Juri, add sops and pds invocation

2025-03-17 16:18:17 -07:00 · 2025-03-17 16:18:17 -07:00 · eed568e289
commit eed568e289
parent cb75b0a444
2 changed files with 55 additions and 0 deletions
--- a/hosts/juri/host.nix
+++ b/hosts/juri/host.nix
@ -8,6 +8,22 @@
  system.timezone = "America/Los_Angeles";
  system.users.bigWheels = [ "pan" ];

+  sops-nix = {
+    enable = true;
+    keyFile = "/etc/sops/age/keys.txt";
+    sopsFile = ./secrets.yaml;
+    secrets = {
+      pdsEnv = {};
+    };
+  };
+
+  pds = {
+    enable = true;
+    hostname = "juri.woach.me";
+    adminEmail = "admin@woach.me";
+    environmentFile = config.sops.secrets.pdsEnv.path;
+  };
+
  shell.enabledShells = [ "fish" ];
  shell.defaultShell = "fish";

--- a/hosts/juri/secrets.yaml
+++ b/hosts/juri/secrets.yaml
@ -0,0 +1,39 @@
+pdsEnv: ENC[AES256_GCM,data:W1kKvcntrBOSgo7gLxwO8A9ZkWjkRWfUDZUMy5YNvhzqYS5xBPGL4QEcknWtQaVfaZklnO/+Gr5JEq/qgU2nIEY3xazfjYl4MNkZBhuwI20RwZB9voVubzHbPwjLtZbNTXRMa7BzO6a3ieSudKWAMP0dumG3/+wHtTYOM6lxUBfpw51+lNikc7kLqI+lzys0jC37ajP0/cm/U644BD0ozSSF289CLtXSkLt8sgHvA1ci8M+wEEq4aJ0JTVs98m0E7Udaride4tjLelESx3hPdoVzBIEa,iv:sQiYE//UGGA2qPfbM9//FcKEued6t8ORiKW8kfzLtz0=,tag:Fj+CzBgL8MH/6FLnUadIPQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ey3wr2wnkgny3dfgvnyrf0cptwzr7s5x464p2y9ya58lpay8lfrsds3y68
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVTNqTDZmRmcyek53SWtx
+            NDBIYzZYRHFmblNKTHh0WTQzQm1XMUlsQW53ClJibzc4VFlKWFpkZmJBVVFyRWJY
+            K000dXFzMlRnUTZuVGhCYy80NVZXUjQKLS0tIGVYdVh2SVdxam9aczNYK3ZZTmh2
+            TEFUOVk5MzBRbUJnd0JobUpuVjdweHcK7rSkAlsHsfxOeAOoY9FBn91x1+jJbG9l
+            5svl6BOCzbjso9n3EALJ+yBl58+9CKWn4ssQPr1C3NTIiCCQ9gjYww==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1n8936ux6ushjyz3kuumdrz63jcwsvz7qkfj66rrkgk8d78wl2dssgev4tm
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZ3dobkxsQm83VE1GY0dH
+            RTduRzRISmovWHhrYWFSQ1J6UkY2WGVleTBnCkYvR0J4d1cyQjhNTkErTVowLzRy
+            NkE4QzkrdGxaVStYODQ3Z0oxR0RxaVEKLS0tIFRhaXRZcnZpNjgrdGtlOC82Q0l5
+            eGZBNXV4SFVHUTFYazB3RFdab1pTdlUKPagc8o7qhryN8t8YllZW2/NFkcvVjihz
+            1i3VV7pdxjc870bwZ/gflHGygSDCsAcZnWwIjFDz2lbF/lEGfSE6Aw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age13udaj4rx4g5fwqe5qg8e3lh3dqqp9me4qqq66z2s9qev4z8pyv5q9m8e72
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRK3MyYWFGeGZWNmhoTUoy
+            cFlNS1RVUmQwSTRYUXVkMVByV1ptdXpTdW40CjVtZDhIdnMxL3NLOEI1MGpOZHlv
+            cDc4Zmt4UmFEUFZoWERJbkFjKzRaSXcKLS0tIFQyNkh2V3RySkEyMHZmVGQxOGMw
+            N3NhMHp3V1ppclQvWTIxNkM5RjhRV0EKl8goB9tCl0BGi4jN7Fzuh0Ajm146x2Hu
+            vesj+ENu2E9II3OeYuBndD+Y4x2zugIpzNOPg1V8zkarJOf7R/sXEw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-03-17T22:11:41Z"
+    mac: ENC[AES256_GCM,data:0eCl7IHwfmBVYXOESIjK4DXzAe56fWWQKprmAVVyaCipmnAfgZieDm9esU4asRibROUtbOXplTBvtAGSqG1C8C15ecNN+WCB4lXM8cKtrwkXqCp6u6bUPn+ioQSrHBDLDWK7M4NWCiPi+2FwIwQJSaKGxJtF+v2wuufd4/JsU8Q=,iv:vgz7gQ3lmG8+UhnGhcn0Z+xMzJbeC6lmWyPyrZ+mOcs=,tag:tEg4WZ5+KYGtr6iR8G1rlg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4