cyplo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add foureighty's target key

Browse source
This commit is contained in:
Cyryl Płotnicki 2022-07-16 09:34:40 +01:00
parent 65f4f27953
commit c757fbed42
3 changed files with 38 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -1,9 +1,6 @@
# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys: keys:
- &foureighty-source age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n - &foureighty-source age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
- &foureighty-target age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
- &skinnyv-source age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn - &skinnyv-source age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
- &skinnyv-target age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt - &skinnyv-target age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
- &bolty age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu - &bolty age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
@ -12,6 +9,7 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *foureighty-source - *foureighty-source
- *foureighty-target
- *skinnyv-source - *skinnyv-source
- *skinnyv-target - *skinnyv-target
- *bolty - *bolty

5
README.md
View file

@ -147,7 +147,10 @@ nixos-install --flake '.#'
ssh-keygen -t ed25519 ssh-keygen -t ed25519
mkdir -p ~/.config/sops/age/ mkdir -p ~/.config/sops/age/
ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt
age-keygen -y ~/.config/sops/age/keys.txt #add result to .sops.yaml age-keygen -y ~/.config/sops/age/keys.txt #add result to .sops.yaml as a 'source' key
# add machine's age public key from /var/lib/sops-nix/key.txt to .sops.yaml as a target key
sops --add-age [source-age-key] -i -r ./nixos/i3/openweathermap.sops.yaml
sops --add-age [target-age-key] -i -r ./nixos/i3/openweathermap.sops.yaml
# syncthing # syncthing
# vault # vault
# firefox sync # firefox sync

55
nixos/i3/openweathermap.sops.yaml
View file

@ -1,4 +1,4 @@
openweathermap-api-key: ENC[AES256_GCM,data:6qCm3Oivna89wAi0slA0MEizKBf6BXxU8ISzFXuMM4s=,iv:8SKcOQQBqF6gA8xs+RzlRG4GscrLgm4MyOoKZH7AxhU=,tag:0ZDKZjxrlHbT0QmmfEq60w==,type:str] openweathermap-api-key: ENC[AES256_GCM,data:8JXRYvBjy8/aDPcU8vpEObkewvf83gBFasoVOz1bUS8=,iv:8SKcOQQBqF6gA8xs+RzlRG4GscrLgm4MyOoKZH7AxhU=,tag:KNBGy1vS1fgOBMSAXkl8JQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -8,41 +8,50 @@ sops:
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n - recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRnN6MGltbUd4NlFnYits YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoMm1vQjZQSU9nQzFHeWFN
emtkVCtkR2M5OXEvNUJxLzU0ME1IdHhCaW00Ck9YS0owTDc5a1pHL0F1THRoWmZ3 QTYvU29sdWpkTi9BVUdONTZ5SWRFYUVidzNjCnlVelc2RXFuamxvc25FRGFERjhn
cVVSQ3lGczB0Z0NqQjJoMVJ5bXRlbjgKLS0tIDljdWdlRk1GWUVpVGFyN0tsQno0 R2ZYTFBxT3hJbDh0Sk9PRUlpbmRReW8KLS0tIEd6Z2lCWUplck1nWjQrYWR4U3pn
NzN4VkVZbUZwd3ZOQjB5S2dpVUJacGcKnkxIl7U0wfZtEbj3drdcVuSpMwk+CJxz QStKR0RnOW13RmRZZlVPN1EvaFVPQkUK6YFw7ej/dIw99Z3oaInuJVKEadhTvEvQ
bqMjyP3kzLkqcIfG7xJgk40SURrETrpPyXEst2j4cvKKna6qXjzq1Q== Hc617o4lBNAzOgVJBsRpf9BLNDpr0oO285xLWB8jEFlCkymTPfrn+A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn - recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcG0zNTNOc1NadzAxWllr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBeGFpYzdUajJuZTUwZitp
Y1JwNmNOMXVvY1UrZGw1MmVuekJqZFdOaHhJCm1heVU4WnFOWm9HZVN4SWFJZ0tX WDdaVTF5d2xyYVgyeU4veS9udlRMa3BlTnpFCkZmNWg0clNMUjQ0TEVLcTBKeTMv
L3BtN1VXdWlJT2xXd0RTWDhMMVFqL1UKLS0tIE5aeERGZWxONE5kZUdGRE80L0lY R0d2Tkk1Q3RxWHJsR0M4bzE3RlJMOEkKLS0tIEt3b255Sk5MZjhCQU5CSE5tcDls
WkEwNkVNTDdYSGpDU0ZvZXc4WmlYYVEKvgW8cJrQBr1JLOUOgLzkrY0VuTqKpGr2 S0ZoNlg4V1ZvSEFweVNMMmx2RFdCWVEKk3ADVZWiH66aA+gcwbFKnESx89R4x373
zgbfv3pkFyMrvIWPdhQYiD1YUXjS+O3DkYuQtQxGrnRGG3DUKu383A== Mny0e9ZiWrSH8FU0/Ya+f8UWfA/c3NFvVz9uv5QO7g6/4re9aglvxA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt - recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzVTJaOUlQK3RmRDU3V0l1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTa3kwcHdwTit6Njc3N3pM
YldSTlFiem1HRlZoc052ampLM25VUVJDWjNJCk1qVzJBV1JlbW5ybEZFN3Bzaksw NEtRTFAwL0UrbWFZMHF1dGhOMDMyeCtIZERvCjZXbEcxWEtBRUZ1bmlkbkpYdW1M
WVJFUW8wMkFJSXBJcGdPS0tSNkV3MTgKLS0tIDJZaHlRdHlRcm8rSVVCYnVMMDJx ZzlRUVE3azVpZ1VCVHZuK1RwMGlxOU0KLS0tICtmRnRMVlpIeE92bFU0STUvT1Bm
aWY3MVhIb0t6Q1FGeTBxemQ2SUtZZVUKfBEeR4/UQXJbcvFgtipXkQ3HgoJDjL/d Z1dnbEFvQmNJTU9Db0tYY1RQa0V3eTgKrA90cWE0zGpIsnHiweBmKZKdO4y1axz9
YHUPLFM5MDcUg9mM0GvNCL/15DnyfuM6XH1iDgabOTp+C2TjIUGucQ== gnWvz5ViEkLgwP7TQhykcRq9B4Op3qdEoVBqHmJ996tlzxYrRrirTQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu - recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZElNRmJxUlhUNUtSR1g1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQVRoM0Z2RVExVHVQR0xN
MzhzRFZCZ0RJNzZtc0ZrelFRcTJSYno1b0c4CjNRQUFQZDJHQUhWbFpqbnpDVVNQ OG82VGxtbmIxSGd3bHRLNmt5dHZtanRMRmkwCmJ1NS9VZjZOR2o1RVlvNUtZODQ1
a2pDZGhqU3NhcEtzUEQ2KzVSVzlXYkkKLS0tIGRXY3ZyZmhiRXY2TmpTNXVtaFN6 amt1ZTBCOUFaVlVlQXdpUkg1dEM3aVUKLS0tIFlXM09ZRk1xR09adUxKVHozWWJU
TVduYWNXSndRYWpHY091d1FrdDhJQW8KbH4UTeaQP1YcvN4z0MNoer9hjeycrQPT alU5MFJjQkN0d3dNZ3VpcElsQnRURGMKBKo78lEy3t9vgPX/j0euYwC0OJlFPRt4
+cZPCsofN00OnToEn32YwxT04ocdkFig0tSZlacg2IjvMRVQMeq/Yw== +nmyJg88eMdcBY+vNqNCKQ4/61AxtLTH4qH0QS5vSf2Syy8mh5Tbwg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-07-16T07:48:28Z" - recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
mac: ENC[AES256_GCM,data:nizqT2X5lqnh/afvUhBimmSN0pw+nzbdVcjrrGaqEKCQ2D7RRZGax+RCLbTld5NXjcFkHzbEA447WtGgaTvAX0tTypA8wYpFnL306hAdQueELl/fqf/fXWVGkCnP5OoU4gb8soV1vxPvN8LkY3+uh82DXfI6QHrA/SneP1qP4yg=,iv:DPbqcBmTWOTzTVF6wZffNeZvQBdG9Q2BCFhHXK1ZCjM=,tag:8vsszQbQCzNqDxAwpdwj+g==,type:str] enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqb1ZCdTJjTW5iU3BEQnJa
d2VLaHJlbUNiV1VJTHhZTDJXVlhhTDhQYzN3CkhjUjhUU1ZpcTR1VnBrK0o5R2ww
bldFUmUzTWRIN1NxZ2ZtRW5DU0czMG8KLS0tIFI4VUg5NnFwMkthT2UxQTNET3V0
OGYyNlQzcC9ybWdVd1N3UGxEVVhMS2MKe+MC46XDCSVQfOVXLmIRGppGs30tBicH
m96+2FgWOovJzFrgAMychYzkunQI6D8APE5jSU2apyzkwwxDAkS84A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-07-16T08:32:27Z"
mac: ENC[AES256_GCM,data:0SWCpWsvMlWHFFjEQK5UCld3qnURz8G+2Qj4HXRQY8dH8M5qscjzHxk8hausPppzVjiYpemyYDZ9IdDAqVtijhYjmuFdM6FvLrvVoNo4C7z8RadhxZkqJ0IZBUrMOyrK9pDssC/+LOljgKSv9RZwNIvb1QCyyezPQj5QLmUZipo=,iv:CEn3rZDKJG6/a6MuZReEytPy89S73nt3rnSDHHubghA=,tag:qn4COe6Wbv67UynhIpsALg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3