Add foureighty's target key

This commit is contained in:
Cyryl Płotnicki 2022-07-16 09:34:40 +01:00
parent 65f4f27953
commit c757fbed42
3 changed files with 38 additions and 28 deletions

View file

@ -1,9 +1,6 @@
# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
- &foureighty-source age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
- &foureighty-target age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
- &skinnyv-source age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
- &skinnyv-target age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
- &bolty age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
@ -12,6 +9,7 @@ creation_rules:
key_groups:
- age:
- *foureighty-source
- *foureighty-target
- *skinnyv-source
- *skinnyv-target
- *bolty

View file

@ -147,7 +147,10 @@ nixos-install --flake '.#'
ssh-keygen -t ed25519
mkdir -p ~/.config/sops/age/
ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt
age-keygen -y ~/.config/sops/age/keys.txt #add result to .sops.yaml
age-keygen -y ~/.config/sops/age/keys.txt #add result to .sops.yaml as a 'source' key
# add machine's age public key from /var/lib/sops-nix/key.txt to .sops.yaml as a target key
sops --add-age [source-age-key] -i -r ./nixos/i3/openweathermap.sops.yaml
sops --add-age [target-age-key] -i -r ./nixos/i3/openweathermap.sops.yaml
# syncthing
# vault
# firefox sync

View file

@ -1,4 +1,4 @@
openweathermap-api-key: ENC[AES256_GCM,data:6qCm3Oivna89wAi0slA0MEizKBf6BXxU8ISzFXuMM4s=,iv:8SKcOQQBqF6gA8xs+RzlRG4GscrLgm4MyOoKZH7AxhU=,tag:0ZDKZjxrlHbT0QmmfEq60w==,type:str]
openweathermap-api-key: ENC[AES256_GCM,data:8JXRYvBjy8/aDPcU8vpEObkewvf83gBFasoVOz1bUS8=,iv:8SKcOQQBqF6gA8xs+RzlRG4GscrLgm4MyOoKZH7AxhU=,tag:KNBGy1vS1fgOBMSAXkl8JQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -8,41 +8,50 @@ sops:
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRnN6MGltbUd4NlFnYits
emtkVCtkR2M5OXEvNUJxLzU0ME1IdHhCaW00Ck9YS0owTDc5a1pHL0F1THRoWmZ3
cVVSQ3lGczB0Z0NqQjJoMVJ5bXRlbjgKLS0tIDljdWdlRk1GWUVpVGFyN0tsQno0
NzN4VkVZbUZwd3ZOQjB5S2dpVUJacGcKnkxIl7U0wfZtEbj3drdcVuSpMwk+CJxz
bqMjyP3kzLkqcIfG7xJgk40SURrETrpPyXEst2j4cvKKna6qXjzq1Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoMm1vQjZQSU9nQzFHeWFN
QTYvU29sdWpkTi9BVUdONTZ5SWRFYUVidzNjCnlVelc2RXFuamxvc25FRGFERjhn
R2ZYTFBxT3hJbDh0Sk9PRUlpbmRReW8KLS0tIEd6Z2lCWUplck1nWjQrYWR4U3pn
QStKR0RnOW13RmRZZlVPN1EvaFVPQkUK6YFw7ej/dIw99Z3oaInuJVKEadhTvEvQ
Hc617o4lBNAzOgVJBsRpf9BLNDpr0oO285xLWB8jEFlCkymTPfrn+A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcG0zNTNOc1NadzAxWllr
Y1JwNmNOMXVvY1UrZGw1MmVuekJqZFdOaHhJCm1heVU4WnFOWm9HZVN4SWFJZ0tX
L3BtN1VXdWlJT2xXd0RTWDhMMVFqL1UKLS0tIE5aeERGZWxONE5kZUdGRE80L0lY
WkEwNkVNTDdYSGpDU0ZvZXc4WmlYYVEKvgW8cJrQBr1JLOUOgLzkrY0VuTqKpGr2
zgbfv3pkFyMrvIWPdhQYiD1YUXjS+O3DkYuQtQxGrnRGG3DUKu383A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBeGFpYzdUajJuZTUwZitp
WDdaVTF5d2xyYVgyeU4veS9udlRMa3BlTnpFCkZmNWg0clNMUjQ0TEVLcTBKeTMv
R0d2Tkk1Q3RxWHJsR0M4bzE3RlJMOEkKLS0tIEt3b255Sk5MZjhCQU5CSE5tcDls
S0ZoNlg4V1ZvSEFweVNMMmx2RFdCWVEKk3ADVZWiH66aA+gcwbFKnESx89R4x373
Mny0e9ZiWrSH8FU0/Ya+f8UWfA/c3NFvVz9uv5QO7g6/4re9aglvxA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzVTJaOUlQK3RmRDU3V0l1
YldSTlFiem1HRlZoc052ampLM25VUVJDWjNJCk1qVzJBV1JlbW5ybEZFN3Bzaksw
WVJFUW8wMkFJSXBJcGdPS0tSNkV3MTgKLS0tIDJZaHlRdHlRcm8rSVVCYnVMMDJx
aWY3MVhIb0t6Q1FGeTBxemQ2SUtZZVUKfBEeR4/UQXJbcvFgtipXkQ3HgoJDjL/d
YHUPLFM5MDcUg9mM0GvNCL/15DnyfuM6XH1iDgabOTp+C2TjIUGucQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTa3kwcHdwTit6Njc3N3pM
NEtRTFAwL0UrbWFZMHF1dGhOMDMyeCtIZERvCjZXbEcxWEtBRUZ1bmlkbkpYdW1M
ZzlRUVE3azVpZ1VCVHZuK1RwMGlxOU0KLS0tICtmRnRMVlpIeE92bFU0STUvT1Bm
Z1dnbEFvQmNJTU9Db0tYY1RQa0V3eTgKrA90cWE0zGpIsnHiweBmKZKdO4y1axz9
gnWvz5ViEkLgwP7TQhykcRq9B4Op3qdEoVBqHmJ996tlzxYrRrirTQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZElNRmJxUlhUNUtSR1g1
MzhzRFZCZ0RJNzZtc0ZrelFRcTJSYno1b0c4CjNRQUFQZDJHQUhWbFpqbnpDVVNQ
a2pDZGhqU3NhcEtzUEQ2KzVSVzlXYkkKLS0tIGRXY3ZyZmhiRXY2TmpTNXVtaFN6
TVduYWNXSndRYWpHY091d1FrdDhJQW8KbH4UTeaQP1YcvN4z0MNoer9hjeycrQPT
+cZPCsofN00OnToEn32YwxT04ocdkFig0tSZlacg2IjvMRVQMeq/Yw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQVRoM0Z2RVExVHVQR0xN
OG82VGxtbmIxSGd3bHRLNmt5dHZtanRMRmkwCmJ1NS9VZjZOR2o1RVlvNUtZODQ1
amt1ZTBCOUFaVlVlQXdpUkg1dEM3aVUKLS0tIFlXM09ZRk1xR09adUxKVHozWWJU
alU5MFJjQkN0d3dNZ3VpcElsQnRURGMKBKo78lEy3t9vgPX/j0euYwC0OJlFPRt4
+nmyJg88eMdcBY+vNqNCKQ4/61AxtLTH4qH0QS5vSf2Syy8mh5Tbwg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-07-16T07:48:28Z"
mac: ENC[AES256_GCM,data:nizqT2X5lqnh/afvUhBimmSN0pw+nzbdVcjrrGaqEKCQ2D7RRZGax+RCLbTld5NXjcFkHzbEA447WtGgaTvAX0tTypA8wYpFnL306hAdQueELl/fqf/fXWVGkCnP5OoU4gb8soV1vxPvN8LkY3+uh82DXfI6QHrA/SneP1qP4yg=,iv:DPbqcBmTWOTzTVF6wZffNeZvQBdG9Q2BCFhHXK1ZCjM=,tag:8vsszQbQCzNqDxAwpdwj+g==,type:str]
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqb1ZCdTJjTW5iU3BEQnJa
d2VLaHJlbUNiV1VJTHhZTDJXVlhhTDhQYzN3CkhjUjhUU1ZpcTR1VnBrK0o5R2ww
bldFUmUzTWRIN1NxZ2ZtRW5DU0czMG8KLS0tIFI4VUg5NnFwMkthT2UxQTNET3V0
OGYyNlQzcC9ybWdVd1N3UGxEVVhMS2MKe+MC46XDCSVQfOVXLmIRGppGs30tBicH
m96+2FgWOovJzFrgAMychYzkunQI6D8APE5jSU2apyzkwwxDAkS84A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-07-16T08:32:27Z"
mac: ENC[AES256_GCM,data:0SWCpWsvMlWHFFjEQK5UCld3qnURz8G+2Qj4HXRQY8dH8M5qscjzHxk8hausPppzVjiYpemyYDZ9IdDAqVtijhYjmuFdM6FvLrvVoNo4C7z8RadhxZkqJ0IZBUrMOyrK9pDssC/+LOljgKSv9RZwNIvb1QCyyezPQj5QLmUZipo=,iv:CEn3rZDKJG6/a6MuZReEytPy89S73nt3rnSDHHubghA=,tag:qn4COe6Wbv67UynhIpsALg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3