Jaaj-San/pointfichiers
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Jaaj-San:86a896c688d4499814b2282d896d2459f1e39835
Branches Tags
Jaaj-San:main
Jaaj-San:feat/ovh-config
Jaaj-San:feat/nix
..
compare: Jaaj-San:84225a9a7151bd8e728726fffd495d69f9c49ae5
Branches Tags
Jaaj-San:main
Jaaj-San:feat/ovh-config
Jaaj-San:feat/nix

2 commits
86a896c688 ... 84225a9a71

Author SHA1 Message Date
GaspardCulis
84225a9a71 feat(OVHCloud): Added sops configuration with test secrets file 2024-09-26 16:06:14 +02:00
GaspardCulis
a9e075ed8c chore(flake): Added sops-nix input 2024-09-26 14:09:28 +02:00
6 changed files with 114 additions and 1 deletions
Show stats Expand all files Collapse all files

10
.sops.yaml Normal file
View file

@ -0,0 +1,10 @@
keys:
- &admin_gaspard age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
- &server_ovh age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
age:
- *admin_gaspard
- *server_ovh

40
flake.lock
View file

@ -364,6 +364,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1725762081,
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1726243404, "lastModified": 1726243404,
@ -392,7 +408,29 @@
"hy3", "hy3",
"hyprland" "hyprland"
], ],
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1726524647,
"narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
} }
}, },
"systems": { "systems": {

7
flake.nix
View file

@ -23,6 +23,11 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
# Hyprland # Hyprland
hyprland = { hyprland = {
url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
@ -43,6 +48,7 @@
nixpkgs, nixpkgs,
disko, disko,
deploy-rs, deploy-rs,
sops-nix,
home-manager, home-manager,
... ...
} @ inputs: let } @ inputs: let
@ -64,6 +70,7 @@
modules = [ modules = [
./hosts/OVHCloud ./hosts/OVHCloud
disko.nixosModules.disko disko.nixosModules.disko
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
]; ];
}; };

1
hosts/OVHCloud/default.nix
View file

@ -9,6 +9,7 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./sops.nix
]; ];
# Nix # Nix

23
hosts/OVHCloud/sops.nix Normal file
View file

@ -0,0 +1,23 @@
{config, ...}: {
# This will add secrets.yml to the nix store
# You can avoid this by adding a string to the full path instead, i.e.
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
sops.defaultSopsFile = ../../secrets/OVHCloud.yaml;
# This will automatically import SSH keys as age keys
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets."caddy/ovh_endpoint".owner = "caddy";
sops.secrets."caddy/ovh_application_key".owner = "caddy";
sops.secrets."caddy/ovh_application_secret".owner = "caddy";
sops.secrets."caddy/ovh_consumer_key".owner = "caddy";
sops.templates."caddy.env" = {
content = ''
OVH_ENDPOINT=${config.sops.placeholder."caddy/ovh_endpoint"}
OVH_APPLICATION_KEY=${config.sops.placeholder."caddy/ovh_application_key"}
OVH_APPLICATION_SECRET=${config.sops.placeholder."caddy/ovh_application_secret"}
OVH_CONSUMER_KEY=${config.sops.placeholder."caddy/ovh_consumer_key"}
'';
owner = "caddy";
};
}

34
secrets/OVHCloud.yaml Normal file
View file

@ -0,0 +1,34 @@
caddy:
ovh_endpoint: ENC[AES256_GCM,data:VkchYxz0QK8=,iv:NufvzW2DCt2HE9rr3knzEP5urUtY+lhjNbVgy+NXSz4=,tag:EWwNRkx5VSuB4pgJ+JmBXQ==,type:str]
ovh_application_key: ENC[AES256_GCM,data:jq4=,iv:0Q+ZWrimJdbjqFeOD7cLjB6QeCAcfbp0FU/xC06uSto=,tag:n7jhp8xAQ73bmdNXPXx+jA==,type:str]
ovh_application_secret: ENC[AES256_GCM,data:9YAF6xVN,iv:Rb/Bv33N4Gyxu4XNrDz5VuLT+aTojT3WoVJf+gyxDBk=,tag:nXWQRjfORJV6/CqFQpGmxQ==,type:str]
ovh_consumer_key: ENC[AES256_GCM,data:lwP6/kHp,iv:oNs4QuCqOSrawXGdEG5QO2ATTKqjg1x6C1SzRbgWm2E=,tag:piTViTsKIsp+SJ+P7a8znA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqckxiTmx3Rm12ZFJ2ZXBn
VVdOeCtWeE5xZGExOE4wTFliOGlqWWpWSFNBCmFSWS9MQmt1TWg4VFJzZmNpdStv
dThvSFlPSjk0dHZGTlEraldHSklDUkkKLS0tIFVjbFliTFZjUlkrejR2RnAwVTRU
U0NEaEpLREVNMUlxUFNIbTVKaUpoc1EKRC6skQPEMA4odk3yD66bqPa/2rvLGztx
FTwwdJuE1CXaErwtt7wOfMsb3c9HhpT2R+c76woP20+VsMJdrwdeHg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSLy8yZlBuUU5QRXptZmZQ
UzlLUmxSblpFVCtFdE4vWmUreThhT090aEFrCkV6b2FaVy83QnBTZTVrcWE2RGNE
VldUZVkveUl5bnFLZzRBR0JCWGhseEUKLS0tIDNZeGczT1BxV21VcnFmSkN0V09P
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-26T13:50:20Z"
mac: ENC[AES256_GCM,data:swF5s4D2zyO1sRxoZnYQ5oNx9psl5YjW0afuozdqODObUvkVfHo5IClRZ3EOMsly5Hvr5If04TBVf2/qTQv7SVVr1jUpyVnirgY6l8SH/Fvp2JWYdgUYRUR9wdzTDfqmYwf+vIxP2o7kPKpVg4Ek0ipewIf/3XHfiFfKmDCea5c=,iv:VKsbK9gfdj68Xr44v2oL4YoljRfyyF+53s2bdyedPwA=,tag:8hQ8pHctHJa0Jbgk0ZChGg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0