caperren/nixos-configs
1
0
Fork 0
mirror of https://github.com/caperren/nixos-configs.git synced 2025-12-30 11:04:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add default.yaml for sops and set as such

Browse Source
This commit is contained in:
Corwin Perren
2025-12-13 02:36:20 -08:00
parent 420513c859
commit ade7bdd892
2 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
.sops.yaml
View File

@@ -16,12 +16,27 @@ keys:
- &cap_clust_08 age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r - &cap_clust_08 age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
- &cap_clust_09 age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp - &cap_clust_09 age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
creation_rules: creation_rules:
- path_regex: secrets/default.yaml
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- *cap_clust_01
- *cap_clust_02
- *cap_clust_03
- *cap_clust_04
- *cap_clust_05
- *cap_clust_06
- *cap_clust_07
- *cap_clust_08
- *cap_clust_09
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:
- *caperren - *caperren
- *cap_slim7 - *cap_slim7
- *cap_nr200p - *cap_nr200p
- path_regex: secrets/cluster.yaml - path_regex: secrets/cluster.yaml
key_groups: key_groups:
- age: - age:

5
modules/system/security.nix
View File

@@ -4,6 +4,11 @@
sops sops
age age
]; ];
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ../../secrets/default.yaml;
};
security.sudo = { security.sudo = {
enable = true; enable = true;