diff --git a/nixos/.sops.yaml b/nixos/.sops.yaml index 2e2aa08..b6391d9 100644 --- a/nixos/.sops.yaml +++ b/nixos/.sops.yaml @@ -4,10 +4,18 @@ keys: - &serverle age14nt7qcsrye0vrpk0xcgcfmhkxwwumna39fpn83g3x0zml62skatqpnmhk4 - &newton age1s9spl75rwhgm3cvvqsr9rze5m0kuxqes2tsxjmq07xg5ycn5j47s2m0dlu creation_rules: - - path_regex: secrets.yaml$ + - path_regex: thinkman/secrets.yaml$ key_groups: - - age: - - *admin_felix - - *thinkman - - *serverle - - *newton + - age: + - *admin_felix + - *thinkman + - path_regex: newton/secrets.yaml$ + key_groups: + - age: + - *admin_felix + - *newton + - path_regex: serverle/secrets.yaml$ + key_groups: + - age: + - *admin_felix + - *serverle diff --git a/nixos/modules/webapps/paperless.nix b/nixos/modules/webapps/paperless.nix new file mode 100644 index 0000000..e29956c --- /dev/null +++ b/nixos/modules/webapps/paperless.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: +{ + services.paperless = { + enable = true; + #passwordFile = sops... + mediaDir = "/srv/data/docs"; + extraConfig = { + PAPERLESS_OCR_LANGUAGE = "deu+eng"; + }; + }; + webapps.apps.paperless = { + dashboard = { + name = "Paperless"; + category = "app"; + icon = "book"; + link = "http://buehler.rocks:28981"; + }; + }; +} diff --git a/nixos/newton/configuration.nix b/nixos/newton/configuration.nix index 6a1f0f4..1a57bf8 100644 --- a/nixos/newton/configuration.nix +++ b/nixos/newton/configuration.nix @@ -19,7 +19,10 @@ ]; networking.hostName = "newton"; - sops.defaultSopsFile = ./secrets.yaml; + sops = { + defaultSopsFile = ./secrets.yaml; + gnupg.sshKeyPaths = []; + }; #environment.noXlibs = true; @@ -32,7 +35,7 @@ boot.loader.grub.device = "/dev/sda"; #boot.loader.grub.copyKernels = true; - services.openssh.permitRootLogin = "yes"; + services.openssh.permitRootLogin = "prohibit-password"; users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman" ]; # Nix diff --git a/nixos/newton/secrets.yaml b/nixos/newton/secrets.yaml index aefcc16..a011b62 100644 --- a/nixos/newton/secrets.yaml +++ b/nixos/newton/secrets.yaml @@ -1,9 +1,8 @@ -borgbackup_user: ENC[AES256_GCM,data:9eCWsSi9U2b4XKKc,iv:PDS8TrbmU5XmefLFdi8XIQeu9Rq0y+yJkdGrND6F3ts=,tag:651RHA5y6all5+2rhdjCdg==,type:str] -borgbackup_host: ENC[AES256_GCM,data:qYwTGE5kdp/jsKK8scVAUCXfOAi787lwiFB3VlntIg==,iv:sFerbhHMCw1lwm9CzAAW7G1JwuZxvTxMzoKP6U5l7bI=,tag:Mi1QFDUo5rWzKXBQ1fsrZg==,type:str] -borgbackup_dir: ENC[AES256_GCM,data:B8KO2IsfYA==,iv:NjyxpK0xMBio2xFdcmbOj+CoS54A8b7AfXUbAlQqH8A=,tag:PkrlX7XtctsfUmbZCIi/0Q==,type:str] +felix-password: ENC[AES256_GCM,data:YTXU1NHsS7TvAea1,iv:Og0NclqcdWY9DjtOqe8EHHj1NaBcqZnvCHQVt06IEHg=,tag:8dt1yqKHlGYFWRkPSp9yZQ==,type:str] borgbackup_password: ENC[AES256_GCM,data:BJReaY2D2vtOKRWBytbieEYIhMKxn3U=,iv:DJv8s1onfO1FAAJYLwcRszkG9SjC+sJMdvqLEwcggFk=,tag:WYJvEuRilMLaOVcvXkDH3w==,type:str] -borgbackup_private_ssh_key: ENC[AES256_GCM,data:WDVQaAmNMtZP99lCOpeMDnsL26gziDHlDDSnct7QXU9KgveNhDnnh4vGR/DaPlsnp76dVaNKf1vpspsJjtJ+BcEOg4SKU7xyODK5f5tglRJqapmTymASzERNF9joP8Py1lW15zlgGy4s/J9oAQ8gsfwy7aUGMlPr5xafHatbKPXiy+OnxekTTzT+H5eGaMl+q5nPKX8yOwnwBnPwp6DKvK+rTrqBptNsYBxw0MYgdEK1hW1YUxE9d4oZM3Mi7ggklK+ztspuXNpqkbogqc+1XIZN8vMaL9MK5zSJjuCw9lFYsfHctgiBlEuOy5Hn4tyEhu49uWVvoJLb+q7+gNJcbKBrisFd4c9fa7EnaQ4AenP2l1arZqlqjaqLNhD9FWI47o0neXe6TDAv1msIMXHibQVEVyNdktl6LBxQerXiGq33fWe3J5usaUFVi2N4sOF/Pn1Hta25OvuO2N2gUWh1bqi11wYzljS445LOOPBT3jkoceV2m+5R7fpF0soc/beKdj0dP6u5sfKbXFolHk1K,iv:4ZS/6PfyUwXlFaCYxpO0VkjBoH9zM9DJvF5I7fLYR+M=,tag:9m6RHNgr9TunQJp1Q5MqJA==,type:str] -initrd_ssh_key: ENC[AES256_GCM,data:kt8S7FKIApR8Td4IC57yEODiYn13UoDF+ry73nazi7YZCVPwT415cjIY9iH2/5MoWBwLA7Wd65/NnQQwkkE6ls+d7ra+U5YTKCQPfPEhywkWFn/0s61xyM+HyjOr06O+IYm9fhJloaiag8EBPHULh+3g6Ta05db/eWOYPctYa1xIKKSbXQCrnIrZp5R1SUqA5Lnxj+U9n1ZYLVSunXn4+mtTkyPv6mAAbnk+Kvj0eMIWY/9yu0r4q2Lx7ubf90EIfn29V501X9MArUKtzSfyP6Y3rOrCuq98uYlu9STTauQojdChDeiTreUtpqRnqtRvgK+AfNwxkY+GVQALgsxphbsiK3Y/LRmUBdp8Gqq5zJwzczlEIUkAOy2Wy/ewx0exJj2k9D05iI66kA76Aj6lSIwzoGm6aqqEA1rRWeylUDtVAwV55DE/FKtKc/49Me+Q+3K62t30IeApgY4X+H0gN8LUH6AOTqj8WEd7s7cfjWEzZJfntpToI4q9nQ7SQxTNuyD4GBS/bo/ExT1pgb7Q,iv:LPmxOBkyxpfoZ5YzuO4Nbf2dLXhxXvXOoiG1vYLY7wA=,tag:aDuSCFfFsdk66fi4hlcHhg==,type:str] +borgbackup_private_ssh_key: ENC[AES256_GCM,data:4vSa7GLeznVLc2jaTKX3aS8yvpUbiqjYNOqye9D9saiGDX8c+/KZXcDTPVey5TDvo1MNzyL9cxD0KKBtig4KVW8yszgkbKbUEifJMsBtK6mlN2jHcaeIY3ZU6t7zqXo8szAYpPdxE6tJACEr/fcruBXW7ek67cKKqCO9zleEXBRbUHKf2lqCwIPdI6TY9N3h89iIZe5ECkChRF47Sb77W5PonIeDf8GBdZlZyiHvf0VpVH5RN8Ci/FNE+gqwkAOicTQCjWKhl+yZzemDYEET8V0ydrzlO1vY4WLSplZ85/HKc9I2rYVLJz/ITd1K+RswFLfq44RjBjCEWagsnAo7pY7I7sYC8UtFrXRByUDvV0YRR0QcN0dPSVMs4b5WNz+L44gIGfBKDUH7dKKiqU3u4WrLRmm7VH/JjRms5vVBYUij3OsKZi+nGPJqvtm+k0Nw+LZED4x7bGzUoA1tOE8LgvJVmByl8Gee8FHcAmJp/yOij4xkZ49VLDPGFFWwJATxLyTmmOCvcNkIO1kGf+zO,iv:dXREfmOLFSNSHHDOv+kiyuXyGqJLmOtxbiqEp91a/uo=,tag:r5WCIURzQsrXei6KegQIvw==,type:str] +syncthing_key: ENC[AES256_GCM,data:BcZrknmzMHtR9KqMZ5Hf1aZNMcfmuODjL4x7NCWxdYAXPpAMC07p/OmWKRfEviD+2qdgCYWBe9G7sprn0OX/R4zECLgWiUgIqHO8c/NwV0jCzFU6GiSuJF63p+wnSHpOzJY8mfapnnyWpeHDNfTTmt0ArqIFv4L/lXR+VSa17vNxzNzdt/PG4spDKDjssrutGFnH/2NmMcBIa9HSylJpX1qFO9rbV8H20wRCJdLXnoFzsQJjdU6nUcFPNKqhauYZ5EAEDHNjN5T71h7EoYbl5rCdLcSFe5Pm0BEXXSAJ/yd3cZvgE9vQjaFoFzepgYijFqMp23hDOTH3A5tkmVGBKB0McpGVMhneJsBhiQecpcCNO5pD52MAH/ZerdmKQ6V2,iv:6i+Ky8CPcJwj9QNFxyq0zbGWLagKYzXq90l/Ootc5DM=,tag:WCHyhGCL/S7N296oy5Z3cA==,type:str] +syncthing_cert: ENC[AES256_GCM,data:l9Zt5hq+/ASSlzO6P2KD9vVnJnwSaJV8H+oWn54R5OJpTcajc7EsGHyGPEqUAtD6vE1gnCdp1F1hojuiEWi4tG7ShQfRs7cP4UuwD/tKLy3Tv9xCIZmHlC+kNU36DwfWGqXPAWF2msKfJDpi+xeLs1kOP39tN7rKXiszm9iJsDDxuUK9CL46MP2O9Wpz/RuWlBMLWQDVLLtc1CuDO7AYruIGGLNMImrMQVveDy41zX0BKBDZ9U/+sGLutCrNgtLyZ7c2fuiSNsOGcyCU4cOTfBHrzLSeafjo+OwRcCgYAY3kvMrL042Jpe/r7VP8WjZMsaMPj/UjMzMz46apaY8jAlfKgyYXJNqp6yHoeBZLKoXWxPTlSIr4SINb/6vMW55y4n2lN8ASbrOQALcgHytzjDWVNqRTidcCqxvVFEUecGUPans8aY4GZs7hgzyJBf4cfgk71MiRJYaj8woB009Ln8knXzrpYJoxpIAO5MFhS08zx0DuFQKI87MLxkw79ni3x/WM2QM1yUUcQho5Ji81FQB1IumLAWpF7zFzck6T0LomR1FszZ5s8kG0O4WawvqxLJPpEe1Gi7yw++vUt6W6dQKuj0H6z8GvNhBEzfd6xeR34aXK2WG2QSK0PH0CxM7WA+mMYCTqCsvqlCuVnslOGqhw82AVOm1d2pDJP4kxL0AA1mp1Kp2VacEXW3ny7pWOSa907a3cRO/9Xrx7bJlBUV7Kj07Otuuh76kTmtDPcOxRXs56BZu3xAkeF1ZrEdOF72jIgPdsgDJ6Cb6eymzLkDVULcp8ymX6rcedmdg+LnME0PR94AkZsmhqf0FnkEBuGluiS7d+a2HgSvzZLa9ZYzJQ5BnF2BHinkD5GTWHWlzS3cWRtyB7kArOUKpkUGpGU5mvLaCbBotvqMpQIDmRMTeOk5Z1vH2y82WBOp+kCnBPrZQlhezpGATTqYi5HSxyLNa+8k5D0gXyTtXyqYzNmr51ndEAojgGMMRNEXqTdcrAIylH1C7aNRa87qz1npxZn5ssp9K4yOlcD9vouZm03GPwGulIYg==,iv:iodoz33q0H8WtWAHCdkhD5lewtGp72Pu+H60EspHqQA=,tag:ePV6dUwdrNMdj8/dkNSJqg==,type:str] sops: kms: [] gcp_kms: [] @@ -13,23 +12,23 @@ sops: - recipient: age1hf8m9upp00dr7qv2kmqdr50fpvd9ejzkfu8yknqnuda2aas2tvrs4l3u7m enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5STRaTnBIRFptdlBMenh4 - UnhKdlQ1bDVzQzJqenRHeERWeU1pRU9vT2tRCitBVFhBbXMvQ0p2YUs0b0d2Q2hW - aHVxRWVnMWw2dkNIVVBBN1pTaUZIeWcKLS0tIEZZN3haVkVJL2dnRW05WDhtenJI - YlZ5RVdyOFBVVkJmRUFIeGFEbW1XdkUKM0U4vXxIbHx31btXdRVB4oXRiEPbDK2L - nY/sf0N9AOnR3n+RaoCF+gM7VlykKECKsbW538Lba6nX46FZc+LcCQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOHlyV1B4SE9maDhmTVhB + RWIzbkdhZzhwVjVuUEcxN3pQL2VNTU9Oa0VZCnN5YUhSZUVFTUVMS3dLRDExSFBW + SHNNM0pKeDRITG5heXhrNVRFbFJ4WkEKLS0tIHR2a3RXcUNzbjZQNythTnk1T0d1 + bnlMMmY2NHRncEEvTlNob0JJU3dLdE0Kjo2Ge3OVnClKgAyUHvi//Qx74fqhtxjw + 7IlsnpkmHbPPbmTWtcXwzS8S8/2tcurMj9mG1wrDou3POr/aHMPs/Q== -----END AGE ENCRYPTED FILE----- - - recipient: age14nt7qcsrye0vrpk0xcgcfmhkxwwumna39fpn83g3x0zml62skatqpnmhk4 + - recipient: age1s9spl75rwhgm3cvvqsr9rze5m0kuxqes2tsxjmq07xg5ycn5j47s2m0dlu enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdWovR2dKYjNZaFZ1czJ0 - VFZUMytvb0dKUk5qb3F5ZHpnci9ibUt0QlJjClZ6YUdrZWJLb1d1bEFNNzgwWnRH - amVxYldDU21HUk5jUENQV0dSSGtqSE0KLS0tIE12WGFUU1gyM1l5U2ZhM2c1d1JW - SkFGQ04yWEhBY3FPSE5RaXZ6N1NmSUkKpLf4gOnPBx1ao5slYIfvK9sShRep2bqO - IZvlGcsX1EHP0WB8XT1f9GUjBaEM1ZdIlXfaWRW2DDrDbgs+usQq2A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKWmp0dGtsU3ZiMjN3SjU0 + OFpGdkJ1SitjMlJkSFVhZm5lYjZHUFRjYWh3ClFKM1d1RG9GbFg5V0dWOGs2WmQv + OFZpTlU2V0xITUNmSXlyWlkwdHFmbHMKLS0tIHNKb1lSaTB6cnE3RytaRklpbzVx + NmNwT3N5UEVabFdLTDhseFRjeVZaWFkKL3HGFqfttU1tXY4OhnIr1ABFsHB0R0CX + s6wxb0ilut32ijjtnGXMIIa9y6XsMTpYskTb9FdRP9VnQQGVrMfdew== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-06-06T12:48:22Z" - mac: ENC[AES256_GCM,data:5vkt5me5m81mVJQ4X94dFh7jzkNllJTeG8hlVm+nctqrHj5zEUdk6CCTmOQ6w/EMqpNOFX1vpEy8eakmH00+prLYuAuHYEb8IHbAKTA8b2aekUZX8saCust0DLTkwgOGiQ64xNEfrfgwB//TlbrT0Dw6a68KenUy0+riJCDpMP8=,iv:YcOpLsV/4Ahb0Gh5vrlNQL/13UFMxqpH0VPg4b4hU7U=,tag:hmyKAHuCaTw6Y47uP5lIxg==,type:str] + lastmodified: "2022-06-26T10:50:04Z" + mac: ENC[AES256_GCM,data:rGN/XKzcc6qgExntb5TBZKUynOKSz2imiFSvBqFPUogLpNyRKkcgDxzr2Zdy0eh+mRpoeqFCCnG4yLNKmg6LE5LOoPWC3PygFoI+5BzIAMPmruk4+jxU2hlv4FfjV+E1F3jtKZWOE/XjSqUq7JikQYupADi+2v/hOnzgJjQwLCo=,iv:yX6v75pGBWfRFtH3lrB58LhHcPaSsCexlrYKhe10bRc=,tag:OSX4qNAXb4lvUkzyTLcD5g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/nixos/serverle/configuration.nix b/nixos/serverle/configuration.nix index 1ec9658..fef28d0 100644 --- a/nixos/serverle/configuration.nix +++ b/nixos/serverle/configuration.nix @@ -24,7 +24,10 @@ ]; networking.hostName = "serverle"; - sops.defaultSopsFile = ./secrets.yaml; + sops = { + defaultSopsFile = ./secrets.yaml; + gnupg.sshKeyPaths = []; + }; #environment.noXlibs = true; diff --git a/nixos/serverle/secrets.yaml b/nixos/serverle/secrets.yaml index 705dd7e..d02af37 100644 --- a/nixos/serverle/secrets.yaml +++ b/nixos/serverle/secrets.yaml @@ -1,9 +1,6 @@ -borgbackup_user: ENC[AES256_GCM,data:9eCWsSi9U2b4XKKc,iv:PDS8TrbmU5XmefLFdi8XIQeu9Rq0y+yJkdGrND6F3ts=,tag:651RHA5y6all5+2rhdjCdg==,type:str] -borgbackup_host: ENC[AES256_GCM,data:qYwTGE5kdp/jsKK8scVAUCXfOAi787lwiFB3VlntIg==,iv:sFerbhHMCw1lwm9CzAAW7G1JwuZxvTxMzoKP6U5l7bI=,tag:Mi1QFDUo5rWzKXBQ1fsrZg==,type:str] -borgbackup_dir: ENC[AES256_GCM,data:14thrxUMOl+2,iv:yjvQMCwcpN/AqbE/oLBNYbk3FpPHHibKZrxnK1gBdTY=,tag:CbEgg3WsNZ9MLw6iAMMW5A==,type:str] +felix-password: ENC[AES256_GCM,data:KJ9FE6rGUgzUU/6l,iv:xBa0vUYucQJ2oDBlatKsBAHzgCbHadNF+icYSJrmLFM=,tag:dbx00YzlrJXxEzGdDWtXlQ==,type:str] borgbackup_password: ENC[AES256_GCM,data:+i3uY8b5K558QD86dtuAmaIxHDbh0k8=,iv:dvhqQYKY9ZvZVKs/j3mD3mqF5B6IgSX2RCC14eOMxJc=,tag:X8gJU1iOQGQfjJh4MaRYQg==,type:str] borgbackup_private_ssh_key: ENC[AES256_GCM,data:WDVQaAmNMtZP99lCOpeMDnsL26gziDHlDDSnct7QXU9KgveNhDnnh4vGR/DaPlsnp76dVaNKf1vpspsJjtJ+BcEOg4SKU7xyODK5f5tglRJqapmTymASzERNF9joP8Py1lW15zlgGy4s/J9oAQ8gsfwy7aUGMlPr5xafHatbKPXiy+OnxekTTzT+H5eGaMl+q5nPKX8yOwnwBnPwp6DKvK+rTrqBptNsYBxw0MYgdEK1hW1YUxE9d4oZM3Mi7ggklK+ztspuXNpqkbogqc+1XIZN8vMaL9MK5zSJjuCw9lFYsfHctgiBlEuOy5Hn4tyEhu49uWVvoJLb+q7+gNJcbKBrisFd4c9fa7EnaQ4AenP2l1arZqlqjaqLNhD9FWI47o0neXe6TDAv1msIMXHibQVEVyNdktl6LBxQerXiGq33fWe3J5usaUFVi2N4sOF/Pn1Hta25OvuO2N2gUWh1bqi11wYzljS445LOOPBT3jkoceV2m+5R7fpF0soc/beKdj0dP6u5sfKbXFolHk1K,iv:4ZS/6PfyUwXlFaCYxpO0VkjBoH9zM9DJvF5I7fLYR+M=,tag:9m6RHNgr9TunQJp1Q5MqJA==,type:str] -initrd_ssk_key: ENC[AES256_GCM,data:G21oGK4o2M1l31EdH+ebvuQ/FErCW4kqCuAIkdLfPdkzHByBja22X4gadqwbMW43BxJ1aqlsPxO5l09ZRVnW4SY3Y2gAUQMgTUB58HgBr8m0a/48b6k7LXgLSbCasWnLCJ1e103+WaBar06DKL9EGO/+ckGRaoEE839tEksyKG+m/ijuk7F5jTiMIqkAloiqSp7UF85uNn6lytFZi2RVVJYbWjgRv6BpmgFlUnrEkWkwvF+dB61Lc+9uMOWMI2qCB8nJfiYrokxt6PNh7e1jN15vTJqWivkNwBl4gdesBzwRZIraHy8Q3m2Gl11g0Ai9x5GAFMQxzYMxIH/FTK5GlCi1mAqIX8vGp4nbuGUcbmt1jK9oLkVnRPg2u9G+qa8GduKfcDEWnIkepxNsR8aXolKGm+aDjD7pZFpJbn7YzzIgNXQBHvIcgL0DAYAaTPpZGno9gYFtqqlo9u2ltoha4nV8YpwrjJV4mTlswanSWNutWHLSuNDALvbzuFsjdXdJqKblXdeTk8h3i/eJx3pX,iv:vPOEYZGXyAlah8TRvRNQiI+rG5JZ+4//tCODeKS9XQE=,tag:mQM6R9a5iSYUBbAQC3KDEg==,type:str] sops: kms: [] gcp_kms: [] @@ -13,23 +10,23 @@ sops: - recipient: age1hf8m9upp00dr7qv2kmqdr50fpvd9ejzkfu8yknqnuda2aas2tvrs4l3u7m enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5STRaTnBIRFptdlBMenh4 - UnhKdlQ1bDVzQzJqenRHeERWeU1pRU9vT2tRCitBVFhBbXMvQ0p2YUs0b0d2Q2hW - aHVxRWVnMWw2dkNIVVBBN1pTaUZIeWcKLS0tIEZZN3haVkVJL2dnRW05WDhtenJI - YlZ5RVdyOFBVVkJmRUFIeGFEbW1XdkUKM0U4vXxIbHx31btXdRVB4oXRiEPbDK2L - nY/sf0N9AOnR3n+RaoCF+gM7VlykKECKsbW538Lba6nX46FZc+LcCQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1dVYyRDRWUkNKQXN2c2N2 + MDVGajJzWVl4S2FkVkNHc1FlcEtYdmc1aVV3CmRFckplMWVyNVhJWDdNOFlXK2xK + VW9MdmdvbTkrQiswdlU3SkZhUU9TK28KLS0tIHdxY05qaHlHbGVMejBzYk5MUSty + cTF3ZTZKdm9WK29Da21oRU9ERVJVS00Kp/VflSZZB0evGinqjFBnqR1zI0CIwF5s + jqQhA0OQV5tHcP/SBoLRJeEn5iH7aAcUzXseV1DZ2kwkZ8eKUUWmdA== -----END AGE ENCRYPTED FILE----- - recipient: age14nt7qcsrye0vrpk0xcgcfmhkxwwumna39fpn83g3x0zml62skatqpnmhk4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdWovR2dKYjNZaFZ1czJ0 - VFZUMytvb0dKUk5qb3F5ZHpnci9ibUt0QlJjClZ6YUdrZWJLb1d1bEFNNzgwWnRH - amVxYldDU21HUk5jUENQV0dSSGtqSE0KLS0tIE12WGFUU1gyM1l5U2ZhM2c1d1JW - SkFGQ04yWEhBY3FPSE5RaXZ6N1NmSUkKpLf4gOnPBx1ao5slYIfvK9sShRep2bqO - IZvlGcsX1EHP0WB8XT1f9GUjBaEM1ZdIlXfaWRW2DDrDbgs+usQq2A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOd2ozNTBXMTB0UlBnTWZs + VVJqdC9nUXFHUjBBdGk2RjFaRVhTeS96WENRCjJUNGJNTmJ6Nmd0ME5XTjNyaGsw + SFp2Z1F5djJETnpsa0tNOFJpY0F3ZmcKLS0tIEsrQ0tvZ09QeVdxTmhxSXdBUjAw + a1BjcjVaM01UV0o5bTFTVTE5QUZKMmsKPAGYDf1FVtp4+Z/KUrI6z0aZYEwN1DYa + jKtA1IUXrmdaRllN0SfC+YjMXTk7IoJvrjagCv9Zo0zEKasfO8PL4g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-06-06T12:47:04Z" - mac: ENC[AES256_GCM,data:XQx8J0b8KDwek3WG10rBBD972y1KmFieZRvnLBIURiWOGp+M6haI44iVV1TKCfa9RRLMhhv1dn4KqHgZwQsDz1iuA9B48a9rFvEyaljD3DC9e89d92FSHpGM2+8ThSsLb9kCYRBHQ3piut9YFbq+CSnyCJ1I9x4tgbcw/NqWsjk=,iv:sD+QhkIQMoZhqG//7zBf9/wXl3fxwYG/JFE/VtF65OA=,tag:F+37as3mSR/sjCYpmcopbg==,type:str] + lastmodified: "2022-06-24T16:01:43Z" + mac: ENC[AES256_GCM,data:ZdHbO7BUlRlJr4I7GwU0QxZl7NuAtK1o/9k8XraVm9ztBemMGW5lMAqEObyg4jN5tB/BtvomGTYspDAIncD5iPgxpbU2WCMdEh41zAhnweAbdHkgGtFo2Cy9WEolX5arfJrkq8lY/ZLe+2ehhvqFivmNpNwZ2PKRa3CwF523Ehs=,iv:RZ7BH9MJJR5moFGI1Q+GdRn/c57cjVSEpqbGv28Tcl0=,tag:IRU2XcT2eO9fUZbzjx3VSQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/nixos/thinkman/configuration.nix b/nixos/thinkman/configuration.nix index 9af6e4a..eb3a7f1 100644 --- a/nixos/thinkman/configuration.nix +++ b/nixos/thinkman/configuration.nix @@ -41,8 +41,10 @@ networking.hostName = "thinkman"; - sops.defaultSopsFile = ./secrets.yaml; - sops.age.keyFile = "/var/lib/sops-nix/key.txt"; + sops = { + defaultSopsFile = ./secrets.yaml; + gnupg.sshKeyPaths = []; + }; # Use latest kernel boot.kernelPackages = pkgs.linuxPackages_latest; diff --git a/nixos/thinkman/secrets.yaml b/nixos/thinkman/secrets.yaml index d1fc43c..8b3f74f 100644 --- a/nixos/thinkman/secrets.yaml +++ b/nixos/thinkman/secrets.yaml @@ -1,4 +1,7 @@ felix-password: ENC[AES256_GCM,data:xISAZHKQgH4DcKTl,iv:Q9TbDnVz6dBquPLgXfFYcpDeFOQfGBTbuCOOWKNhXX8=,tag:Eq7EGOv5mZrtaET6h2eEwg==,type:str] +borgbackup_user: ENC[AES256_GCM,data:E67CuFxRLJF/sZQq,iv:a0T86Ov5/sQEXC/Z1HNfp79goiUTtuDCFUbEc4pE1gU=,tag:si/Mt5jVLEEy3KU7cumiOw==,type:str] +borgbackup_host: ENC[AES256_GCM,data:uDB3/zFDonmnk+XPufgElTuJvOobkkqvK5p3HpIW6Q==,iv:+BN2PAzXtDYIsRU7ipg6Nk7TOQiVHuPlkyiw4+0fTHg=,tag:NQcAu5xbZp7iDqpKHEBE3g==,type:str] +borgbackup_dir: ENC[AES256_GCM,data:48GibEY3qNvE,iv:HDCDD9RXH4Wg0P8bbCE4vfpJXgNruZbMf2zdn4j6nHc=,tag:/G7Ot3l0FEqxjCDc6ItzMw==,type:str] borgbackup_password: ENC[AES256_GCM,data:+LCiZ3ttCR4lsy3vJPPUdhbSKxbghoT3lg==,iv:FaIJoZggZNCRuHyfWUQ+DDSBFzbP8Nh90nn7+gUlRak=,tag:7FysidMti7NBkLyHvoYZtw==,type:str] borgbackup_private_ssh_key: ENC[AES256_GCM,data:XO43VMaX0T0OlImTZWvmrKl5Ph48TMXVWNHcP0Ez9whJLTArnySImh5Tv5i9v7c4ASDypBuUarZYwbdcYbOBwJV3PQxD4RR7QSuP/nB3QVha7ytgGYPbH3CZ3+uHCCyf1f5ZUoZMxTrJRDGURJNKpfkCySizXvEHhrDiO1mLZzuHq7kRujNR/+ymDp9gooacMPwGunj3fd8P3QQ3t7EM844Q02tLVy5og82qDePw0h/S9CTjnJkt5Rjl/CCc/pKn9oZ9XYOG57RUOcWyyF0PTc4wlZiBnG1H/m0LvKt3ThnLNRrOrOyulven35gMbr0cfs1UeBcAj6OnmrFeWIa72d/JTSMCa+KtUuIWrG3H2InqVLan9rMrQpQl92onb6vEnCIlhZdgWfRjRotplcxCFlLKpAgUo+bIIuWpb5hIoTKjAuHmz2byNbEgeYxIMSty93aj1BEbMIuzmTjWabsd0vqkKKouzlCN+9avT1TBoOG2anOEHWmYs44wsJN30z4px5c7pEP3qWpXkPhf1ecz,iv:v73n2tYZ2b4NF0xjeBvC3rKijkchb93xZA+Z9LUzBqE=,tag:6yhSJH3UB3Rajr36WdcXfA==,type:str] sops: @@ -7,26 +10,26 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age14nt7qcsrye0vrpk0xcgcfmhkxwwumna39fpn83g3x0zml62skatqpnmhk4 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXRUo1SC9MbkFveEQrczU4 - OCtoZ1g0MDFjOGp3WHZ6d0gwVjNHcEdsckRBClhHblhwT2xicWJKazZjbm4xeEVU - alRBTksxUEloeDJWdC9wU3VmQ2YyWjAKLS0tIEZHNUlNUXNvd2JMTlllcldTeW44 - T1JrV210WWQ3VTV0dEtidXoyMXQ0UmcKqFDvDdAVDjO23xZYQzmnmf7fbp23RnRC - 6Uyi7N5nuJib3GWnMiiPfNI9aeq0IpehuevrvrPhsY42jqx7n+z/ug== - -----END AGE ENCRYPTED FILE----- - recipient: age1hf8m9upp00dr7qv2kmqdr50fpvd9ejzkfu8yknqnuda2aas2tvrs4l3u7m enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMzUxdEZEaGRuTTlNQ0Fk - YXB3TTZLR1BMMW1wd0dWM21JSmtCbVJJU1JNClNrdk9pM3NvaU5xdG1HZ2lqWW9v - ZTJqeHJxL1dJbUN4aDZUU3V4QVM3QWMKLS0tIG1tR1A2V3FDMW1lZWJSanpKTGdi - V0RYMTRlSmtxQXgxeURDTWoxNW40MEUKsAaewEOrlH3XFXLs4vGt62J3uU9hlbkN - a+3MDTcPzwTdT46q7cRp/vLFvEtWj1alwY+wzF8m3H4aLy2pdKz7+g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuMHpBZmU4ZVo5UitOQ1la + UUNZNEU5OVFqM2hsY2g0YzRkemRvbUdyYVVjCjhFbDR2cUxTYUU2dU1Oekc4VEZ5 + K2JEd1JZMkFhUXhFaTVnTytFeFU4TmcKLS0tIG5zTGZ4OG9GN2tNVE5zUG95dXFk + cG01NlA0YlpzcENqWjJMUkQwZXJMcUEKv94rjj5iHY1HAZQiE5yleC4f0WABcXbm + Wf4xYYCCWUmcTKXabIyPWn9eCNYCQgy29YTcTKu4/8BvebrGkRHuHw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-06-05T10:38:15Z" - mac: ENC[AES256_GCM,data:CYINKjObzXgBDTjvkIOzvOzi+MuSnlcRGrD931CS+s+Cezp6wI0PnDa4hRtLgZpVsz3Q8D4gVDuSvT77w4EeU/FNWWJglYvB8gVP0/a6yGokn3KGpT6XGSvUJkvjpX4PAPrUSS6Eoqm16AEQFsqAST8cV/nHugDzXe7vgtv560U=,iv:/AZOg1/y8WFiZladDscVF5wo8olnAaCnMao5mcuEPi0=,tag:D0atRcbRZCboxr42mXAtrw==,type:str] + - recipient: age1spt854cdscqs757a8kazth52rv4p9udh54suw9lpzlqg5savyapq2u0c03 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLSUlHb04rMGR5YWFhUUZq + QXVHYnZQUUdQc0FzbTgyalBPZktBdDVvZ2lRClpzcDltOFA0eFlqTGRUNFptcW1C + WGZyamIyNEFTQXQ4R2pmdU9FS3lma0kKLS0tIFphS0ZhbmxDb3A5MnVvaVJGT1Iw + bzY2ZTY1QUtSRjlOZ1E0Vkw5Q1cxYmMKqwvWUv2XpRIenGwCpZuwKQc0ZsiX2AAx + pmIh4f10G7wr1rLeodRi2KxYIrrudPbxEWIuzmBRyHc7+3EPpzLetw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-06-16T10:04:20Z" + mac: ENC[AES256_GCM,data:8g6v+n6+a4n3taqlrkiIT29ZNhO1IY6JofH6UbQEKfVvTBQ9F0B+HGH0Y+eKcBtdEOf8wC2A75pf4VaPiCocp7sQozds5OkDAiUwlH0t5MeL6WrbQ0iOqB7qTi1syNsBTQKfGmqNyb2AtCBVRslRvmJEyng3WAVpF5IaPNuEvBQ=,iv:IyyarbvdmT/hXcjf4Y45FeZb5bKMwN+hLLBJe0thWbI=,tag:52eEvGx28vJJl7ulZ1euWw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3