homeage: add secrets

* infra backend
* infra vars
* general envs

this way, secrets are only ever stored on the system (including the nix
store) in an encrypted form in ${XDG_RUNTIME_DIR}.
This commit is contained in:
leo 2023-06-27 22:29:00 +02:00
parent bb607f63da
commit beeff9db75
Signed by: wanderer
SSH Key Fingerprint: SHA256:Dp8+iwKHSlrMEHzE3bJnPng70I7LEsa3IJXRH/U+idQ
6 changed files with 62 additions and 0 deletions

1
.zshrc

@ -138,6 +138,7 @@
# User configuration
source ~/.dotenv
source ${XDG_RUNTIME_DIR}/secrets/envs
source ~/.zsh/aliases.zsh
source ~/.zsh/functions.zsh

@ -35,6 +35,18 @@ in {
# can be "copies" or "symlink"
symlinks = [".config/sops/age/keys.txt"];
};
file."envs" = {
source = ./secrets/envs.age;
};
# infra secrets.
file."infra-backend" = {
source = ./secrets/infra-backend.age;
};
file."infra-vars" = {
source = ./secrets/infra-vars.age;
};
};
# build a configuration and switch:

2
secrets/.recipients Normal file

@ -0,0 +1,2 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzJL8/M+tTejrAPoomHKtlYk8lINBLHaH+p4SLt3sBG
age15959gprm59azjflvpj97yt0lj6dj4d2yv0nd6u9jp32lzwp3de7qzhf85y

19
secrets/envs.age Normal file

@ -0,0 +1,19 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDZUei9UUSBvSUtX
b2FkTXgwQ3IxeThvNC9lOERXOVNjbEtNRjVIY0tyMXBQalByMFR3CmhOMlRoS09q
UzJvTWpBTVUwMEFkT29tTEx5UGQzUml3bUtxOXNmdUd5R2MKLT4gWDI1NTE5IGFm
dDZZVWRYbHlIY2NjbUtmNU80Rno4R0lTdSt5b3g3a1hXVG00eGJXMk0KeFVGZWtm
VU1uenJaZU9CbFpBSFdSYnFYYWNpRTFRbkRKdDVqUVVLdktzdwotLS0gU1BvOGpl
d01Meks4VnRkVlRjRjRsdXV4eG1aUjlkcUJIQ3Z2aG85bmJxWQqm0MSO0q9WZyS+
FFOOTm7RDZp6jF2GSmLnTV+RCx2Cmt+pGb96qqBdHj6LwqZjL6PjhxbLkPBy5aO8
MQfHSukMcKiGeHYw+go35z4ZbB2u98N1R9YzxKLrVLhr1rJXfuL0Hs9YILAZ2c73
mPk57KA04ni6USxbdmoetWScnppUUis/59elYSVabYC0+KXE0pTPqBOFlB8uIei/
15ZeudfVgGZwijGzAZF6xLHXbx+P4BDZypQA8YPgcPbp4GCpFb+n1c4DuZxAGS2g
OlfCTOHl81vubPiqemQ+VS/GGahxdzjhXs2TRqRdHgPSMwidzIjEtjx4r+xhgCoG
WrK+0v7zyUU6G3ykhbttto2LMxWPS98K9pP1iWGr4J1+UykQiG/GyWoZYa5UwmHN
Km06kEHC51tZ8GwF/ALZWk80+Wubc35dYLZNfb0R6FG3Lvel3Su0ZhosvKlTTrnP
U9ituCCy8+XwLXGb5t2oioGUxA/QSBdzcGFGSqOLQG5OtikR/Kl3np3MITpXpwLB
uGxeAed0/DAGjMfen8eGlGPXIM2RWshvsXvtBoKfkkaSgW3r0eV+JENefP0Ls3P5
SezfBwEymwZwGTgD2PH41T6k3bJNfdNPaTrivd66fnNyTevpQf2LshDAotm7dqWM
FNArctQ6406/wrS5Fn79ibEV8hEgQRawrbA=
-----END AGE ENCRYPTED FILE-----

12
secrets/infra-backend.age Normal file

@ -0,0 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDZUei9UUSBzb3dt
M2prVGp6dlArbk1wT1VrK05ZcDJXTmgyM0JITmFHblpLcTRpSzNNCjU1Y1BvOXZS
NTJEVDFWeENSSWZZWG1rRTlKZHJHYTA1MXpiUDliTkpWbWMKLT4gWDI1NTE5IFgz
V3A1WEtXVWcybEh5NFFOMS9iZS9hVXJHTVV3bDE1MmE0c2Z5UVRFVXcKT3p3cmRX
VlZLdnBmZG53aDJqOWJrc0M5cE5qVWxRbWJMU2hLSVdtYmNpWQotLS0gYzIzbmVW
Wi9IM256TFJMWkFzckc3K0RqdHYrcHlNOVhlc2F3b3hYQitvZwrCioyrYO/hFHDT
AAiwVCvCCYiNYhKtuEOFqPjnOEeK7c+3lJVP+ZLJifL45TMF1fwl5cVG1r7ToQk1
giJGDtwffkAYtYBa8GkqsEwAvbTiJa0DGmM9MSrTzLFXHS/hhtfl0E4Otwn7rH+z
n5QQBnpJVaoU/WvIt0DoT6rDYYtgsOFegR9Wgui066pFB3YXBkLiuS7afZCryPSG
JmDpxoaQReYpV/8orMVHrqdSKK5F8ekBg2rK2QKVNlniqj/qLswBqPSL/xutXoy1
-----END AGE ENCRYPTED FILE-----

16
secrets/infra-vars.age Normal file

@ -0,0 +1,16 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDZUei9UUSBYZUc5
WVhUVkdraDlvbXkzYllJYUdydDlLdmNSZGlTMzE4Q0ZrcWJaN0dZCms1NUUzaVR3
eWtEci9kdGNXa0JNNWxjRGdWZjVaTVRlUlRRaW9MUngwSUEKLT4gWDI1NTE5ICs0
OW5oWDNNUFF4c1BLeWJiaWIwZExrVlFpeEtZN1l2OTFIZ2hKUFk3UkkKUmhnSEM4
VFZUZWd2WHlRQkFZRnNDUzJRV2E0NWRXTExXWmpiQnUvMlNldwotLS0gaWtpZ1ow
U3Y0b25naGJ2bTk1dXcyYVd2U2M0dlp6WG9EaDVyOUt6WnFGOAqvuD3+A22eJGJW
awMb51pWjgC+dc3vu07rfm8n4XpQrYMJ5sO2i4++Bszg5Y4VYdRy7nX5XfvBcVoo
/q3BVXKXdNL2c+UIyoRR8Kh/FOvrK13mXSnwvCOL8xo/OCFUyBsUSapSKLuvMuIQ
DLWB5feiEeKzdI6vEQHGcRkT2mokCCvWdbn4XuyBr9gkXaxiVxkzHHenAsCyxz9Y
osEpDpnqaioZ8hq33jm/wWCDHDj12XHWSj9oPH0yaTDUhoknDqxyH2TW00+PjHbf
dPECATbsHHcEzMQ/8/xfTsUdQBa6DjOQMmhX6aGw6bg7Oq+Egffb8ky4YYIXEv5u
cchVpZxYFUxJLvUjlwjV+O71D64yNBtQavTGlvqqxeFxuMP/gOiUlNJDtigAZEa+
2ltZih+oSue90MhC3RBNAwMLuo/jDR8DQOYzGTWbvDQAVzJAk2uC25tZ+2FaoGbO
gNcl4E8KBpsOg6nU7+nJLYdK9PlIdyHy7GfN/QLNvwnCs/yAUQ==
-----END AGE ENCRYPTED FILE-----