Compare commits
No commits in common. "84225a9a7151bd8e728726fffd495d69f9c49ae5" and "86a896c688d4499814b2282d896d2459f1e39835" have entirely different histories.
84225a9a71
...
86a896c688
6 changed files with 1 additions and 114 deletions
10
.sops.yaml
10
.sops.yaml
|
@ -1,10 +0,0 @@
|
||||||
keys:
|
|
||||||
- &admin_gaspard age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
|
|
||||||
- &server_ovh age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
|
|
||||||
creation_rules:
|
|
||||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
|
||||||
key_groups:
|
|
||||||
- pgp:
|
|
||||||
age:
|
|
||||||
- *admin_gaspard
|
|
||||||
- *server_ovh
|
|
40
flake.lock
40
flake.lock
|
@ -364,22 +364,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1725762081,
|
|
||||||
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "release-24.05",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726243404,
|
"lastModified": 1726243404,
|
||||||
|
@ -408,29 +392,7 @@
|
||||||
"hy3",
|
"hy3",
|
||||||
"hyprland"
|
"hyprland"
|
||||||
],
|
],
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs_2"
|
||||||
"sops-nix": "sops-nix"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"sops-nix": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1726524647,
|
|
||||||
"narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
|
|
||||||
"owner": "Mic92",
|
|
||||||
"repo": "sops-nix",
|
|
||||||
"rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "Mic92",
|
|
||||||
"repo": "sops-nix",
|
|
||||||
"type": "github"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"systems": {
|
"systems": {
|
||||||
|
|
|
@ -23,11 +23,6 @@
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
sops-nix = {
|
|
||||||
url = "github:Mic92/sops-nix";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Hyprland
|
# Hyprland
|
||||||
hyprland = {
|
hyprland = {
|
||||||
url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
|
url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
|
||||||
|
@ -48,7 +43,6 @@
|
||||||
nixpkgs,
|
nixpkgs,
|
||||||
disko,
|
disko,
|
||||||
deploy-rs,
|
deploy-rs,
|
||||||
sops-nix,
|
|
||||||
home-manager,
|
home-manager,
|
||||||
...
|
...
|
||||||
} @ inputs: let
|
} @ inputs: let
|
||||||
|
@ -70,7 +64,6 @@
|
||||||
modules = [
|
modules = [
|
||||||
./hosts/OVHCloud
|
./hosts/OVHCloud
|
||||||
disko.nixosModules.disko
|
disko.nixosModules.disko
|
||||||
sops-nix.nixosModules.sops
|
|
||||||
home-manager.nixosModules.home-manager
|
home-manager.nixosModules.home-manager
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -9,7 +9,6 @@
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./sops.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Nix
|
# Nix
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
{config, ...}: {
|
|
||||||
# This will add secrets.yml to the nix store
|
|
||||||
# You can avoid this by adding a string to the full path instead, i.e.
|
|
||||||
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
|
|
||||||
sops.defaultSopsFile = ../../secrets/OVHCloud.yaml;
|
|
||||||
# This will automatically import SSH keys as age keys
|
|
||||||
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
|
||||||
|
|
||||||
sops.secrets."caddy/ovh_endpoint".owner = "caddy";
|
|
||||||
sops.secrets."caddy/ovh_application_key".owner = "caddy";
|
|
||||||
sops.secrets."caddy/ovh_application_secret".owner = "caddy";
|
|
||||||
sops.secrets."caddy/ovh_consumer_key".owner = "caddy";
|
|
||||||
|
|
||||||
sops.templates."caddy.env" = {
|
|
||||||
content = ''
|
|
||||||
OVH_ENDPOINT=${config.sops.placeholder."caddy/ovh_endpoint"}
|
|
||||||
OVH_APPLICATION_KEY=${config.sops.placeholder."caddy/ovh_application_key"}
|
|
||||||
OVH_APPLICATION_SECRET=${config.sops.placeholder."caddy/ovh_application_secret"}
|
|
||||||
OVH_CONSUMER_KEY=${config.sops.placeholder."caddy/ovh_consumer_key"}
|
|
||||||
'';
|
|
||||||
owner = "caddy";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,34 +0,0 @@
|
||||||
caddy:
|
|
||||||
ovh_endpoint: ENC[AES256_GCM,data:VkchYxz0QK8=,iv:NufvzW2DCt2HE9rr3knzEP5urUtY+lhjNbVgy+NXSz4=,tag:EWwNRkx5VSuB4pgJ+JmBXQ==,type:str]
|
|
||||||
ovh_application_key: ENC[AES256_GCM,data:jq4=,iv:0Q+ZWrimJdbjqFeOD7cLjB6QeCAcfbp0FU/xC06uSto=,tag:n7jhp8xAQ73bmdNXPXx+jA==,type:str]
|
|
||||||
ovh_application_secret: ENC[AES256_GCM,data:9YAF6xVN,iv:Rb/Bv33N4Gyxu4XNrDz5VuLT+aTojT3WoVJf+gyxDBk=,tag:nXWQRjfORJV6/CqFQpGmxQ==,type:str]
|
|
||||||
ovh_consumer_key: ENC[AES256_GCM,data:lwP6/kHp,iv:oNs4QuCqOSrawXGdEG5QO2ATTKqjg1x6C1SzRbgWm2E=,tag:piTViTsKIsp+SJ+P7a8znA==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqckxiTmx3Rm12ZFJ2ZXBn
|
|
||||||
VVdOeCtWeE5xZGExOE4wTFliOGlqWWpWSFNBCmFSWS9MQmt1TWg4VFJzZmNpdStv
|
|
||||||
dThvSFlPSjk0dHZGTlEraldHSklDUkkKLS0tIFVjbFliTFZjUlkrejR2RnAwVTRU
|
|
||||||
U0NEaEpLREVNMUlxUFNIbTVKaUpoc1EKRC6skQPEMA4odk3yD66bqPa/2rvLGztx
|
|
||||||
FTwwdJuE1CXaErwtt7wOfMsb3c9HhpT2R+c76woP20+VsMJdrwdeHg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSLy8yZlBuUU5QRXptZmZQ
|
|
||||||
UzlLUmxSblpFVCtFdE4vWmUreThhT090aEFrCkV6b2FaVy83QnBTZTVrcWE2RGNE
|
|
||||||
VldUZVkveUl5bnFLZzRBR0JCWGhseEUKLS0tIDNZeGczT1BxV21VcnFmSkN0V09P
|
|
||||||
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
|
|
||||||
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-09-26T13:50:20Z"
|
|
||||||
mac: ENC[AES256_GCM,data:swF5s4D2zyO1sRxoZnYQ5oNx9psl5YjW0afuozdqODObUvkVfHo5IClRZ3EOMsly5Hvr5If04TBVf2/qTQv7SVVr1jUpyVnirgY6l8SH/Fvp2JWYdgUYRUR9wdzTDfqmYwf+vIxP2o7kPKpVg4Ek0ipewIf/3XHfiFfKmDCea5c=,iv:VKsbK9gfdj68Xr44v2oL4YoljRfyyF+53s2bdyedPwA=,tag:8hQ8pHctHJa0Jbgk0ZChGg==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.9.0
|
|
Loading…
Reference in a new issue