sora/nixconfig
1
0
Fork 0
Code Issues 2 Pull Requests Actions Releases Activity

Fix sops

Browse Source
This commit is contained in:
soraefir
2026-05-03 17:10:19 +02:00
parent e9eb4d9506
commit f1ce4b7b81
3 changed files with 41 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@@ -10,6 +10,7 @@ keys:
- &valinor age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg - &valinor age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
- &asgard age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg - &asgard age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
- &gateway age1lqvnzlendlmtwgstzrj4xzrwpatwx56k5az5au78fyg99yecwfzs3s6xn6 - &gateway age1lqvnzlendlmtwgstzrj4xzrwpatwx56k5az5au78fyg99yecwfzs3s6xn6
- &sandbox age1pf4auk6u2tmefuqpuc6mntr26cp4wcsmlhnn98arzxsp3753ruqsj0jqk3
creation_rules: creation_rules:
- path_regex: modules/shared/sops/private/iriy.[a-z]+ - path_regex: modules/shared/sops/private/iriy.[a-z]+
@@ -45,6 +46,7 @@ creation_rules:
- *avalon - *avalon
- *asgard - *asgard
- *gateway - *gateway
- *sandbox
pgp: pgp:
- *sora - *sora

69
modules/shared/sops/common.yaml
View File

@@ -19,51 +19,60 @@ sops:
- recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZDJiSFIrT2R0aFlWOEZM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvZzlBUm14dnhZSS8xWWQ1
WHdiVUdnV1BYcnc4Ui8rcVBMZW44dEJiY1ZjCkR4Y0NTdDgxNVR5eVpZQlJpQ1M1 VlQraTBzWkkvcGxXYXg2R25RdkQxYzBYSjNvCjExMTcybE9TOGROWUxLb21RaHdH
NTVIcXRaWXA0cjJIdHlJenA2bG5KM0kKLS0tIFhZSXByV1hhQW1NNXdGRTA4THV0 MmJ1amVTRE1VRXZDM2tiL0JLM3NjNjAKLS0tIHVNaXM4S3Vjd05PSDBlRnJWTHR5
TDMxMEZ0dGZSV2p2N0hUL0pDdm5XVlkKiht//HEGysG/ZCdrLhCV1mc1/SVgg5OZ a0ZSYkZZbXRHUkpqQkZINHNrek5YZWsKCzuByglq9Hyo2LYavOyzYKqu3kRK005c
s+hi4JcCNdUv5VP6W6UsFA78uiDjbh5mzbeyPe4/58MUG//ToAeXgQ== X7ZZwmmF35RzlvBtcQavLEmKo+QimFCt8ud1Ms85nvP6Zso2xz0GcQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ms8f0ysv6vakxepvt69fejczs6tddexepesdv4rkgtheehj3nu4sc6290s - recipient: age1ms8f0ysv6vakxepvt69fejczs6tddexepesdv4rkgtheehj3nu4sc6290s
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwbkhKRi9ib1JnZHJwMFQx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFaTFFSlVvQVJrb1hGaWQ3
MHJPQk81dzhjQytVZ1VGeUFIYWErTHUzT0E0CjJocm5nNzJTK2VqNmk1TlJFVTRp K3k3ZGl1UitPK2FxTUVJZTRveFhKVnZHQ0NvCmljN3ppVVF4QWhnN0ltVkV0cHd4
czVWYVFlN0l0RzJOckhSLytDeDBieVkKLS0tIFQ1ZzdORWFTQTIvOS9PSkdkTU5Y VE1sYUN3ZERWcGYxSnBaM3FsczJESncKLS0tIE10eTNwVW5HbVVKOTFLWFUvV3JU
YkV2NUhFYnZ6WlE0dDJOWGtWUTlSd0kKKKd4oxrqKNuGA1MdukqqrGkUafMsxfPS ZnJJN3ZjKzUvZFVsRlhxNFF3MXVYZnMKWvmu4EQPOKWIIqS/gbPSLpMJPBVkZaMC
ot6mvgKUeQmBKauibvUqxUoKUIeYsJzPqxo4ckaNFm26eG1SrEXVMQ== oWbQICG82dREVbZHleQ8kGXHld+o2dleTAD63fwA3evaAMMNEIMlCA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1lqvnzlendlmtwgstzrj4xzrwpatwx56k5az5au78fyg99yecwfzs3s6xn6 - recipient: age1lqvnzlendlmtwgstzrj4xzrwpatwx56k5az5au78fyg99yecwfzs3s6xn6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSK0hJaWxRVUVZYmczS1lU YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzUU5nNGF2TGhaRVJGekwz
eGZlL3FvOGtIbnZQbmI1NFJreTh6TVlheTFzCjhrcHRQYy85M3ZqOVVIV0Vzc1kx VGNoNFY1a2JCOXZZSUVNRDVMTzc5SWdmclM4CmtmQmp6NEhhUThZSFNYbnFLWnlj
WDlxeXdZUDYrSzFNbEFlejE5ZkxKYVEKLS0tIExvQ0g4S1R5M1h2TG5mMkYyUlN1 cy8xVTdDQkpJRStKZnV6YmxxY2lEbmsKLS0tIHFhU3FqbTZBZWxsYW9HSmhMNEFF
UWhmMWJuTVMwNUJzek5iNHJrT3hrK0kK6T6oOrpeanYSRHfdSnqH+BNYYsonj2Bx RVdoQXkwdC9RelNEclJET0hYOGpabEkKt5gbUyc9y4YWvtZCbsttXHlj/PfUQ6GQ
vcHDNzDlhzojFZI1xMhn7r8ba1kEWiMIYcsVm54ULydKfY7MzBRTpQ== kSwe2/DB6TXVO8Wk14H6BDlrOtFZGonhqOeg0vgwYx//FHMgA3XcLA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pf4auk6u2tmefuqpuc6mntr26cp4wcsmlhnn98arzxsp3753ruqsj0jqk3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzOFVCWE15WXpVTUV5YUM0
b0NVU0lBcHdqeGVBNCtJZHJmNmc1UjFTTDE0ClFiQmpacU8zeXZ6WU5uUWRDRGR4
Q2hOV08zVjVJKzhvS25jaFVqRERDSzAKLS0tIGU3NUpFOXpON05qRWpNZkJPRzFh
SkxQRXNNQjAwRk9lWWcrckVCVjVzbncKAgqlfSlBo1woC+0H7AkWbYaQnzTbTiiG
gi52yMYcB1JzIV3xxIP4Ci2gjCtilQB+OO+yimybwTND6nLqhq038A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-02T18:24:38Z" lastmodified: "2026-05-02T18:24:38Z"
mac: ENC[AES256_GCM,data:92OHzhYggCmyKq/FcNrbwmRTvP0TWdCm6bWYcY4k2ncC4jkmsHJijC7iyI/ePXQ0R82q9q9OmQuAszct/yPS1x2eEisIjN1v8TeYpFKoFWITQy9mgmKYQz8WRbrCH+zLRyhDFYskl85JilIP62j1gJ5TGiG66wM5foObr4jLMCI=,iv:WocHvsV2HJpnCHLAKoe8FjEvHt7EWt8+VWe30TeT6CU=,tag:+7pWtNJm7yHM86NXuZYdRw==,type:str] mac: ENC[AES256_GCM,data:92OHzhYggCmyKq/FcNrbwmRTvP0TWdCm6bWYcY4k2ncC4jkmsHJijC7iyI/ePXQ0R82q9q9OmQuAszct/yPS1x2eEisIjN1v8TeYpFKoFWITQy9mgmKYQz8WRbrCH+zLRyhDFYskl85JilIP62j1gJ5TGiG66wM5foObr4jLMCI=,iv:WocHvsV2HJpnCHLAKoe8FjEvHt7EWt8+VWe30TeT6CU=,tag:+7pWtNJm7yHM86NXuZYdRw==,type:str]
pgp: pgp:
- created_at: "2026-05-01T21:16:06Z" - created_at: "2026-05-03T15:10:05Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA6R3Y9nD7qMBARAAiKt59Ai/LlJyQqWYd/PMSFl3yutZ4t1LgBghHkuFm+MO hQIMA6R3Y9nD7qMBAQ//UxpbB350J+ux1TYL0tyIFHHZjZR1SuDF6Zz+WuVu4CC8
uDb2pwFj3xsBH7CEEfnoaXH48YSt5yJ4mp7ZsJGMsQQGD2LMvbZj7sTAXJ/5Nvp/ c2BJ/icaV/1czdtosYTSO++YjIWGH2cjry9b8YvFNHmQ2E0qkRM0WEc4E6SP0jj6
AZs3Vhw8yEmyYdI3UyGK+Cwik+8XsOvpmy9mETkidcHKyZG5H1sORWZ9seGSALOq izxFjiwgtBG4B3PEj0MSKCf8vTf+lKeQToqyJ/V6REGPVe6ueWeC5YongSYMb1cL
c0tc4tURnkH5xkSyxO6N4OU3ymrno5BzdFVeRzI0C2DwyFsXhMhnGoUr0KVWeRvb 1djxED6NjD25TDRbQuj/V96/HphXfmd3oeddx5Dj/LRiYMfwSFTa2e7825m/rq9Y
WkYgkNGDyNWtihrmiU9CFMgB4F8WWmFOT3Z6+akPv/pvjvb1OhwcEfyPdA2mLXHI zGpdxRYRt89LZtDscaZWcHP8vBQDwL/ncLTZr+iZyYnBzrhAWBAGGewQW5LXGJXy
ZGnhNx2UQ2+xdmi5rqjK+iW7V1KyDf2xxX5ekbziZuD0UzQPIK0SkbsElSQfeb03 ciOXZbOF4gWZSTywoN+8xh6UBBR2dBElqYD1/us2856epK0k/5FhKAt0JTHpOmJK
/EtcLCKoWP2UPPCQf3vLOjrWRVy6nkIdDW20S9FelmXpzEh/hqQnSzILPLJ6Jgxv RzV0IoNX2HFQGjSbZ0fs3ftX0Ndrw6F05aXd5FMPslu95i083aOoFu0fMocFsOFw
I+S7JcCMUcyzI3hywb823JG0GUA8YwbNdloAKMOIz/Gxzw102YX0egyLTLUXs+fF UCEdfAlLrwo+qn9q9OBB/vgL20gzxZwvGAW8SO9c7fSDX6NljPuitGaVP3HLScno
q+ZcRs6xz6a8GHF2b1GTQAyEw2zFhdryXDRl20Vai8h1UW+TYeREZspNf6L4cFMa zNrPgFWn1BLUe/4Hygmzg8oROtJ5TNLYIMWVXgVEM+GHNH+euMGjuPMpX4VZCv0S
5P9Dy15LwuT99gSG9cR/p/iraSMoNb/u2Thq7OkeE0fchJh2VINbafRjViy25Nzf +Fqcbf58EUPqGRvyHZSopSKAI5b5wXQihBeN5k5mVcD8iYCYJIOZCD+M29UMg2xM
Hpcg9Dr0cnazTGLZSoJCIfYFBSMpEVVOZu2GRSqeYMMsFzlh8S0JLrGDIS8RxI7S DpKVPC0osKelD3ocW/N50R1pBzMMuPZaXJ2NepWk12VtziYVeYcJdFIk3vkEEkfS
XAGz5YTNYFeum2Ie63vDptNKbDKfTfxhwRsz3VGOjqWwJUIf6HVWaWu6sDES54Ye XAHKQVdaVI91NEeoNySqDdOQyiQzuWUBkDmcolVhy6S9Avb2WBscLbXs52iXIAIG
Tfaiex84v7nkHNb4d9y5/40hZvAk7mElwrcNZ4grfYMiVVt5kTWwuNvGzCqD 2xKxuo4+4rthWUF2vnaH30/i0p7SNqFzUdmJGiOpJB6zMommBxOfo3n/cNXv
=rfe+ =1VZt
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0 fp: 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

5
systems/sandbox/default.nix
View File

@@ -1,9 +1,4 @@
{ config, inputs, ... }: { { config, inputs, ... }: {
imports = [ ./hardware.nix ../../modules/server ]; imports = [ ./hardware.nix ../../modules/server ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0GpKd62XMlO410/iYkNG8MHdGGaeMG3Gmsf3Pv3u2BllUzR9Dpym1ZOz2lwo3iK0FimcQpOiJqSIahO59HJl8jQ9BoQrJMXH7l2kuq1T09cMNWGjlzowg0LWKWOzoBzOwcheyW68OJGgkSfvk9BdshkUYTLVBXjiI9jo/8Qkcv1WLJJvJmDBDwnbYDQpODXCEDQ/t3YVubb+ocLmh40sDUffJLWZQXN6OFW9N5XxnvY7K5x9ci9GU4Reei40K8yDw2Hgi0njzijRdzie3MJlKPPawJ2TATu9LsGuxfx8bJXVx+mNxP0lhO8dOOhP7p0ozTxlJJY9ZWaKgOz3SzYNCgJ1gH7NtTBtSruXd6pfmErUmuJEAeMD6+QF3yJ5tnVFNPoSHqjP+oL3CgSRpmuvn7ChSSI3J3UVhLux165VtwIL7UhosO2mCqmn0Yk2mSBkB/L4ZiWFmO3vYdagYNQX7xZHzCJ5my8vomiT+DUGb2h/o1NetKwIZJiFAuHxKt3k= sora@valinor"
];
} }