move sops to modules

2025-07-06 21:16:35 +05:30 · 2024-08-08 14:09:44 +05:30
parent fd92021844
commit 42a23950d6
6 changed files with 123 additions and 20 deletions
--- a/hosts/controller/default.nix
+++ b/hosts/controller/default.nix
@ -1,12 +1,10 @@
 {
  pkgs,
-  inputs,
  username,
  config,
  ...
 }: {
  imports = [
-    inputs.sops-nix.nixosModules.sops
    ./hardware-configuration.nix
    ../common
    ../../modules/nixos/headscale.nix
@ -18,13 +16,8 @@
    ../../modules/nixos/monitoring/promtail.nix
  ];

-  sops = {
-    age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
-    secrets = {
-      borg_encryption_key = {
-        sopsFile = ./secrets.yaml;
-      };
-    };
+  sops.secrets.borg_encryption_key = {
+    sopsFile = ./secrets.yaml;
  };

  boot = {
--- a/hosts/controller/secrets.yaml
+++ b/hosts/controller/secrets.yaml
@ -1,4 +1,4 @@
-borg_encryption_key: ENC[AES256_GCM,data:42q7OYR5HLqLzbCx0WZwurND8DGUnCw3fA+4ccEmNp4=,iv:GRj9jXnlfqDoxr55hS97gjqLzIP7rjqoYtRHlU5/9Lo=,tag:ybr8V9RumsU94ja0bLnfNA==,type:str]
+borg_encryption_key: ENC[AES256_GCM,data:7DZQaoS2a5mPjTej25vr1aO1yAAPyXT2tf/VxKrLxF0=,iv:it8JlyEj4r4Z+qDvoEWMQlGkbVh08M/BCkGLVzRCVKQ=,tag:81gRhru8J3hkQhIbgUOgBg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -8,14 +8,23 @@ sops:
        - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSzNTUzdTYzNpT21DL3gy
-            bjhHcXFWQjI5c0lSRUEwZXR2UmxOeG5jMEI4Ckg1OWx3NzVOWjIzRWtCblp5K2RK
-            b21xL2tBWDFqRXI2ZTloR0xwZkhtclUKLS0tIHFaYzM1dWdyUC95UWlsQU1xWjNV
-            akhaWXdrbXI0TDNNMlppcGovbjNia1EKNomA6zlZmQKE1DtX6JlurBxEkG9aiwjn
-            RZd5a9XPH8F1XhQF1tcZS+m3hGY00V7Zwiqe68PiiYWpxzZ/sSeR5A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TGpVMzNDZjNQSkNDQmM3
+            eXpvZDRPZW9Kbm81Z2VVUVZIckFNUC9zTEZzCmliUkNWS01YMHVRaUoxTS84VmxQ
+            UDZtbkhmZmdZVWVsaHN3djkwSERGQ1kKLS0tIEh0ckhDTkQvcEM0UFI2MUVXVHI5
+            WnhEdnRqazdZWmczYXYxNy9BMHdwdEUKYgB34OOezF3iF706pIfDmQ0FJEHXBbGF
+            EJRNmA4Zl1AwyzkN3NSlctzvxx201T1GWL4qZeyVafRv5jQ9oSfK7g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-02T22:42:23Z"
-    mac: ENC[AES256_GCM,data:C4ueRlhrqollpi6ZE+126idf2SiAd2GooO7CTWR49ACW/y4q50B8girPtuY7Pgig0y/U0rWIFHFwmOwXyJJ8A6YtzD0VzWhZN7Aeb7HGvu/0o4V5OPjH1ZdQ6bb8YyeMQ5RljnG7/Pa/QasFS6h0pv3jnkKYrCCkbxNmKk/DcLY=,iv:UXi8rBLkdgp/bCxIE+6PvgdPv6xJmKtQX/WUVmoKeKc=,tag:Fpo44OFp0CYVAwDFx5WbWQ==,type:str]
+        - recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHeXNrT3c1bENOK0lNZWNT
+            eFBqYm1BRHBhakFQMVVIKzR0SDRDOW9jUXdBCmFIQWZRSnBlOFBralVFakQ2clNY
+            Q1Nma0pRVHh4L3IwQm1GbTdqb1BUcWsKLS0tIFRQOVIxb1FRc29WSVVERWsxSDhq
+            NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
+            uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-08-08T07:50:43Z"
+    mac: ENC[AES256_GCM,data:HjKpSZ1GNp5yUphE0edv9dN45kVTh/jZVQWb+d2Ve46932e+Shadt90DclsLexlxkSFSRqBxWNl1+JqD1OBfuea73Z6zykRpjz5kcRcop8o3KSEG7V/cTvK/SRSglkIHwrO4ALweoUKjixct7ich+OqTHJ06KIxSWNcRpAYlFWQ=,iv:JZ0JX2B2LJcq3+9O9KdKupV9f1ydbMCyDs8bACphOP8=,tag:V4LKBazr4+Dj1UXtoBaWLw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.0