From eed568e289a5a001d5f1b2248daef6e1af9fe658 Mon Sep 17 00:00:00 2001 From: Julia Lange Date: Mon, 17 Mar 2025 16:18:17 -0700 Subject: [PATCH] Juri, add sops and pds invocation --- hosts/juri/host.nix | 16 ++++++++++++++++ hosts/juri/secrets.yaml | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 hosts/juri/secrets.yaml diff --git a/hosts/juri/host.nix b/hosts/juri/host.nix index 4dd1643..24d7558 100644 --- a/hosts/juri/host.nix +++ b/hosts/juri/host.nix @@ -8,6 +8,22 @@ system.timezone = "America/Los_Angeles"; system.users.bigWheels = [ "pan" ]; + sops-nix = { + enable = true; + keyFile = "/etc/sops/age/keys.txt"; + sopsFile = ./secrets.yaml; + secrets = { + pdsEnv = {}; + }; + }; + + pds = { + enable = true; + hostname = "juri.woach.me"; + adminEmail = "admin@woach.me"; + environmentFile = config.sops.secrets.pdsEnv.path; + }; + shell.enabledShells = [ "fish" ]; shell.defaultShell = "fish"; diff --git a/hosts/juri/secrets.yaml b/hosts/juri/secrets.yaml new file mode 100644 index 0000000..ee434f8 --- /dev/null +++ b/hosts/juri/secrets.yaml @@ -0,0 +1,39 @@ +pdsEnv: ENC[AES256_GCM,data:W1kKvcntrBOSgo7gLxwO8A9ZkWjkRWfUDZUMy5YNvhzqYS5xBPGL4QEcknWtQaVfaZklnO/+Gr5JEq/qgU2nIEY3xazfjYl4MNkZBhuwI20RwZB9voVubzHbPwjLtZbNTXRMa7BzO6a3ieSudKWAMP0dumG3/+wHtTYOM6lxUBfpw51+lNikc7kLqI+lzys0jC37ajP0/cm/U644BD0ozSSF289CLtXSkLt8sgHvA1ci8M+wEEq4aJ0JTVs98m0E7Udaride4tjLelESx3hPdoVzBIEa,iv:sQiYE//UGGA2qPfbM9//FcKEued6t8ORiKW8kfzLtz0=,tag:Fj+CzBgL8MH/6FLnUadIPQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ey3wr2wnkgny3dfgvnyrf0cptwzr7s5x464p2y9ya58lpay8lfrsds3y68 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVTNqTDZmRmcyek53SWtx + NDBIYzZYRHFmblNKTHh0WTQzQm1XMUlsQW53ClJibzc4VFlKWFpkZmJBVVFyRWJY + K000dXFzMlRnUTZuVGhCYy80NVZXUjQKLS0tIGVYdVh2SVdxam9aczNYK3ZZTmh2 + TEFUOVk5MzBRbUJnd0JobUpuVjdweHcK7rSkAlsHsfxOeAOoY9FBn91x1+jJbG9l + 5svl6BOCzbjso9n3EALJ+yBl58+9CKWn4ssQPr1C3NTIiCCQ9gjYww== + -----END AGE ENCRYPTED FILE----- + - recipient: age1n8936ux6ushjyz3kuumdrz63jcwsvz7qkfj66rrkgk8d78wl2dssgev4tm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZ3dobkxsQm83VE1GY0dH + RTduRzRISmovWHhrYWFSQ1J6UkY2WGVleTBnCkYvR0J4d1cyQjhNTkErTVowLzRy + NkE4QzkrdGxaVStYODQ3Z0oxR0RxaVEKLS0tIFRhaXRZcnZpNjgrdGtlOC82Q0l5 + eGZBNXV4SFVHUTFYazB3RFdab1pTdlUKPagc8o7qhryN8t8YllZW2/NFkcvVjihz + 1i3VV7pdxjc870bwZ/gflHGygSDCsAcZnWwIjFDz2lbF/lEGfSE6Aw== + -----END AGE ENCRYPTED FILE----- + - recipient: age13udaj4rx4g5fwqe5qg8e3lh3dqqp9me4qqq66z2s9qev4z8pyv5q9m8e72 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRK3MyYWFGeGZWNmhoTUoy + cFlNS1RVUmQwSTRYUXVkMVByV1ptdXpTdW40CjVtZDhIdnMxL3NLOEI1MGpOZHlv + cDc4Zmt4UmFEUFZoWERJbkFjKzRaSXcKLS0tIFQyNkh2V3RySkEyMHZmVGQxOGMw + N3NhMHp3V1ppclQvWTIxNkM5RjhRV0EKl8goB9tCl0BGi4jN7Fzuh0Ajm146x2Hu + vesj+ENu2E9II3OeYuBndD+Y4x2zugIpzNOPg1V8zkarJOf7R/sXEw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-17T22:11:41Z" + mac: ENC[AES256_GCM,data:0eCl7IHwfmBVYXOESIjK4DXzAe56fWWQKprmAVVyaCipmnAfgZieDm9esU4asRibROUtbOXplTBvtAGSqG1C8C15ecNN+WCB4lXM8cKtrwkXqCp6u6bUPn+ioQSrHBDLDWK7M4NWCiPi+2FwIwQJSaKGxJtF+v2wuufd4/JsU8Q=,iv:vgz7gQ3lmG8+UhnGhcn0Z+xMzJbeC6lmWyPyrZ+mOcs=,tag:tEg4WZ5+KYGtr6iR8G1rlg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4