Add openweathermap key via sops
This commit is contained in:
parent
b0662675c8
commit
c19e22736d
8 changed files with 69 additions and 11 deletions
13
.sops.yaml
Normal file
13
.sops.yaml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# This example uses YAML anchors which allows reuse of multiple keys
|
||||||
|
# without having to repeat yourself.
|
||||||
|
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
|
||||||
|
# for a more complex example.
|
||||||
|
keys:
|
||||||
|
- &skinnyv age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
|
||||||
|
- &bolty age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: /[^/]+\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *skinnyv
|
||||||
|
- *bolty
|
|
@ -145,6 +145,8 @@ reboot
|
||||||
cd ~/dev/dotfiles/
|
cd ~/dev/dotfiles/
|
||||||
nixos-install --flake '.#'
|
nixos-install --flake '.#'
|
||||||
ssh-keygen -t ed25519
|
ssh-keygen -t ed25519
|
||||||
|
ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt
|
||||||
|
age-keygen -y ~/.config/sops/age/keys.txt #add result to .sops.yaml
|
||||||
# syncthing
|
# syncthing
|
||||||
# vault
|
# vault
|
||||||
# firefox sync
|
# firefox sync
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
ext.pass-audit
|
ext.pass-audit
|
||||||
ext.pass-update
|
ext.pass-update
|
||||||
]))
|
]))
|
||||||
|
age
|
||||||
aria
|
aria
|
||||||
bfg-repo-cleaner
|
bfg-repo-cleaner
|
||||||
binutils
|
binutils
|
||||||
|
@ -40,6 +41,8 @@
|
||||||
restic
|
restic
|
||||||
ripgrep-all
|
ripgrep-all
|
||||||
rustup
|
rustup
|
||||||
|
sops
|
||||||
|
ssh-to-age
|
||||||
tmux
|
tmux
|
||||||
topgrade
|
topgrade
|
||||||
unzip
|
unzip
|
||||||
|
|
|
@ -1,13 +1,11 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
download = pkgs.writeTextFile {
|
download = pkgs.writeShellScriptBin "download" ''
|
||||||
name = "download";
|
|
||||||
executable = true;
|
|
||||||
destination = "/bin/download";
|
|
||||||
text = ''
|
|
||||||
${pkgs.aria}/bin/aria2c -x 16 -s 16 $@
|
${pkgs.aria}/bin/aria2c -x 16 -s 16 $@
|
||||||
'';
|
'';
|
||||||
};
|
|
||||||
|
|
||||||
in { home.packages = with pkgs; [ download ]; }
|
in {
|
||||||
|
|
||||||
|
home.packages = with pkgs; [ download ];
|
||||||
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{ config, pkgs, ... }: {
|
{ config, pkgs, ... }: {
|
||||||
imports = [ ./autorandr.nix ];
|
imports = [ ./autorandr.nix ./openweathermap-secrets.nix ];
|
||||||
environment.systemPackages = with pkgs; [ dconf ];
|
environment.systemPackages = with pkgs; [ dconf ];
|
||||||
programs.dconf.enable = true;
|
programs.dconf.enable = true;
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
source $HOME/.open-secrets.sh
|
OPENWEATHERMAP_KEY=`cat /run/secrets/openweathermap-api-key`
|
||||||
|
|
||||||
KEY="$OPENWEATHERMAP_KEY"
|
KEY="$OPENWEATHERMAP_KEY"
|
||||||
CITY=""
|
CITY=""
|
||||||
|
|
12
nixos/i3/openweathermap-secrets.nix
Normal file
12
nixos/i3/openweathermap-secrets.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
sops.age.keyFile = /home/cyryl/.config/sops/age/keys.txt;
|
||||||
|
sops.secrets.openweathermap-api-key = {
|
||||||
|
mode = "0440";
|
||||||
|
owner = config.users.users.cyryl.name;
|
||||||
|
group = config.users.users.cyryl.group;
|
||||||
|
sopsFile = ./openweathermap.sops.yaml;
|
||||||
|
};
|
||||||
|
home-manager.users.cyryl = { home.sessionVariables = { }; };
|
||||||
|
}
|
30
nixos/i3/openweathermap.sops.yaml
Normal file
30
nixos/i3/openweathermap.sops.yaml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
openweathermap-api-key: ENC[AES256_GCM,data:NNeVpkLxM9xDxV0oskAoUPjH6b3V8K3MfnNOOAEtg0k=,iv:0uOxqjmUvslHH7yyKJuZ9h0tY20BUmqr7zsRSX2AjBc=,tag:1rJHeWtct6pph58U9Nalkw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByMXQzL3JVaTBOL0U3MlFm
|
||||||
|
d0tjUE9abDVUR2dVbHlBQ1diSWRRWUVnalVvCnNQbWZUUmJ3TFFpL0x6c0lQV3hx
|
||||||
|
UW5IU28xdlp6Mi9OdU9UNmFuRWRKWmsKLS0tIG9GUFNLblphdHdmMXFQbzJmSjBN
|
||||||
|
TVZMTWJCd1lyZU1tNFZJQTBhT0lGZTgKKM0mC1k7YsEBaogB4Y7TEhGliU/lbETQ
|
||||||
|
DuZ59BaXpOy9wzQ62m3oAhubP/cQZVOp1rH094BVdQqfNnDB4+F9xg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ekZTVjhnaUJkbS9tdm9w
|
||||||
|
cnJQYXpYbTVjOFhCMmFaQmdERCtzS1NBSlRzCnZpYUpGa01QRElhaDdaLzRtY0sy
|
||||||
|
UXQrU1hJRnlNNlJWME1NWWdPbG5rcjQKLS0tIHVmY2lHZ3NDR2FTZmRpSjhkM0FG
|
||||||
|
L0IzUmQvNS9PT2hXYUNYL1hoRVgyQTgKdJs/VaS7G076v2CPoGz71yjeQsu19GCZ
|
||||||
|
pIThhU9ppGJvgo1eD0kQFeNHwHB4Wg1jN38d/KoC5A0vWYWmk+Hhng==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2022-06-04T08:35:33Z"
|
||||||
|
mac: ENC[AES256_GCM,data:Rne0FsSpBMOPSdwDryFtB9ui7hSxvbJMz1+Qkq3Ih1HYBdVuIldyWsoJK7D8wvAl2E/z3MMk/vBoYQUmkhuzZorqiseuFix6sAZBps08R9ZG1t7uJbHuU9Bt2/ebX3n2ZQXgWkPX06eglmqbqzE+WS/yzUxu/KGYa3aqpv2COt4=,iv:+ginG0RSy8aacTHwKnjO17XKkBU4iY5YzAcIovBIaTU=,tag:yyTxDGqK2BI1QNv+vg2ZqQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
Loading…
Reference in a new issue