From ae58864cc241ee44e3a70da3f7d09bf72eb80d40 Mon Sep 17 00:00:00 2001 From: sefidel Date: Sat, 18 Feb 2023 00:16:58 +0900 Subject: feat(home): add 'home' ssh-to-pgp key --- home/.sops.yaml | 4 ++-- home/secrets/secrets.yaml | 38 +++++++++++++++++++++++++++++--------- nixos/alpha/configuration.nix | 4 ++++ 3 files changed, 35 insertions(+), 11 deletions(-) diff --git a/home/.sops.yaml b/home/.sops.yaml index 7bfe113..2bb8262 100644 --- a/home/.sops.yaml +++ b/home/.sops.yaml @@ -1,9 +1,9 @@ keys: - &sefidel 387E2BF0402610B00A9CB7E689C80C5BD6DBE2B2 - - &host_alpha c62b0336ff6e444e5f2041e8074ca855641a5b7f - - &host_kompakt e6a9ee28ea91e2dbf24d817d0c5936391be59DC0 + - &home_sefidel 819975cf4b52822fbdc0e966ff61829f24f95075 creation_rules: - path_regex: secrets/[^/]+\.yaml$ key_groups: - pgp: - *sefidel + - *home_sefidel diff --git a/home/secrets/secrets.yaml b/home/secrets/secrets.yaml index 4a492de..6c199c2 100644 --- a/home/secrets/secrets.yaml +++ b/home/secrets/secrets.yaml @@ -1,23 +1,43 @@ -sef-imap-password: ENC[AES256_GCM,data:HsdWSqGe3JrpeUzYNGzYKlpimu12QjTD1ENCV4ke,iv:Rl+wtmBKj4uyN1WWljncZf0g9QAbRhqdOY0gR4MPb5w=,tag:YCPZQHKa6sK5YQPj9oearg==,type:str] +sef-imap-password: ENC[AES256_GCM,data:tq+CYvkPfUgPxvErtFqLF05NGrRt63ckv/hG1WqJ,iv:9d7YpmHnUXesfrGApQ+rylp1CS9Rp+vzXtUfyzisalo=,tag:Trcq6VVMrsEg7YXwaiaeXQ==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-02-15T14:11:59Z" - mac: ENC[AES256_GCM,data:haJT0zXhCUXrHajLWvdpNRyD9mvudMvmxwDittd1MDxk6ShkPLgp4gWJOvaKMhlzfA38BImTLsD18TSu4LsyywGSIEJWtl+yvWx8oPnSM3ag6qVosR+lFZscExIfVHLl3TlpDqwQjYhEI+zJ/4CUHYMx47CiVJ8Pv3gNS1gPCik=,iv:QmfmrDTPy9ccm5phCN3MEyMUM89NfYtFLz1rCnTzEbU=,tag:SksJursT3QY/plT/mWF78Q==,type:str] + lastmodified: "2023-02-16T17:30:13Z" + mac: ENC[AES256_GCM,data:qbOhCP7Y1cFC4uYFUyoVMPmwMdtnq39PJfjVJvDWZ/jATGt2+uYfQpB5HaFEOXH2fIaNmliWcsw5cMNjkRaVUJrozvKUo8luqofifnx2SFmLTiIFHIcSlslcecU+Ty9ZP6CCe8Xxx2QM1eBKTK6e6Dy4CFoIY2ZIu05DBO+FaTQ=,iv:/wMwGDnwOUmPewy1YAjR/FUMWBXJ+ch+a1i3vYgKPFA=,tag:3cOQWrl2JGrDnaYT1xckqA==,type:str] pgp: - - created_at: "2023-02-15T14:09:50Z" + - created_at: "2023-02-16T17:30:02Z" enc: | -----BEGIN PGP MESSAGE----- - hF4Dr9flwPWa1q8SAQdA74x1F2fT6BMnBcQn3vlRxNrbjpWVm4/iSxvQvcBFvBsw - J080DN3DqgU7EQyE5Tp+NgsNnntusf37gdObzzday9W9kRU5tTTdKdjPwKyCOzbP - 0l4BM90zEP36xz5v+w3H4kGNbRmI7KRNJn5objmt7s+vRiS9JKJEmeyZ7ZyfCBnC - S7HkR8w1XyBCS5D/MPoCb1cQObrS2seJqF3jYxGMkK/8kE3E5BFIsIGP55dlNO6g - =+RWr + hF4Dr9flwPWa1q8SAQdA27eYQIHgncOnRgp+WvsVIdv5xsJ89ZK1Wp7Sx/WBOhUw + +rp01T2gASSlrwFgbey/9lG79r7rcbSrGE03AtLbi0o8ZaK8Cb3XGJQ+8YggRII9 + 0l4BnwlUhq0Ctufzf6+Rm5BGm8nlPNYIkTJTDEyE2dHMWBj9tEeP4eVwoTsO+F8d + bQX3EWPvw+EbwvitQMb1648CZRUX7Yitl+MS/FK3HV3SFCVAkisdGpy6np4LzIgm + =4eAw -----END PGP MESSAGE----- fp: 387E2BF0402610B00A9CB7E689C80C5BD6DBE2B2 + - created_at: "2023-02-16T17:30:02Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA/9hgp8k+VB1AQ//eh6R0z7rhnOiCMvIE+L9zwy2JMH9UJuJdU3qPr/JcVT5 + nMtxvUH4rikc2G9TDwBdkam1IZ9MprjTwKEGfQx9dmNS7LkoJX5aYDd2oeqrLZKJ + QireqUCHD9Gi11kvGfrNwH9dQdQTjNZhe08LQ/q8qki/4T5J97rMm20vvUoOph7N + EG9c4towS9Wr0PEl5BoYvTABQO/d3K9tfkbdfV995aUQ9vDca4EaVzd/gZG/9/Ts + oK+VCk5mjbKlzg2PF6vnOp4k/N+XVo3HIx+1Pf2ReIMDenKRP6Ibl3qTgyxZcRm1 + gDjJRP5GZtrweZaAXsUgmf///sLU1wxcuErRD2A9M9jYZeuhVGbyC+RLrBI20pZD + 8iO0uZAdjH1t+exEOWNYRIvIVmHMUPCUzc7Rrjwn9VRdARnfCCU3fCGMGStL0REA + yvHF1VcpnDpPe14s9CvrtxaUxvMY2B9qzxpve/Ic+JD9kygJkKUJPwUmlW2cp4xO + TWUl87y+PcEjw4HM2U+i9puFTYI7qNrbbXIwiuOVXPWCyCIokZTpXBB7IZ7YR3vR + 3269ObErR+l/MkuhGPHThyS0D9g7QhR36+8qMNobvQC1xO34UlkUFYAk6GV8itj7 + h5qRSmi8/HEjyzj8LMSn+x193RWvihlfDKDYcWKn9dMcIzEypfY7nYiFYzGIIF/S + WAHkVYuuOHZprfKuBOHubx8MohvxvKhzvlpJ8F6Kt/dqhy6dgI88DyVeodTGHTMQ + Upk466GZnvlqlZivuDxOHKAmDlmVTyRFdDGQ+JoGoJ6gFGz4lnsO+MY= + =nX7u + -----END PGP MESSAGE----- + fp: 819975cf4b52822fbdc0e966ff61829f24f95075 unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix index 5b11de4..558d57c 100644 --- a/nixos/alpha/configuration.nix +++ b/nixos/alpha/configuration.nix @@ -218,6 +218,10 @@ ]; }; + services.dbus.packages = with pkgs; [ + pass-secret-service + ]; + sops.defaultSopsFile = ./secrets/secrets.yaml; sops.secrets.root-password.neededForUsers = true; sops.secrets.sefidel-password.neededForUsers = true; -- cgit 1.4.1