sync

README.md

@@ -8,8 +8,7 @@ sudo ssh-keygen -q -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key
 sudo ssh-keygen -q -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
 
 Local
-sudo cat /etc/ssh/ssh_host_rsa_key|ssh-to-pgp -o nixos/secrets/keys/hostname
-ssh hostname "cat /etc/ssh/ssh_host_rsa_key"|ssh-to-pgp -o nixos/secrets/keys/hostname
+nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
 
 
 

hosts/wsl2/secrets.yaml

@@ -0,0 +1,48 @@
+hello: ENC[AES256_GCM,data:Ud5OrxfxTTd+hODqAVPNQ+uBm1TfoZBOX4Kuf9sYesdXvVAXfRs7nfl/oc1CxA==,iv:7OkyOuVdF/EP935qEKoCajBOjj2vXcZIta0w+cA/oRo=,tag:E5gdJgq4mID80VEWUFzy0g==,type:str]
+example_key: ENC[AES256_GCM,data:/RfLk6gTT0kIMCBSoQ==,iv:j3Vfq0YUSpUX69enVUM/YIw8nf2VFmywZTrqsUCz9V8=,tag:zxWFJcASmACnNi4UzSgADg==,type:str]
+#ENC[AES256_GCM,data:840IJuzeLeueawtP2Fsu7w==,iv:eyGxQuV7VjOu/28Rhgjo4brcgCad4QVCEVwebrLvUaY=,tag:B7AKsAOAZ3+Z5PYGIoRIyg==,type:comment]
+example_array:
+    - ENC[AES256_GCM,data:ej1qqKCsOHC2gFUFOoI=,iv:wUSGEUaGsa2jfvPAbcfxPdFNzfvqBYTemNB5479lobg=,tag:T3vR3SzqwxIqG/NFbrODAg==,type:str]
+    - ENC[AES256_GCM,data:iems8hE9Rwdra7nQzcc=,iv:9SUJFkhM8auxdgPiHoiNfN9+kyCzVglx1Ct2Z0vSMDI=,tag:DsXhv4/ynPZEFk/xd4oYEA==,type:str]
+example_number: ENC[AES256_GCM,data:6XOMhg2zcxpEbA==,iv:Eaz/c+v6jldx34IrJSVx35htQQ94VLIUuQCqXKpnZus=,tag:S6/1ZaLOEuzkg5ukImfnVw==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:dnmmWA==,iv:4wpHwmjngwWOZs+Bel+4R4U1gythHK6+eklxac6vE9A=,tag:hr+4s/mD/pio5NqEae83QQ==,type:bool]
+    - ENC[AES256_GCM,data:bUDlFik=,iv:Z1nxFy0Oin+iSaWvkf3S7mhOREz9hgtOBKHMdmrErLo=,tag:wlNXVZzNv35OcRpq63pcSw==,type:bool]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ3pIMFREMVYrUFRDWHZC
+            a2Fkc2hESllPWjVVejNEWlMrR0hON1NSclhZCjRmOWNsTHBIUFdVSFlLMzhGbXJj
+            ZHBDVmVIWnd6YWc4VzBOK013TXNtbVEKLS0tIEZacjBaS3pzemZubXBscXdKbWVO
+            R2licUlGUmoxRmlsUTVKRytHZVNlejgKerHAPjXKYvX8aNDH87s6IX25XtdI6wlI
+            mnrQJc++j6UxQ+d01g8MijCGATuj3dh92dbU3RtXuL66SBYGoTsqDA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNm16TmN0bHRTK2gzOTN2
+            dm5oRmZpdFg4RGZSeDlXUHBzeVFET2lYcUJNCnlweER4WmhDbVVRSXNiL2M5d3pi
+            REJpTjE2Z3E1azI4eXBQMlgwajNDSWcKLS0tIFN3NXFnc3BnVDVpdFdOUmRlRE0z
+            cWx0RW9nZzR2SWxsQitsOC9TWXF1b2MKAjhh/efzeQ8dyXEgiSWNYtrZVpyRUFO4
+            0O42tC/d/64iE3RVEN3+spkod4iMT0WAD3riCvPJMbtYnBb827ehYA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UlBrVTJNV0JQOWlGZGRG
+            VWtQcHhNZFZyRURiV1NqdGNiRmhnR0JyaERrCnRpbEs0UlNrVkhuTXFiMEh0ZFhZ
+            emJ4NDFhRzJUM0xqOGNFUytTS2VWYW8KLS0tIEI0NXFwZnhjV0dKbUdUNG8xWmow
+            a2xBNkVCNFRqbSswK09nMUNpMld2Y0EKoITJ8ZDf+RbFLhtrrz00wRqdh/gw+z7+
+            RWPAlEzcuTLw4qyLTymCtyStUMTC29O+y5kz4dcyOLUyu5qAG4IEPg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-02-22T20:23:22Z"
+    mac: ENC[AES256_GCM,data:4UNFXIZMpz2B+6L36p+6EIq6qrk3O2jhoqKiRdWHtEPS19DLcStvbG43JZSbQDt8JdUnZ3+vtx22wnCjxZ2sR1gMqEZZIieMuP4zqzdRjbnlaLs8PSvGIvQD66xcF4isJWuP9VhTM99DvlgZnlIRWb45HLhsL4w7bIo5f1vtuzo=,iv:MYgAL+fbYOlbqWUpFUvQcX2AMHrXsCBuSu2ImBv+sPQ=,tag:HSSrxA9mpeLOdcPS1LwemQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

outputs.nix

@@ -14,6 +14,7 @@
     devShell = pkgs.callPackage ./shell.nix {
       inherit (sops-nix.packages."${pkgs.system}") sops-import-keys-hook ssh-to-pgp sops-init-gpg-key;
       inherit (deploy.packages."${pkgs.system}") deploy-rs;
+      inherit pkgs;
     };
   })) // {
   nixosConfigurations = import ./configurations.nix (inputs // {

secrets/keys/STUPC_WSL_NIXOS

@@ -1,28 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-xsFNBAAAAAABEAC4mmn7K7t/5YwUiMCPfJtK7mX1k2sQoKNAmltJ434c6sgvAf/7
-o9hxugJznTjx/iRPU2at7P5cX+aK6E1GhDq0SjOCE6AiUeu7kdjqetRjYeGX2r1b
-aQLOoF/IEShlukEcnVGt7BhvZawM8hKZBpcYJZM33wkWY416QLrTbr/ZFcVEVuns
-zQzzTiw5IxOsYnaIKglJCOEnO/QmNup85XsQW81DCERKzRkAuTxP3bI+b2KnjbgD
-flHaudE5KTPXEqy9Xgf6fHQHxAy8TtXztuT2HZcrnv7liU4jimO9UYK6ZJFY3uZY
-16m40jZhE7AD+l+tn3UzyFjgHEAI+vcBGVgCEm+xDqzqDNvSTnJ29s+0kKxNBvYn
-kIibEyHi2Oao/gEuMeAX+9rp5X3j4CW8nwpwxxTX0MV/halKO+P012VSKEd82PZU
-GhGisPRJveAL3Z0BSgcbEgOrRXF1oSLv2C5y8kjTxxTFt94sbsFVhcMHaP1k1CJq
-1mcx/g7LPfVjdep4KWpAMAWiAAkaOwSDyjzynDNphL9lndiaObkfLN6ErkIwK1KY
-wdNcTZWIJcvcT/0t1tmwyrpF+ZSGMoIrJA0QATYGDmJopAB8c0Z00602wpmczFAc
-50qbUuNwsaYT3n7YAAS9pf5pPR2DJ59jPxm3s50ggAFc4SJpKpTY1iURPwARAQAB
-zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
-AQgAFgUCAAAAAAkQUFaEF3UkChkCGw8CGQEAAC2nEAAkoIe+ZGA5wxvQSU2wk9k3
-40w7nXN2/lk1ZDG9Mm5Q6tzThbg251Iq0ub48upv15y135IyN2AYzwDdzA/Per7t
-ZqgnSqgEeStkDPJWsH+4UJTtriJyLLfPXs/Mr4qY2u39Gb8TP1tuE+Tz02HO1wuo
-WyzPycHsht+d2ZlzJzpllx4xy92dPW+fWbNj+0OXSznmk4KmzhWaCpg3+jayTmnt
-gn06B5qNSYlRoQp4XOKh8j/QmxjcI04RubYt4LoqoQsfIM8QEaiLawHKSQppJmUw
-goorAGOodPaNBckMKXPHoK0ydb5f2zFoGTzUIdyS2ubGWnUCyuJjfnqFGZV9OzBL
-/9q3C21zSJ8uZOYvXJQZhoPj8D2YJSO723hulwvwixoWmFaNagQMmrF2vXa1GsIo
-2hngv+25xt1y8MlezBHBjtKwvRq2ipIVk4gujRbq+iKSesPwkHx5dvx/ORjQSLOK
-g/8HhSycLwMi0lEeWzCd4djNmoBI2BqwlYM7Vw3cSg2hWk0BfRAsyB7OkGbn+rnO
-F1cEqalVR2RpUq1WcyEP0rRZWxnamIo/yt30AtRdhdRavKUJC16CH7CVRKyF/2bX
-g3FPoVs8PQAptscpMU6zeW/aFSHnPUX0tq0hFJGa8hoSmKfde1+U99TtQFgBQYs/
-acTELELjUPSKX4zrfoa0tw==
-=7MoZ
------END PGP PUBLIC KEY BLOCK-----

secrets/keys/STUPC_WSL_UBUNTU_2204

@@ -1,28 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-xsFNBAAAAAABEAC/oKqtIpkz+P75sonMt82XzUOCUfPDE9OlNah1AkawYFb28wsr
-HZszxkraOaS9a6fxPdSbBWOKUQt4fJYr1aCCIw+ZwpAYWfAh4BJ5NqysU7Munn3O
-wo+mXwN663ACQouVnzi3JnThjnvYx4aklpjG33o5Vd81Uag6lEmvYN/MXPJ28Rxq
-kEoNjszyPyKdW/WOMZux+svVAF4KsoviUh9BahjP7hH4bkd1NeZPhKLJmMxn1V9+
-RBo6Mqv3PLo+t5Srlshfk9+YLpDix2FXLJz0r79NeRGnaM3UQbLt8cHPY5D5Hezy
-wJp4fFLROVRqMewN+I3vYkSzGeIKsDEHl+BkdqIzTIhLq0ugCh4phZdWfNsVQ1yV
-hzwlfsMy2nXqWoeFlPBrhEJQd3yAgGDcbK5aZXZ0U7MZTcOD3Y5Qsu+NdyKzO0HA
-pzNZhHVLaI1Gkw4fl+oF0cOQOHc71RTkYkINR2hBQpzlJQSm0neX/aIO3+N9XR2q
-kBE7kR4mxpBQFw3xvq4PUXmQCwvqojfClGPBfv2SE0h43w9BWEFR8ZYiFr6Kz3+s
-OttK60tEw0wqebmEvzYNYrIQQ2pDk68uPStV+N4hrTW7ZGPN767VhWegM8FyQX/c
-zdKic0EjNW4LAFzHj1aMbG0mhVA6oex4iXjONLY9Oc3p5qQJboKKl9I3hQARAQAB
-zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
-AQgAFgUCAAAAAAkQSDohlgtBcGsCGw8CGQEAAMpQEABYZTkYO0tkon28c5WgernI
-L9iwfgT7LJ/p1MZHWy9BxSwIo41be5/VSU8UFQQSniIsji/b3htN7AKlNlR77YCN
-OLmnpMY7GHSyZm4DpmrwROGjVl4EOWe5xlcMX1pfthfNyqMCdZhgut0WQL5UZmSx
-bc7qmqvf3H8K+Ooy7+hxEGmNfYni7mf7RysfHunvyUN7CfTUc0gg40ME1Vw8bLfO
-1Ze9XsAnjgekiCjFqfwC6u9+ta1U49WsrJr9w/spR36g5V7zEqfxqp/atj6KgC4P
-FtFWHLsibhMnA6zJaKJHVvVjsdIdngcI9GJLNFaP4Z/eHMBpQp8QbmKIpI1ID5Uv
-Qx1IWiU+94SspJgu4uZNltIchYv1yt7eHL5G+WV8J8UvS1pLtraZGJc6EXGItNQ1
-x1+LyzdZehkDnPR408xajxyalniw6thuO9GHFBQ/ZhvWqS0c3/WXaLwaBD/N8YHd
-KsLTo0cGhPBfAnCHlKsHvYX5nVa0mCBjYUy/tQ3P/1K6oGpb7KtOgXPEMuyMwuwt
-Eec6uBocur6pWeok+jrlfjzYYm+P57BmQHLRxzZSYnVMPbX5ZmBtHbsJqvAfKqPH
-KZfja7hZ7o450vFHH74rOMn1ELLDKKSmOp9qqtRWvCH2F9hykNr5X9Vz/eyU8e5a
-veRjYvqnl47Sllkj2P1OJg==
-=KGZX
------END PGP PUBLIC KEY BLOCK-----

secrets/keys/hostname

@@ -1,2 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-

shell.nix

@@ -6,12 +6,15 @@
 , deploy-rs
 , nixpkgs-fmt
 , python3
+, pkgs
 }:
 
 mkShell {
   sopsPGPKeyDirs = [ "./secrets/keys" ];
   nativeBuildInputs = [
     python3.pkgs.invoke
+    pkgs.ssh-to-age
+    pkgs.age
     ssh-to-pgp
     sops-import-keys-hook
     sops-init-gpg-key