From 635c1d97a6ffb600296e5d3e939efa89625902d0 Mon Sep 17 00:00:00 2001 From: Guanran Wang Date: Sun, 17 Dec 2023 18:19:27 +0800 Subject: [PATCH] secrets: slight adjustment --- .sops.yaml | 17 ++++++++++------- .../guanranwang/nixos/profiles/core/default.nix | 2 +- users/guanranwang/{secrets => }/secrets.yaml | 0 3 files changed, 11 insertions(+), 8 deletions(-) rename users/guanranwang/{secrets => }/secrets.yaml (100%) diff --git a/.sops.yaml b/.sops.yaml index 31faff8..b0eef49 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,12 +1,15 @@ keys: + # Users + - &users: + - &guanranwang age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq - - &admin_guanranwang age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq - + # Hosts # nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' - - &server_81fw age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp + - &hosts: + - &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp creation_rules: - - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + - path_regex: users/guanranwang/secrets.yaml$ key_groups: - - age: - - *admin_guanranwang - - *server_81fw \ No newline at end of file + - age: + - *guanranwang + - *aristotle diff --git a/users/guanranwang/nixos/profiles/core/default.nix b/users/guanranwang/nixos/profiles/core/default.nix index fae2b51..ba4bd28 100644 --- a/users/guanranwang/nixos/profiles/core/default.nix +++ b/users/guanranwang/nixos/profiles/core/default.nix @@ -25,7 +25,7 @@ ### sops-nix sops = { - defaultSopsFile = ../../../secrets/secrets.yaml; + defaultSopsFile = ../../../secrets.yaml; age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; gnupg.sshKeyPaths = []; secrets = { diff --git a/users/guanranwang/secrets/secrets.yaml b/users/guanranwang/secrets.yaml similarity index 100% rename from users/guanranwang/secrets/secrets.yaml rename to users/guanranwang/secrets.yaml