sync

2025-12-06 06:01:51 +00:00 · 2023-02-26 16:45:19 +00:00
parent 457ab6199d
commit 275b685c09
4 changed files with 32 additions and 59 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -16,4 +16,10 @@ creation_rules:
    key_groups:
    - age:
      - *adminkey
-      - *STU_ID
+      - *STU_ID
+  - path_regex: user_dotfiles/.*$
+    key_groups:
+    - age:
+      - *adminkey
+      - *STU_ID
+  
--- a/hosts/common/secrets.yaml
+++ b/hosts/common/secrets.yaml
@@ -1,57 +0,0 @@
-sstent_password: ENC[AES256_GCM,data:WBVW5fBqfKqI,iv:v/MHSgaCM5F2++OPbidVF75UH6fJeWJlj5PaZhZRiTU=,tag:9CNHHvQBHUmVhZ29bo8dOg==,type:str]
-example_key: ENC[AES256_GCM,data:nFMTN2mxDyCuWTB3CQ==,iv:1C2I7tSW15sGOdfiL1GvIOmCUeH5QgNI3zUWUBiqz3U=,tag:M3jaoS71WOTRe7JH2IFoow==,type:str]
-#ENC[AES256_GCM,data:kmiX4PQr6LCSeIAnaWg5Vg==,iv:bYDdcMQyfKWgw6nqMaVTRPdKaukinOVifRcissdN7EI=,tag:An6CITxn5+g2DH2yxRKnnw==,type:comment]
-example_array:
-    - ENC[AES256_GCM,data:ZvYNnG3Eth6u2INUF9A=,iv:iBhi9av/b2XrgEElTttgsr4GEsyprJ1/3DN18dDpvW8=,tag:mEeilFezrMWVJ8zFsIRTaA==,type:str]
-    - ENC[AES256_GCM,data:BA3E0wZv2TD1nJ4QoTY=,iv:mK2500yAbmmviq2/HuGPS71Adqxk/dZbyZvIH9bREhY=,tag:J2nVJSO5SNlg0LbupzyzkQ==,type:str]
-example_number: ENC[AES256_GCM,data:ovijNr8tbyQ8Ww==,iv:02UHA0FDiYsM1WiostcpNjhp8Fz6zvVgq2ccfrSicI0=,tag:1a2flzhBtFUaohl8CTUCRQ==,type:float]
-example_booleans:
-    - ENC[AES256_GCM,data:4Jnx+Q==,iv:jRAv486sWUtSXaDGQhUNq6ol/9Sjj71g1a9oemYbCT4=,tag:QSk3a0psmzdIKSDppvHLlg==,type:bool]
-    - ENC[AES256_GCM,data:kRIyTMI=,iv:57H3OtVIROJVfSRu+eLY1BEYmTWAcnRJqMn5ewYii+4=,tag:RzUieLUjdkK8r9qXwgozgg==,type:bool]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVFoyWHJ5bURYSlRPenhw
-            dUxBcUJFQW15L25xSmdIVFNjNGMvQlNhSkFZCmFXWGIyUVBhT2ZPRUVOcWF5WWlC
-            Sm5ra1ZxMWVrcllPQWFBbEhPOTNoOWMKLS0tIHgyaFd1NU9jMHVRRHZLaHlUZFpV
-            c1VPdzhyOElhdnNWNGJtQVYwdGlzSDQKVKEr5ZPTUS3VPY+ywsmJaqGtQs/vH+ll
-            w0dyVelfdqaaZixBqZi+3D5IkL3g4Tx88R498YhgS1GJZDchf33itg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NUlOVHhzVEU4L0RVeTM4
-            RzJXRGxRSkFIbXlHRkZhY2xOV0sxVmNIOENVCm5zUVRJRG9HaU1qMlkxcDVpM29t
-            ZGczOE4yeTdubjU1TzFyZlRLLysvMFkKLS0tIDlIajVwcktRNHl5YlVNeVBpVTlB
-            TEQzZ1dqc3crNFcyK3RMSGtJN2ZTQzQKPX5QRpyq+snJq7BFeIuibls0JT87DxSM
-            dfWALls+0GJ3p+iRGxCZvPEsD+1b21V1Ky9nPGsD3yr+IURJOkw/4g==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcXFMajNoVHY3YlowQmtN
-            eEt4QWMrUE9reTJhYmRrKzFkNDRqenM5TVNzCjh1bUR1K1FVaDF0Q1FLbHV4RWs4
-            bmhwdGtGazRIK3c4b3hjcnQyMlJIRGMKLS0tIEhqSXdrZEg5Q3BiUHl2b1JOTVZK
-            OU50RmdKY0w5OVI1akFHR0N6OUlScTgKSqYdXlXoLaOZLTVC83qXydvGBxOHctzf
-            Cdfmj674Ih4kqzFcM+0yFtOb574fAkaeU9fH58uoZ97Y8HNlLUHSAA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZ2VIQXV3RndKUDNhZEVY
-            RlNNWnkyUFYyd01TYVR2UXR2QS9OeWkwVEdNCkhwakdXYkhkZlc2TXNtQ1pvYUFY
-            UUZMSUlNWXZxN21DQVhzTXNqTSthcE0KLS0tIEdsRHVQV0RudUppNXdEb1lyRDVQ
-            NVRURnUyUFA4OC80K2NqWDNlcW1nSVkKJDwadryzf4gpv+Ije54EL4XCiJh8DCVa
-            Kw9VPkU6WbpT8DMEUkvaydVhJm9QkT7XVAPd8xNh/INsCWhMHZsD2g==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-02-25T12:39:29Z"
-    mac: ENC[AES256_GCM,data:s/GL2GLHc40rJpi8E1mf8O3WMr0wl8M2E4wYlmf42U4Jzta3dXADieBPm/Ezb8Gz3PHehtsmpn7xqJR4eIg7f6aAA5+Twcq3yRrHdALrjiW9c2sK8zso4JrRLGhXvCXqbYyFh5qXl1QmOX7dndVEvgWu3GGLe2FY1UMUhgbn6Dc=,iv:64NAs7pT0CvRJ/3/NYgml0G3sYx2L9spvjDBFl9srws=,tag:X8Eeqo2K+fnQ1hOHuNU9zw==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.7.3
--- a/hosts/common/sops.nix
+++ b/hosts/common/sops.nix
@@ -6,7 +6,7 @@

  sops = {
  # defaultSopsFile = ./secrets.yaml;
-  defaultSopsFile = "${config._secretsstore}/host-secrets.yaml"
+  defaultSopsFile = "${config._secretstore}/host-secrets.yaml";
  age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 #   secrets.discogs_json = { 
 #   mode = "0440";
--- a/secrets/user_dotfiles/mrconfig.enc
+++ b/secrets/user_dotfiles/mrconfig.enc
@@ -0,0 +1,24 @@
+{
+	"data": "ENC[AES256_GCM,data:79rWO/IObc3cJsx+TtN32vGS3Ga4jmqR9HDygi0M+1KMHihxkcezhijmN9yRqxpWBmnQdkpgtJxyuEYR1Eza6UpCCq+fZ8HgbToNFKm1KrhAtB8S8YlMpVHwVQJA0kOl7HIouMafYjxjNyjqNe8G6ZPkVMQq0dghbwPhJ0ij+uNR4lNwpE3Td7voPn3aDPUXUO90vWTRa1CxUdxWIW2h5xVcWSdRoeh9MPcP9/JK2P86nDHmAih0opgU/Dn8/h12tySVkkCVuckdwU7gHzxvV2bILtQaflhi7kITN8qGfj3jL2tgJ88Y3QfAA8NsRr3O3qs+ngT3zYn4YpQSIJE4pT/t8eGUvOUT9A5ocCKd87TP5TfGYmBCqBCcgkFdlpQaXbrHdqRe4FStdkfPmWdYo/JyvwBodKSDN6PE3rI14tBkjJyXG66BB7LJVwNdgxgwVtbpQ2ucAolT2vFnilJ3yqCxnd0riPmKdyI4xxQhsH+wb+IDL/AhhtUKp4uZVp2dJKiyBY9BSbM44AWa437zbluONEtRS+awuVXFVXi5lx/OqC3eEpgOJF4ePspy8RCGFGPbOYp4efU2VbiZVjwP7ZMXaOuHuqeeKG+8S9nMzKIP+OPykYZhmZk41vKslBxZb5FyZTHqfhRBxNRXfRjQMKg2shwt1khOT9MIlg22hc5UnkH0Kcgj1bP2yz/7AQSgl1hNULENVD2tY/eGMnohE3KWIgi0wn39di/lsc9kU5PXLHj7yRdd5mS7RQWqhcYxeHczM2JPHzRojn4OUuE449NDtzKAZ5Va/3Gm1buqGzndP4RzS9XPPXn/6hfGiZyG0Hl8RMGut51eRAA632wu0QHv5T9jqp0T8Pmvy1/fXT1B19ePDd8UHTyBJP1nnbmg6EFtiVmTWNyAqhe3u4ZlbTDDuClczSoD1NALCc7sBTjJ0xd/pZ/zyX49TK1rbZ+SN/FosjXFVaEmNTxWOtO5x1tQ7uRNCYwZW3HBu8AsupeztkA40nRcoZIwrEtzCkHkB1gMwWt2Cwme7U9LF6F5Ruh1niCoFYZsHn+xsPL5sDEhNb7G6Ui+WfhkEpUawBQlHnSd7IMSrh5GM03pL+LyuZNtkr2Ze8YMkytpBQG7LLj7hIvkHOx4x+IsaXCpyu6TrE4eupBxYa8AhP67u6AEGOszPldX4N+IvEZ8Fbc80YBDEdkemlLhEyE3janff7xr9dj+rS60wpBKFAfi6gzI4xwL88cxrK4FBfTvWdMG/wI6RtsKNkKTp0QmuydOD1TyRC4CwXW9RJSmSZlhiMZxv724y50o/OivSJyXCrrKfLJ7zK/vBJC6kft0QOhlxZhp0r0pTDgAzUw6klz10/QSli4PklrH9eHi1gNigA==,iv:/1sFG9IL5Kghbeko8tB44GEiBEaKCB6bGFgqdJVc8ao=,tag:J2GWzfKHkZk4uvS/jJr+7Q==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcmRSZnk1MlgvR3Z3M0tB\nV1dvVmZ3L2JLZWMrQTBzeTBXTVhDQVNubTBNCnNVb2k0VVFsOVJSVnBzRU54amV5\nTThKMTQrMko2clh4SEVLWGtabkFUUVEKLS0tIEdVRWRwd1Y0NXMzZGZzZXNOcVc5\ncHZ4RUpabWlmaFhTQUNhOUxrcEhrcVkK7NArQ9gJccsU826BcJWrpA/q1BxyQ7W0\nF52LdPcXpa7ssMiocsLgXyWlg+kasE1INFSl1o0sY69wBTOuYH1XUA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1r86w07gy3nm2ltkqx7wcv94wzneeqmqvcm88nzw4g902kdgwgvdqvjumrj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFaC9WNUNZTG1GYnJIK203\nYW1tNXVwdGh6WXVZTEJCVm9mMkFjeG1pTG1jCmltdU1YeThoTkZsVmpvRVpTTVlK\ncllNbUpZaTZjNkNCbnJYMUxxVkVxcVkKLS0tIDNocDd0V3JoWTNndzV5V3VYaWFY\nQnBXQWVPSmljV0ZIMTQ3aUZYNlZ5K1EK+J13LdXi47ylyZDDNDHtor48dqp6nC7H\ne5M/VESLNcw9l0cbORSSfbAnlFC8Pp8o9IWB/iCW9GDHwVdM5oDG7Q==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2023-02-26T15:18:20Z",
+		"mac": "ENC[AES256_GCM,data:m7uL2PmASUQBBSro9qgbqvR88btHPd97h1YX7utQKNMwgN9XhlvXvBWiIMZnOjnQJw7ot6waRL1c+KDCc50MTZxJk1s3PxLUQYaUWD+KjbFKqS9rsmAevnWk3+AtKz9/my5Wz/nG6aFFceOvGbu7ORZPrNW2qEKncsXFAp2+dvY=,iv:qooP+rYZgTWpykbmszuX1NVnWJGqUMJyMXLUsa3AxtM=,tag:qqIiF7d668xTid9+hw1rHw==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.7.3"
+	}
+}