homeage: add secrets
* infra backend
* infra vars
* general envs
this way, secrets are only ever stored on the system (including the nix
store) in an encrypted form in ${XDG_RUNTIME_DIR}.
This commit is contained in:
parent
bb607f63da
commit
beeff9db75
SSH Key Fingerprint:
SHA256:Dp8+iwKHSlrMEHzE3bJnPng70I7LEsa3IJXRH/U+idQ
1
.zshrc
1
.zshrc
@ -138,6 +138,7 @@
|
|||||||
|
|
||||||
# User configuration
|
# User configuration
|
||||||
source ~/.dotenv
|
source ~/.dotenv
|
||||||
|
source ${XDG_RUNTIME_DIR}/secrets/envs
|
||||||
source ~/.zsh/aliases.zsh
|
source ~/.zsh/aliases.zsh
|
||||||
source ~/.zsh/functions.zsh
|
source ~/.zsh/functions.zsh
|
||||||
|
|
||||||
|
|||||||
12
home-leo.nix
12
home-leo.nix
@ -35,6 +35,18 @@ in {
|
|||||||
# can be "copies" or "symlink"
|
# can be "copies" or "symlink"
|
||||||
symlinks = [".config/sops/age/keys.txt"];
|
symlinks = [".config/sops/age/keys.txt"];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
file."envs" = {
|
||||||
|
source = ./secrets/envs.age;
|
||||||
|
};
|
||||||
|
|
||||||
|
# infra secrets.
|
||||||
|
file."infra-backend" = {
|
||||||
|
source = ./secrets/infra-backend.age;
|
||||||
|
};
|
||||||
|
file."infra-vars" = {
|
||||||
|
source = ./secrets/infra-vars.age;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# build a configuration and switch:
|
# build a configuration and switch:
|
||||||
|
|||||||
2
secrets/.recipients
Normal file
2
secrets/.recipients
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzJL8/M+tTejrAPoomHKtlYk8lINBLHaH+p4SLt3sBG
|
||||||
|
age15959gprm59azjflvpj97yt0lj6dj4d2yv0nd6u9jp32lzwp3de7qzhf85y
|
||||||
19
secrets/envs.age
Normal file
19
secrets/envs.age
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDZUei9UUSBvSUtX
|
||||||
|
b2FkTXgwQ3IxeThvNC9lOERXOVNjbEtNRjVIY0tyMXBQalByMFR3CmhOMlRoS09q
|
||||||
|
UzJvTWpBTVUwMEFkT29tTEx5UGQzUml3bUtxOXNmdUd5R2MKLT4gWDI1NTE5IGFm
|
||||||
|
dDZZVWRYbHlIY2NjbUtmNU80Rno4R0lTdSt5b3g3a1hXVG00eGJXMk0KeFVGZWtm
|
||||||
|
VU1uenJaZU9CbFpBSFdSYnFYYWNpRTFRbkRKdDVqUVVLdktzdwotLS0gU1BvOGpl
|
||||||
|
d01Meks4VnRkVlRjRjRsdXV4eG1aUjlkcUJIQ3Z2aG85bmJxWQqm0MSO0q9WZyS+
|
||||||
|
FFOOTm7RDZp6jF2GSmLnTV+RCx2Cmt+pGb96qqBdHj6LwqZjL6PjhxbLkPBy5aO8
|
||||||
|
MQfHSukMcKiGeHYw+go35z4ZbB2u98N1R9YzxKLrVLhr1rJXfuL0Hs9YILAZ2c73
|
||||||
|
mPk57KA04ni6USxbdmoetWScnppUUis/59elYSVabYC0+KXE0pTPqBOFlB8uIei/
|
||||||
|
15ZeudfVgGZwijGzAZF6xLHXbx+P4BDZypQA8YPgcPbp4GCpFb+n1c4DuZxAGS2g
|
||||||
|
OlfCTOHl81vubPiqemQ+VS/GGahxdzjhXs2TRqRdHgPSMwidzIjEtjx4r+xhgCoG
|
||||||
|
WrK+0v7zyUU6G3ykhbttto2LMxWPS98K9pP1iWGr4J1+UykQiG/GyWoZYa5UwmHN
|
||||||
|
Km06kEHC51tZ8GwF/ALZWk80+Wubc35dYLZNfb0R6FG3Lvel3Su0ZhosvKlTTrnP
|
||||||
|
U9ituCCy8+XwLXGb5t2oioGUxA/QSBdzcGFGSqOLQG5OtikR/Kl3np3MITpXpwLB
|
||||||
|
uGxeAed0/DAGjMfen8eGlGPXIM2RWshvsXvtBoKfkkaSgW3r0eV+JENefP0Ls3P5
|
||||||
|
SezfBwEymwZwGTgD2PH41T6k3bJNfdNPaTrivd66fnNyTevpQf2LshDAotm7dqWM
|
||||||
|
FNArctQ6406/wrS5Fn79ibEV8hEgQRawrbA=
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
12
secrets/infra-backend.age
Normal file
12
secrets/infra-backend.age
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDZUei9UUSBzb3dt
|
||||||
|
M2prVGp6dlArbk1wT1VrK05ZcDJXTmgyM0JITmFHblpLcTRpSzNNCjU1Y1BvOXZS
|
||||||
|
NTJEVDFWeENSSWZZWG1rRTlKZHJHYTA1MXpiUDliTkpWbWMKLT4gWDI1NTE5IFgz
|
||||||
|
V3A1WEtXVWcybEh5NFFOMS9iZS9hVXJHTVV3bDE1MmE0c2Z5UVRFVXcKT3p3cmRX
|
||||||
|
VlZLdnBmZG53aDJqOWJrc0M5cE5qVWxRbWJMU2hLSVdtYmNpWQotLS0gYzIzbmVW
|
||||||
|
Wi9IM256TFJMWkFzckc3K0RqdHYrcHlNOVhlc2F3b3hYQitvZwrCioyrYO/hFHDT
|
||||||
|
AAiwVCvCCYiNYhKtuEOFqPjnOEeK7c+3lJVP+ZLJifL45TMF1fwl5cVG1r7ToQk1
|
||||||
|
giJGDtwffkAYtYBa8GkqsEwAvbTiJa0DGmM9MSrTzLFXHS/hhtfl0E4Otwn7rH+z
|
||||||
|
n5QQBnpJVaoU/WvIt0DoT6rDYYtgsOFegR9Wgui066pFB3YXBkLiuS7afZCryPSG
|
||||||
|
JmDpxoaQReYpV/8orMVHrqdSKK5F8ekBg2rK2QKVNlniqj/qLswBqPSL/xutXoy1
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
16
secrets/infra-vars.age
Normal file
16
secrets/infra-vars.age
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDZUei9UUSBYZUc5
|
||||||
|
WVhUVkdraDlvbXkzYllJYUdydDlLdmNSZGlTMzE4Q0ZrcWJaN0dZCms1NUUzaVR3
|
||||||
|
eWtEci9kdGNXa0JNNWxjRGdWZjVaTVRlUlRRaW9MUngwSUEKLT4gWDI1NTE5ICs0
|
||||||
|
OW5oWDNNUFF4c1BLeWJiaWIwZExrVlFpeEtZN1l2OTFIZ2hKUFk3UkkKUmhnSEM4
|
||||||
|
VFZUZWd2WHlRQkFZRnNDUzJRV2E0NWRXTExXWmpiQnUvMlNldwotLS0gaWtpZ1ow
|
||||||
|
U3Y0b25naGJ2bTk1dXcyYVd2U2M0dlp6WG9EaDVyOUt6WnFGOAqvuD3+A22eJGJW
|
||||||
|
awMb51pWjgC+dc3vu07rfm8n4XpQrYMJ5sO2i4++Bszg5Y4VYdRy7nX5XfvBcVoo
|
||||||
|
/q3BVXKXdNL2c+UIyoRR8Kh/FOvrK13mXSnwvCOL8xo/OCFUyBsUSapSKLuvMuIQ
|
||||||
|
DLWB5feiEeKzdI6vEQHGcRkT2mokCCvWdbn4XuyBr9gkXaxiVxkzHHenAsCyxz9Y
|
||||||
|
osEpDpnqaioZ8hq33jm/wWCDHDj12XHWSj9oPH0yaTDUhoknDqxyH2TW00+PjHbf
|
||||||
|
dPECATbsHHcEzMQ/8/xfTsUdQBa6DjOQMmhX6aGw6bg7Oq+Egffb8ky4YYIXEv5u
|
||||||
|
cchVpZxYFUxJLvUjlwjV+O71D64yNBtQavTGlvqqxeFxuMP/gOiUlNJDtigAZEa+
|
||||||
|
2ltZih+oSue90MhC3RBNAwMLuo/jDR8DQOYzGTWbvDQAVzJAk2uC25tZ+2FaoGbO
|
||||||
|
gNcl4E8KBpsOg6nU7+nJLYdK9PlIdyHy7GfN/QLNvwnCs/yAUQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
Loading…
Reference in New Issue
Block a user