feat(sops): Add sops config for pi4

This commit is contained in:
GaspardCulis 2024-11-05 23:40:18 +01:00
parent a1e3f8cfc3
commit d8304b993d
2 changed files with 34 additions and 2 deletions

View file

@ -100,9 +100,10 @@
extraArgs = {inherit inputs;};
system = "aarch64-linux";
modules = [
nixos-hardware.nixosModules.raspberry-pi-4
"${nixpkgs}/nixos/modules/profiles/minimal.nix"
./hosts/pi4
"${nixpkgs}/nixos/modules/profiles/minimal.nix"
nixos-hardware.nixosModules.raspberry-pi-4
sops-nix.nixosModules.sops
];
};
};

31
secrets/pi4/default.yaml Normal file
View file

@ -0,0 +1,31 @@
wireguard:
private_key: ENC[AES256_GCM,data:L6FD+kBF7AoIrm3pMM6/pmWtX2FP5dUrJ9hUCuW9n4SlJ/JhpxI9m/1owIg=,iv:ok4pyUUv80kPY9n4WQmBGYHmMsPJnG0tnF+vbNhqc3s=,tag:OPribO7RoVCkFkTrYrHw7w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMFBDWjhzWXcvOTVVaVll
eURGUnc3VFBrNlBqSFBuR2ZuaXQ3SWhwaFdvCjd5Z0N2enFmQkNQN0ZUUGV2OFJP
U21DNWN4TFp2bERoT0U0SzVsTGNHeG8KLS0tIGpPQ2dOMUdmVG9DbS9nS3EwblQ1
MGZhZFFmUGpZbzlFS2JrakNTMm52aTAKeIHvB+cDdMsyj7BIRKbpNg58BIcIKJJl
BJCwqLxTGJe5gD7tvt9WzEwdSKO0VocXLth+AUCz6UuNLDfEugtBoQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzUXpiekJ5Unc2L3pCTlNy
amxhUWxjQmZRZmlxcUZJakl2bEF0OEVnVXhFCm1GaHFxaTQ1eFllV2h6K1pwMUVU
cXdCSHNheEkvMGtIMkVBMXBOQlUwZ1kKLS0tIHNaQ3BIM2Z3WUVTSTM2bFE3L2lL
bTV0N1FRcFYvZDFvTDVHSUl5U3pNeEkKdhAgD33dvKnW0ssNJH+U0iBCYbEd7Dcw
9HwcOeSbHL91b6a1C2dzKqeeoynTBvg4B7uCAUsZZen3SGu7ON5gCg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-05T22:30:48Z"
mac: ENC[AES256_GCM,data:GI5Hb8zvafTdWhpm+D6qp9iefMD9NwYPRBKcxrIL9M1wTMzMzD4QsrbMDKQELfTYK3QhLZ0G4KTmLfoSB1zYO/GtslRDAAHmFzLuNNVJ9/8gIrd/Gb12JLnUDjJrxYEeF15NKnyqRMKUVQiJgYd8ggLGzT9pRqaMNTKCYutqsaE=,iv:XB/Ddi7mU9SdRD7nHkyAZR+gTZ9ZY2ZrvHlb0kFK/4Q=,tag:OgEw78w4o44CamP/4C6Y7g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1