secrets: slight adjustment
This commit is contained in:
parent
50f8612308
commit
635c1d97a6
3 changed files with 11 additions and 8 deletions
15
.sops.yaml
15
.sops.yaml
|
@ -1,12 +1,15 @@
|
||||||
keys:
|
keys:
|
||||||
|
# Users
|
||||||
|
- &users:
|
||||||
|
- &guanranwang age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||||
|
|
||||||
- &admin_guanranwang age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
# Hosts
|
||||||
|
|
||||||
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
||||||
- &server_81fw age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
- &hosts:
|
||||||
|
- &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
- path_regex: users/guanranwang/secrets.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *admin_guanranwang
|
- *guanranwang
|
||||||
- *server_81fw
|
- *aristotle
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
|
|
||||||
### sops-nix
|
### sops-nix
|
||||||
sops = {
|
sops = {
|
||||||
defaultSopsFile = ../../../secrets/secrets.yaml;
|
defaultSopsFile = ../../../secrets.yaml;
|
||||||
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
||||||
gnupg.sshKeyPaths = [];
|
gnupg.sshKeyPaths = [];
|
||||||
secrets = {
|
secrets = {
|
||||||
|
|
Loading…
Reference in a new issue