyVysrNmVMMFN0Nmxpeit3\nZGNJbWZiNkxZT3Vuc3FYY1E4c0tGSncK77bo7jMiVwF2i8OHdsZI5KZ6xvmXPpGY\nKoh73oKY01Ly0+KZLHNZSnuzhJzsFL6/3Uf3yhHWigpUqX7g5ennNA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1eqw40qudems2h872ft44qcnges4u0gfss9mh2hwcksvya9ul5saq4rrv4f", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqcjVvd2N2ZTZEeEwwanE1\nUXRJRzc5Qno2SnA5dWpNSUZ5RDdxL1puZ1VVCkM4eUdzYXBGZjRSNUlBRVdsMzBF\nWmgwbURPeUJnSFJQWlhDZG91RGZrN3cKLS0tIHdLNmh0cGF2MGE5TWZseXZoYi9L\nN0tvYVpnMEUralJPazBrc0p0M0k0a2cKpWggOabEQn5TdTDPLSzWDUA9XPNUps2R\nYjgsA9jSeOGY3zjlX5afjqZm+eUvF2jc1nMPLqwvsiKRMbbejIjCkg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-16T18:31:28Z", + "mac": "ENC[AES256_GCM,data:Fj1djhpcsoWS8Wy8DkrXHCSAAc6/dYBF+HFMT2RCjukIXoaGpH3xXDqY6PFgtudOsgrIuaLO9rhEXJ4Y/3OnNJ+m+T/HN0D/kgh18WEwlhV+Cimvduhoc+o/8VNpV4paOLni7il5u3zRr8qWiGfb40p+lVjJYzKd0kx/mK0fAEo=,iv:ZQJrEVi/y6xkZOqX5LMdMdjmtIVUfGKbjFw++MIi1Hk=,tag:6xy1sLpkZ2balCXb8E05VQ==,type:str]", + "pgp": [ + { + "created_at": "2024-06-17T17:22:34Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAz1JGCRKJVpiAQ/9GrJOe/MoNog8qk9JQD24lj4M4E9R/03H2UWIPfZ6Z3vN\n+o0BBpKPl19jiIrrk2KCH5Co/11sM84b1jZE3XF/mTVGXLjGeAf5oDoTKkcaF4uQ\n4H4cR2mXr06J0b6YNlReRjvjTAbX+CvS7ELW8EvIj0XoCchG1Cf6Gdh6iAztlEOu\n/v6LjDZ71grRD0Rqqjab1p7MPNeDG3PwsvTGoZvoyUuuFCKeT+6OB+gUcLmhnRPq\nGw568OqOI6UJgVZ8fK+/ytS1PBIh5Fx3XvsCpO4GKOwgzXFYM0RSRNbU3utV3yRE\nJMWE+eRlcsrydfVD4SpdyqvvR8aufdd/x/0QJl4TJczsDBsKDrkaRmrMiGvQvFUZ\nA+Ekm14VeEDVMu21ntfZjSNZvdFFPi8Tk9k7NHavPPzoZqx97ydfDVyORa+P+ZzD\nzJCWp0bpqXr5Gz77kRPt1XAbdNBqKXTUDBllec/GJWKMmV2a7r/8ZvesJHW5l992\nNRUztDD+zVsSqaW4p+PQwtnSrFrDWGDcSRlMudjWyCN7vMru1cl16ns5McOhyDO7\nMvov1zywfI8a0U+OnE3o4twR2xGKs/wgy6lOhLUBLBoYhIXDkQ7OmKvCDZkOTzZL\nEvnbvvFXwd+CE1a7rAmdn8zDHd2GAf9cKID2yCSzUx5ArPpHQOVigwqcd8EL8k7S\nXgFhU44SXgwyvxDvxKfOUBfqsPyX0cFDNfCWd8H6d6A0Ia7NWOoHiYPdf462gOPp\n4/7xEVizv+qTUsrQomcTjGBELTp6A3K8VX4ggezAKA/kZ4x+5foow01n/cuwVas=\n=wdKF\n-----END PGP MESSAGE-----", + "fp": "84E956241243C35EA286B410EA06B7ABA96D6BB8" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/modules/home-manager/terminal_environment/rclone/config.secret.txt b/modules/home-manager/terminal_environment/rclone/config.secret.txt new file mode 100644 index 0000000..8cf15e8 --- /dev/null +++ b/modules/home-manager/terminal_environment/rclone/config.secret.txt @@ -0,0 +1,34 @@ +{ + "data": "ENC[AES256_GCM,data:QQyuIir47RqfutdHwjWgE00Od9b89nYyIfGbopqKtD7KvVECA9FKPQLRV3aVNGXYLdNIBK0S5igK7+znna6xRcmuioqFsclXEN+cnyYzc99KD7v7opB82c3QlHqwVzShQHbY/6MzgxVY,iv:WLyepiSDDc2mRt4zdHe/g1IWiB1pFR/IigX2leCorzw=,tag:qASa1BOJ1jm5OM/JGJ05ig==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1jtvca4vw7evxej6jcx6qpd0dgwtxv403vwq3tw0dkswf42u0lv0qmrj9a7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvcGJQcVQ0cTRNeUJZZWNO\nVE1UQ2Z1cVgrYXNmWXFpUGdmM1NkQjJ0Y1YwCm9HeExEZzJyM3ZmNm9EcmxKZ3o3\nbzAwTklzNEdrajE2RUdDdDlqSkJIL1EKLS0tIDNpVzd2WElieUtlU01pWVBoaFNh\nSnZVM2NQWnFIY3ExS3ZVVDBtYmpoSE0Kl5DKC8LyVonLvUpuHVE6u1frUSO8wEQO\nsYICKn6I85HaY/He6qlyjo6uOFapEhpV7k5tCmkasnKsRji5cwjjpw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1lj6hkktydycuxw6q88490hh6g7hs3qg72taz3fle0rlcfuq4z3hqyuxl2w", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdDVuc05XWGxKUHFJbFBH\nUmVxL1dFSk5xeTVlV0ZCRmlZUU9qVGpuVHlNCkxpREE0cXB5WXdTMzZDMmVucnha\nbVpzN2ZLd3BSb3UyaUJJcnh4VkYybjgKLS0tIDNwRUhTY293NlR1MUpkQmpTNlVP\nR3NNVys4Z2k5RHJ6dUpUcHZ1bk9LSEEK686rwzRBKfyNQCibA+s5aeWxM1NYvDSY\nTbstHbYmSTvQnVHnCdmeOu3E5QDpZE0E0zQ/CuApZb1McwOTrC2erA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1eqw40qudems2h872ft44qcnges4u0gfss9mh2hwcksvya9ul5saq4rrv4f", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmQ1VIbVVXQmtPNS82WXBm\nZ3N6QW5sbGRycFZNd1l6eVVibEJGRG1VcjNnClJIL2k0aEhhT1Z2dUkxL0dpRU9Y\nM2lRaGxaMjBWZ2o3cm15RWx6V2dRWG8KLS0tIG9zcnhLcDRjNnFpeThJdG1NSzkx\nZlRUSjN5d0xTUDBWQngwWFowQWRXd2cKhahiqLDHA32k4oMJxBEjLbCwhnaWZefU\nQowFH/IQrCEaHo4Ne+Fgwx9Vg+7ds4ijEUa7WlMp3ps3w6/TTrEn0g==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-16T18:24:56Z", + "mac": "ENC[AES256_GCM,data:zcfo4b91H6R1hrn+RpaQ/40alhl2PPA957XQlkp0OWWKbfK8y8354qyIt6cK3EfN7ekCvXro/6lU3m7Rce18rbsPcyQhFGOY8KieSlXlZ0qT0aeZ1bTgoQ+HT0O91YCLzdqLF/QM5Rs5L9O1j5sw16CEh/ufW/O3G4oP8h7nrGI=,iv:b4HXRPrPc21U35VI0PEe+CXKGzFK2gVp3aOU+uGc8UY=,tag:qa8pSs8eraxAeA/YIhxe6w==,type:str]", + "pgp": [ + { + "created_at": "2024-06-17T17:22:55Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAz1JGCRKJVpiAQ/+K8+wTY6ssf8aOB6xYzdWwgNhBBG7C5c5vS/lYC2MJrYm\nKJ4bugRMYsGVeLBudaE9KGATBL3xvhW0HokQ03ZblpelP7NJoT7POmvs9UACf1QA\naK2+DU3KvZOelHhIODsFER/GZXzRJOEmnig6EWy+H6OggxsJ1FKiM2fDCqvXIscD\nGuN2iWaIwy1aSmuiNHJcBE+5NcbGn6m9eK+ATapYMobeQcp5uOC7or03YimxWCOo\n71x2Sn9GiQVoDitKaEuFQIOU3WIF39Joybu+2+Koc7ad1co2zEb3G+dAvBVFVwoU\nnz7JQxAXklXJzWtlgkyi/26VpFo4XYChUpHgNScXXY6AecAYDswCL9cP90B2ZJxr\nzfucfyuBGw1t/bpXZJf6Nay4sAwIRrt2AGaXvvSwB62ATR0iGBkzZeE6Z7HVdrbB\nVFovOC6bNIUgejWQF5auwtnc2LFkQm1TZQTa4mTd/B3cwBV6CuNZEWw0BpTSrJCx\n6qC4o3ev7DSvQAQsQJrQ/Z0D+qP7qQe1KjHFNfHleytrQ5H9nJEAqtNGMAe7yKJy\nWfptTUoY/qFjTiLvav4dqMm/RG54U5bv/JqwHBtYKCex75qAkIvhsieGOYta5Aqd\n0jlYjnxH2JdmY2JU47sRyu1h06mguFbRQzegyNn4ij/VfH0Y9fLUdv/toppNXJrS\nUQEY3T9q16wqJGVKJFh+d/gBEgqfm2lAgdYtU3fXS9daHguyYMCovQ5tT/M1vTxN\n/rdeXc5YEOYbrLt8GQziEvQ2L03RocZDisIfBmHkgs8TvA==\n=MC5g\n-----END PGP MESSAGE-----", + "fp": "84E956241243C35EA286B410EA06B7ABA96D6BB8" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/modules/home-manager/terminal_environment/rclone/default.nix b/modules/home-manager/terminal_environment/rclone/default.nix new file mode 100644 index 0000000..ecf3fb0 --- /dev/null +++ b/modules/home-manager/terminal_environment/rclone/default.nix @@ -0,0 +1,13 @@ +{ + config, + pkgs, + ... +}: { + home.packages = [pkgs.rclone]; + + sops.secrets.rclone_config = { + sopsFile = ./config.secret.txt; + format = "binary"; + path = "${config.home.homeDirectory}/.config/rclone/rclone.conf"; + }; +} diff --git a/modules/home-manager/terminal_environment/ssh-config/config.secret.txt b/modules/home-manager/terminal_environment/ssh-config/config.secret.txt new file mode 100644 index 0000000..8ba3036 --- /dev/null +++ b/modules/home-manager/terminal_environment/ssh-config/config.secret.txt @@ -0,0 +1,34 @@ +{ + "data": "ENC[AES256_GCM,data:8eVJbLQeryOwKY4PUuNW0hxAPH7YTERcAeqhLm8naur/hdtGNne1bF2pD6D8WmylpJ+a89GBM5nnXmj9grCQ/XaFM4y/iLFifh15gUHUTJ/PSWvez3G6LzbuSKzJJAyFLJB26dMciMDLP9aSYLICQd9GAe59QlypVno0wBxBMrImYFMkYe4rqrzfGMwzWbfW22CTcO9eK+bM8JCfZGV9fIFS3iVoG8bcIvDVMiUyOBEpLKU6xYEm4A4pgF3S+tSr3wPgeK737GAkB5am1nqW0ZomfhkkoNzl0JMdHYOwa6/hXWQuo6hbqe9J14SubFTLIEtTnH24q4kHY+/e53xk0EFfp1x1tn3QEKiUC48Hxfbzv/9KuD75xg4zhTlGp58G93ThMNFfLhA2O79VnQMRQcKfSnjwhmJUdMT/r5dD5/gNobTyYafbSOnNKYh503Vi8zFKO4p8cVBG8DH1how83mDrkMCk2N8tisT50Z4I9J/piioZwMjvg7bHRnwdJphw6mO/AxzoEZwImdwJDS35EmdlpChoT7orIAQNvBRBMmnnYhxIfT7lY2S/YRWX2W7tYRFsWAVozfgQ1FJTbVR2ilJC4mKcmtU7U8t/aSF8gkaFp/7ZQoL3YK4Iyi5/nLjl5gRBVEwb9wSfA2eZzWeLaWV/KnKUehx/wVJdgEajPXn23772Wn9Kg5LmfnpDla//kDxfmbWhur3iQyl+4+LZ4wZxC9QjACWjRjpui/xNSTHJyLrPaZWlAtfXZYrMa9Qzlx/7z0xlwWM946tiD2zuEsfT4w2b5qc8YgwJFVBzq+mFVwh0k2QtfmkRpdqQh9zmVbdDaBOza0NCfS7v+KASIATKXs56iRh3DVkg5nY1fcyxHDukJHh7ZGhuJMed0+C2H91rvM4p3eEcaUtDdwlm3QHcq+P1Wa9aAdkVdKyshHkYxphj9HOnVKo3O6FV3cQn0WPNdMHfQ6O3WU+VRg3BaiGC6vRoWszx4JY451Yj7Zf6BgBQecSvJjHhlxIHa5bYtD8l5mdxqxF20WHMjJQ7TIIv5T7gsYVdWNjeaLkVNI27/sNsdjWNGwY=,iv:+LFcEWiNAfMRXNgNo5i+LENElyBDzOwEKXxXfBFI4xI=,tag:NJSmL5jbrXQcePvorjyLmw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1jtvca4vw7evxej6jcx6qpd0dgwtxv403vwq3tw0dkswf42u0lv0qmrj9a7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6YjJSWHdmN2FmRnVWM1RR\nK2R2cXJXTWZ5cURFVGlhdkk2SmtUelJkV1VJCnVBVHRIRmVxT05MY000dS9BNXZm\nQWtEVTFJdWRkWk1YR1l6SXJpNnk4UU0KLS0tIE5WYzZ2THdKNlAxT2hFWndTbHpk\nemFTVlBlOWVWeS8zMnBWNzVzdmhIelUK3FtouLllql9wxeXgjnKJKJmJ+7rxf1Z4\ne/WJiT+7C263le09pN1L+j/r4BHVmLe+4+EtXLCC/5t/H+5bL/Zl5A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1lj6hkktydycuxw6q88490hh6g7hs3qg72taz3fle0rlcfuq4z3hqyuxl2w", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4aFpTK2RoUXZkTEs5TVA4\nT2J1bEpjOEZmS2hmNjQ3SHRBTmJKbUUzOWtNCnZFbFlQREhIMUN1STdxelNBVTBt\nS1VvM0tqU3lGTmxiTDMyZ1VsOU5zZE0KLS0tIFdPV0kxRTAzSG9vOGh5RUlyTytl\nZWJJd2RnWmFueTJEZUVLOWVvMkMwRVUKGmkF1I/T1+gdLsls6B+oFkK6H2RXyleF\n7gETmecU5cWAE6R5miI2wVAATly37e56rUcrDgWirqpohAx9IDKyCw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1eqw40qudems2h872ft44qcnges4u0gfss9mh2hwcksvya9ul5saq4rrv4f", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuZUl5NmRNYUJwNXRkNngw\nRmxiazNwMFpsdmNQNC9zY3dwVTUrSnlRUUF3CkpvODlMbGZySWFwWmJUREljaFp4\nVThIWklEd2trZStPdDU0enhqSzZGekEKLS0tIHN4Q3VlbGlYVHpVRjlYajU0RHEx\nb1ZEQjV0bTBERkNYRWxoempjTEF5MW8Kg7ABcpz1l5cRWf3s4DIohXO45GPsznHM\nmiWizZU2krewxdh93cMjD/QvupEprgHICacfQMo9gPQK0CcgMY2fTA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-16T17:51:42Z", + "mac": "ENC[AES256_GCM,data:QQsH26FPb6aEqOvcxmvSL8ZSDHBjZtJ/YwjwGoZqPLPfdtCmkzBihkEK79OU8rRF71CvvkSwMasQDz6Y278O+Qy25+9v5oxJdECMPEUzUbPI3kbtyyrzRnjtwSC4+BCLX/lyCHLETYajoG0SQhpF5Y7GEcdeQ4Wkip9Yl2su3hw=,iv:edOPPh6Dk6lqGv74MP5N9z2fDF3TC6iNqEsQrpo9HrM=,tag:dwhM6yrJpTrZW52OqObrCw==,type:str]", + "pgp": [ + { + "created_at": "2024-06-17T17:23:05Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAz1JGCRKJVpiARAApELohBjJx78Sz5xt+scSVjp1JeBBybnfQlYjDBq4Q0JE\nLMY9xq5pckmDI0q0yrTS0nWD8EGAK5qacj3ib72g8F0pynAvxZ7ysfapwCiYM3B6\nrDhgCwuSC00nUgV9tWUsd5acjyBwU6iaWolhyawdkhxgqGND6LIfVn56WMoDBHPD\n+xPPhBzzJ6utLYBKP91Yu4nKasMW11nITtHDcFu90rn+I0sTQffR6zhyLF33vLZi\nhQ2BZrj0jbOofokqeFbxqvYcL+1tHklXdqyoGws3VShCh5RLJ2riFeeJd9SD/y7b\nVV9lELSev2LTrpgMHu/Tmy47mxE+/NKkrpWndb/4I1r4/mnnR75RZIrJ3lqyviVN\nIAuaqb3HqJT33BXNk7gHUr569TJHrHxkzG3Rwy+9ljOJ7HQOwyzGyqLsdc1ZI73S\nxlgOmZtVnvU9LqSRvRxo5B1so2f1ocFvA+thu9XYDlxAJA0iknDR+6PuunXpZBeL\ng+6MAzRntwzEOX91u2HHnTsaxxJ+EOtFWbsnxM8XvWNTXc9h70IKo7qYEZiSzjpK\nFvP5HY+wKaEkf/UPJfkaVTmRJajOBIG6t/C8GxaRq8TVtfL/bBxUkkgCLPyWS/xR\n8GKalhCQCmGs8y8D3LyXCQfpETjVJbncw3fdy/HcKgGRtIi4P5+oEnp/gVEmCZbS\nXgF+3GVuWB3xFooGU4r927xUDjoUc+s/JWd6bNBjXb5Su0TQmy+t9hcO0mIBA3uQ\ngnS0/PTpJmkgMVJnJYW1uYCu3JFC5FzM5nqxnfzSdNkPE0UkIK71GfiaPe/YCcA=\n=7rYM\n-----END PGP MESSAGE-----", + "fp": "84E956241243C35EA286B410EA06B7ABA96D6BB8" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/modules/home-manager/terminal_environment/ssh-config/default.nix b/modules/home-manager/terminal_environment/ssh-config/default.nix new file mode 100644 index 0000000..f8dee25 --- /dev/null +++ b/modules/home-manager/terminal_environment/ssh-config/default.nix @@ -0,0 +1,7 @@ +{config, ...}: { + sops.secrets.ssh_config = { + sopsFile = ./config.secret.txt; + format = "binary"; + path = "${config.home.homeDirectory}/.ssh/config"; + }; +} diff --git a/modules/nixos/dan/default.nix b/modules/nixos/dan.nix similarity index 100% rename from modules/nixos/dan/default.nix rename to modules/nixos/dan.nix diff --git a/modules/nixos/dan/secrets/default.nix b/modules/nixos/dan/secrets/default.nix deleted file mode 100644 index 6b59838..0000000 --- a/modules/nixos/dan/secrets/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{...}: { - imports = [ - ./rclone-config.nix - ./ssh-config.nix - ]; -} diff --git a/modules/nixos/dan/secrets/rclone-config.nix b/modules/nixos/dan/secrets/rclone-config.nix deleted file mode 100644 index 0bbd050..0000000 --- a/modules/nixos/dan/secrets/rclone-config.nix +++ /dev/null @@ -1,10 +0,0 @@ -{config, ...}: { - sops.secrets.rclone_config = let - dan = config.users.users.dan; - in { - sopsFile = ./secrets.yaml; - owner = dan.name; - group = dan.group; - path = "${dan.home}/.config/rclone/rclone.conf"; - }; -} diff --git a/modules/nixos/dan/secrets/secrets.yaml b/modules/nixos/dan/secrets/secrets.yaml deleted file mode 100644 index 42174b9..0000000 --- a/modules/nixos/dan/secrets/secrets.yaml +++ /dev/null @@ -1,70 +0,0 @@ -rclone_config: ENC[AES256_GCM,data:q28MBVOnFYNQyZlRxw7jE9kB97TO1z8pbpUXopqVwbFdzzD7B6klPK2B6AoYXNAztfa+hOtCD/xhVKg+0KwdJsFpy+l8mSOjf9Rvw86Rztv0nY1ASaSRHm4upmjw2ZnkSQO//mdSKs+j,iv:db+wGOZGcxOx+1DwHlYzClbx7g6+ZlFLPEY9kRDiV8M=,tag:08bd0FaqGOM46aBLwONPpA==,type:str] -ssh_config: ENC[AES256_GCM,data:UQ0nhVjJhOKhwjNF68lF682cILjTjW/S/vohqSAPLQKsol71WCimFL3MlzncMSugrRiZPcCQTqRdyzZJiqoXZLNe0c2HKUdth9MS0L3W1TNRqLquq16fo4b+7RIZ4nGH2niRIwAzdYoUvGhRwTtqLr0aDqLvkGlOLcZyG6bOlaPnR2wKELwjqdWk/9okMhck7pOBKcBBWT/b6XOJ4YdhupBQgwun8sCXd9R7u4uS5hKSbT12nGbnImqvR6AhbP1zRZ/H467zVVotm8JqyFZECDoVeuSREMGKH0wcC0Qv6tJLMmiWp3kpKhQ7XE6JNXCknnQ9GuLjNP7im8lLdL01wJJRGM4HGOjXxEOjv5nsurD48B552GNQ9PNyK95hIsyRNTYmFhoBjas1I7gcSScsRjkb42BnHiRk2FTS7CZrYHWm++Pjd14wfzrybMB4HkwvD0AP/4Q91bAFX7zG4+UR6MqQRsWoNUc+NoJ+nwaAPCXBZ0T3/drSOCOUS61B8hVIjXTCw40i/3g9oa5e5DQs2Swg7XkQE2tYJ7036QF3D5q8uDzsnLw/Bc7Z62KMCjLuVLm+66jdHjc7sijfsL9U41CG2NRKwutot3+FCJJP5WNUvZKUW887teydnumHDWgGffionaODmOWqaAoBl+hNfSi1t6Zd4aL3VXOHY5WYmo0Z4ehOjGkf/gNNgQxx28vBp0SN81dxLQ/GZx5zvYCxnj+Ond0j7ulXvvI1wWlkEgiIH5CA+0a8t9zNmXY7xTiVyTdInk6ga/fP6PAjGpx1lgyPQ4EFZkOXuvR8enNLL2zf632rUM1mhIuJgKpU0GCBFb0wFauXesODtaoXyphGRErPKjknqcUlx40mpWUIsMVCdU6DfKUi75fqrJNyA27bbVspvQf+wd42cPcHNQWMCRCFcCdg/bo9fkRlemunih4oBspNvT6gAWRESc1YE/f8dW11rTA3XthA20CWptYFOCFEiqgvcYuEJoyTc/9oh1Fy9uBQYetOhDVamgqYsfEynEsZd2XYHJvycWFFSr0avmKX32iNuoqWRQv8Jxl1aGAMnMCJduX0W4o=,iv:lD5vJmgL8mHdvpDC5wLSVTb6FDuhf7LChs7o/ny81wI=,tag:BY2b0v8Tv3B8ADXcfysLWw==,type:str] -hsxkpasswdrc: ENC[AES256_GCM,data:va/iCD0wIk3hb9kD7Ze4QkjCWfne3Nh7xdm0McV6ju8tOgiryGDhTQitskdhpi/rvOqi5qVypnv5x7Sp7xDHZgBXqPaMbxd4MrCoeFIsft6CtspIqHfomi9MLDh6DaOowK7Y9wq92C8UQmCk28Zju02gT0bHs3Dz+RdtbDV1JRujb/NDByYhK0uyewRVAInm7PHAHg9w9NbgBH7kPjCJS/4Ql10eH8kybJQhaXbrNUL0esRPOFpk62xvzLIinXHZebb7MknrEqMiHupD2sC5xoUsjoVn9RT5bgYZFQBP7O2JzpfA5tfNO5IV6xVV7NjzbKWLU0zymssPCjCR8BGTS7vzmrVvNBWRz3jcikzDytB3E3IRIEsEAX1mSne8HcByb92gJqCSVzfAyJVPNYeSbdLxo8K4UYGhx7LkiVkjWn2amAPhMo8OQIFbjwmUACj11Tzxp1zjwiroWa+NFbx3tfRK74bOM6qbIcqMKOOpHL5g00vYiOQsK+Bpz5k4slijWYc6kJTnbyJdteaA4Dx+rg+FXTVOgUz2W4Af0Ap9KZx0QDN1+D20/TajIXs1BG5Ozm63NKZUF52YbOn49ZpI4YGQBkEBkR1mDbW35Fzqi6jGInHWRhZ2NwTyw6VeWzuI9R4QuL+HZFh5YE1hNoHK8up+KWiaQX9t20KvFJonTq7bFybspVqbNKG0a5kNHz4BguILkojO5s01ms2VuZPqiGwCAMAFJ1wypzmouO+opEG7UN2Z2TdJEftAfnbLOCSsyfEvoS9CmwXDcopmw1QGzP2D85GFvYCBYQHhBI/oWna5u+5Z02o7MOCHAZjSPHCfN3p4A7SOYiM4dXmYU2RueHWD62Q/cV3qjvJ8mmj/Dn5RsFnTZKC2a3Kx88WP1G2enq63AANNQ8UuAjjevjWyBRZzMbRhH+75JOSla2nrRhNN7zB01vSTWgD1siX0sZJsiSdemaMKQsulQJqrIIhJDRhQzbIfmrJlenGoIxyQrwuIde9lBljOB+8mWluWuQaYcNFtcy6gI7Y8pGipMKs4sII5+nb61+dI2/Oumes2khA4k9XlxEGJL+uAu4H6kgTGhA5IJ4ewbVYlIY4v4hgGALCSClakwFofvJoyZOLM+mPV78h3uj2s9SDMi/tL7MylFr+TSEDa5Q4IRYZz2OnmoUTkuaoBxe9skuRqI/Ag8B18RJ8e9VP8Fw6+96OqmCK0rA7NwBODY911w6IvOkSHkAtefzbWiOYKJWc2MyyLXayJ1VgqSArDhJ+1YCLjg3ZjPY8CWfcm2rV2R4iZ1/OD/KnTaQDfWx86Yt2WwOs=,iv:eAnArVNA+4ktJoQQJDay1XJ+03mK7q2W8/GyfK+AFSQ=,tag:ZvughNVfkxpQ9dZk7tXPrw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1xl6gggups43c5j6stvjeaf0fky0u28mmthe45vfva3hg2vn7cyeqdv8md8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBodFRHWEJ1c20wSEpyV0Rq - K3h0YTlUTmQzRFgwRU9LQTZGSU5kcVArVzJvCmN0T3pRYnNUaW80cmkzRTgzSU03 - eGxNOXpsVmZTTGVGQVlPempSQXlzZDgKLS0tIFlpYnhhRzk3aElZZ01uNkUxdVBz - Y0tHS0NCcitBeUZvUnBxa01JZnlLMGcKCk5WNLd1Iq0GAC5u+QH0VRvWeG3RiFJF - TFuhpcpnLUQjpc2z5BSSTvA4+3HW7RuYmOobtPF0ih90s2ZqYJKaNA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1v6mp6g8qc0frz5r8tq4ajqc49ey0eul4yqeglevgrt8huga2s4qsym5hc0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTXdlNVJ1ZXVoekZscU1n - WVVYRVY4ckloNEc4OEVNekVOcHhZSHhESUZnClhwYmwrN1hiWDgvLzJNaTZOM1dk - elVnMk1CVDBQSERISkJJaldncTBtcm8KLS0tIE9sc2R6bG0vNnhYZ1dGZG1uN0dD - TCszYXRMOU5rb01pcmlwRTBEemExNWMKCcribf7JSCk3MzWSCdcOGsoFK453B/+3 - S7xnU1sr8NgLBvsr3IecFCDoXEMOonZOrTwRKq6UU/Jm2iL5IxAe+A== - -----END AGE ENCRYPTED FILE----- - - recipient: age1w908m223s5xg3xmsm3zxwxcudryc4hcp8xk5kveq09kgupjtpqhqq4nqsd - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSa3pta0VHMUhSOGJ1WVla - L3c5TXljOWxWbERKcEJBQ0QvTmdabDkzY0VBCnJ5VTluYXhJUGJDU1hZZ1hwR0xw - TitqK2VwRVdZZ2FRbG9rL3NUelFqS28KLS0tIEdXdUlOckVObDFhd1JkMWJGS2Q3 - NUJFaFRGcm56ZEs2elVkTm1WQVJnaUEKCbNBVXvswjc1b+FohXbBAaG5OxX7xd0c - Te9nA0hTsQehxZxepQY2fXRrlba1ziKy0jEppC8GnTYdZNlfF7XRkw== - -----END AGE ENCRYPTED FILE----- - - recipient: age19tct0nf4cuvj0lveptda469raqtgewwg882rqr4y93g2m2wxrskqnttklq - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyL201VWk2U2RFQUh3eE1Z - MXF0M2FaZUtnU04zWkFOaUlOdnNuakowcFFvCmNaaUNLVUc3N2kyV3pLMzJMWnh1 - cTZ2Qmh0RUo3cmpmdCs4S1pDWEt4UDAKLS0tIFhqcWZSS05DM2xSTFJ2aStQVHgv - anRtODZhOE4yNFh3WExNNXlpUjY1OEUKfg4EBrVf6zf6voGN3rynnVNXqlRYHTG1 - I4FiU/D2gqAxn+hhebTVY6hns2LBB00c1KNRGv8DIEhaQ6FaJ1kcnA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-08T19:10:12Z" - mac: ENC[AES256_GCM,data:iZ0kMLAY4EDK+1XQfkY3vFHVX7U7zP3F5gS8brBxCBvizb+30wSFqbfKu0rwsmmHmX4aan5l1swfzdH6E1BYE8yKAU3GvUc2+BsybOu/W0mtPEQrY0rPZ8l96hb/qMi2wyLborPzCgwL1E52f80V2xba/g082krcSGBJSFO9j9s=,iv:Rz6YyQKvXEK7b68IOj56fNYiPLp7xN4nkg8KyKbZk9U=,tag:JnGUxwspWtasePUZKDSTUw==,type:str] - pgp: - - created_at: "2024-04-14T14:55:43Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAz1JGCRKJVpiARAAgPGYKtzzLBZTBnfU77+/IydCwM5RO7knG/djsdT3eRxY - GvigL3FlmpmXRrjeK0H5Zn5Z8wCoVhWTGQrxTx+RilygRj71asV5fw5IlSmTfE+1 - C1c3akINoJLx6dZE5jLje63NwX+jkflP9IWBaQqcbD2lbgaSchoABOHLXi3zXktc - AcWbvyFploI63Hn5uabtuWpfu6Sh3sXc2YWbyCbr6FxDMUKMHKtKRRaHNQm3pr90 - Ua3A88o3TQL88gLOCNPXCIevMupvBaxtP6CTiVF8O4YokX1wsEgPKI0As+q+TLRq - sZby6T39S01mbDzsYHO/0RqAfJ+0cwqhDZb87eCYfqppxP0WbD6SYcVHF735PdII - 7Lw1Z4nToD2TwjQ5wR16+NOl6bNf1Fym6PV4oPD0yFIwkRiD3mje8jIxt6x89rD/ - 5yRwK1dGe7Tei1697xNydc96RJ9JhFg2UHAxAcf7hLWr29RRM+lvI0G1FtfV/HwB - s601qkTec04fVqHoeE2zn3bxnYn+kHBkDg7tWK7d6W8a4aCgDJ2L2Egxxe8UiXTL - e4BfoLBVFNOdRy8u2hAYb/LwJUZNGCWG0AeJmTZ9f54Uf1OZLVSDHBdJGxgZiFEV - jO7Kwy2pVuA7OAJxztdBgKu6PbnCU3f7u+/gGt43BodgJotgOBElJZlRBpmD4GLS - XgGOnKN3kPGIYlGwA5be7tM4kH83AXyyCNRDwdSJFSZaoO+3S3iWepQqJ9lFR/jN - h1xn4yMPSaAr0zEyhmYQ1gb1tjuEStrZXGmzf/jOnkWqdeqaufAuXZP0dDysuBA= - =JNan - -----END PGP MESSAGE----- - fp: 84E956241243C35EA286B410EA06B7ABA96D6BB8 - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/modules/nixos/dan/secrets/ssh-config.nix b/modules/nixos/dan/secrets/ssh-config.nix deleted file mode 100644 index 0bd9240..0000000 --- a/modules/nixos/dan/secrets/ssh-config.nix +++ /dev/null @@ -1,10 +0,0 @@ -{config, ...}: { - sops.secrets.ssh_config = let - dan = config.users.users.dan; - in { - sopsFile = ./secrets.yaml; - owner = dan.name; - group = dan.group; - path = "${dan.home}/.ssh/config"; - }; -}