sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

Add sops

Browse Source
This commit is contained in:
soraefir
2026-05-06 01:33:48 +02:00
parent 226a1baaa1
commit 29a1702c39
3 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/server/sops/default.nix
View File

@@ -1,5 +1,15 @@
{ config, lib, pkgs, ... }: { { config, lib, pkgs, ... }:
let
listNames = config.syscfg.server.db;
containerNames = lib.mapAttrsToList (name: cfg: name)
(lib.filterAttrs (name: cfg: cfg.db or false) config.syscfg.server.containers);
allApps = lib.unique (listNames ++ containerNames);
in{
config = lib.mkIf (config.syscfg.server.sops) { config = lib.mkIf (config.syscfg.server.sops) {
sops.secrets.INFOMANIAK_API_KEY = { sopsFile = ./server.yaml; }; sops.secrets.INFOMANIAK_API_KEY = { sopsFile = ./server.yaml; };
sops.secrets = lib.genAttrs (map (name: "${name}_pass") allApps) (name: {
owner = "postgres";
});
}; };
} }

11
modules/server/sops/server.yaml
View File

@@ -1,9 +1,6 @@
INFOMANIAK_API_KEY: ENC[AES256_GCM,data:QhjQoCMxogXAPtvUbf/EWkqsFAndn73LBuTqj5essjruekynH287D/CYN/cwfcnDqZoh6Z4A9p08uUmXzqmTiralAhsCoc+Ljb/monmsruc=,iv:8rMGNc9398jnFXZm34fOht6fMNDAcDZ68B1jwoQPn2Q=,tag:ZlQnPaxkCktpwiC6HzmFVg==,type:str] INFOMANIAK_API_KEY: ENC[AES256_GCM,data:QhjQoCMxogXAPtvUbf/EWkqsFAndn73LBuTqj5essjruekynH287D/CYN/cwfcnDqZoh6Z4A9p08uUmXzqmTiralAhsCoc+Ljb/monmsruc=,iv:8rMGNc9398jnFXZm34fOht6fMNDAcDZ68B1jwoQPn2Q=,tag:ZlQnPaxkCktpwiC6HzmFVg==,type:str]
AUTHENTIK_PASS: ENC[AES256_GCM,data:cwx2,iv:R38eXeY9Wm1J2PN4i2gQ4Nw9n3jRknnneBTW0Mc0ctM=,tag:WdMzcMoXidz74XpiSS6Jkg==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
enc: | enc: |
@@ -41,8 +38,8 @@ sops:
VW83cnd2TnQwWlVCUnpzZ29NRE1SekUKBGVCaijugxR6eSxvk19nncR9X6bmSSUq VW83cnd2TnQwWlVCUnpzZ29NRE1SekUKBGVCaijugxR6eSxvk19nncR9X6bmSSUq
VoxtHBkJbz/4mcQ/SUb4Wv1Rt5875tLWygS7qKmh8jzoP7JI4E9qWQ== VoxtHBkJbz/4mcQ/SUb4Wv1Rt5875tLWygS7qKmh8jzoP7JI4E9qWQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-08T16:05:46Z" lastmodified: "2026-05-05T23:33:31Z"
mac: ENC[AES256_GCM,data:X6AUVWJRcwH45W9NoQxI8Lp6l+5RFpgCNB6cdUZZODHDdTUMt9a6wr9YfU56C7QkdlxXdj6xCOCscJtw/WY2Y+XchWXaUVZZsoZ9xUo28aksUtHSyE9WJBHCeSqss79IW6k/GeDPiDOfz4om+udDvtdpyKbtvbw2a+K5st+62d4=,iv:REGTavU8DkalUbfO1J2+VccYnRRrOqstSFq/RU7Co5Q=,tag:2t8mwqa76kVQyeWS85zXsA==,type:str] mac: ENC[AES256_GCM,data:0pxpHFw6HsslDORMH2vPxn+3MxFQovVzZRyAz3FxyC4WKkvCTEmjUS/hze39NqqQ+DO/ugx7YD3IyKgFNHa6JjLD3QmFcX2lUqpyfJjE9K6CIFUUSaEB3zza+1F1EvYazlqfSYA/SaxMFZ6saKEZz+SqOjlzfIK5bMomSl9eJt8=,iv:InePglgMgAXoBBUpepFBRNGAI3okwkdu0jZcCtoV07A=,tag:D7BEME8acPCeZ+H3q1WJog==,type:str]
pgp: pgp:
- created_at: "2024-05-08T15:46:52Z" - created_at: "2024-05-08T15:46:52Z"
enc: |- enc: |-
@@ -65,4 +62,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0 fp: 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.12.1

1
systems/sandbox/cfg.nix
View File

@@ -21,6 +21,7 @@
server = { server = {
openssh = true; openssh = true;
web = true; web = true;
sops = true;
hostDomain = "test.helcel.net"; hostDomain = "test.helcel.net";
shortName = "testcel"; shortName = "testcel";