ellmau/nixos
1
0
Fork 0
mirror of https://github.com/ellmau/nixos.git synced 2025-12-19 09:29:36 +01:00
Code Issues Projects Releases Wiki Activity

Add nucturne keys to sops environment

Browse Source
This commit is contained in:
Stefan Ellmauthaler 2022-06-10 10:17:37 +02:00
parent a0f742dd37
commit 1b7e5a3f83
Signed by: ellmau
GPG Key ID: C804A9C1B7AF8256
3 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@ -1,9 +1,11 @@
keys:
- &stefan_ellmauthaler 3B398B086C410264A14FB353B1E6F03030A4AEAA
- &stel-xps e8dfcfbac0c3e65bbdfd62ab534ab685d882e4ca
- &nucturne 9b6a58764eddd81d07180d6dc08e322f7bfd92b1
creation_rules:
- path_regex: secrets/secrets\.yaml
key_groups:
- pgp:
- *stefan_ellmauthaler
- *stel-xps
- *nucturne

2
README.md
View File

@ -13,7 +13,7 @@
## nix-sops
* generate on your (sshd-enabled) machine a pgp key:
* `nix shell nixpkgs#ssh-to-pgp`
* `sudo ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key > /etc/nixos/secrets/hosts/<hostname>.asc`
* `sudo ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key > /etc/nixos/secrets/keys/hosts/<hostname>.asc`
* add the fingerprint of the new key to the `/etc/nixos/.sops.yaml` file
* Rekey the secrets with either
* a master key

28
secrets/keys/hosts/nucturne.asc Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBAAAAAABEADQdDDX8sxmtbOcTYmB5ctVP686TA8tdjtXH3jotgMEldkmZBEi
jYIgFxrj55uinUhxjsO+t9kIVCZQMt6Vu6PuZQ309as11RtMM6WowdmBAQaxyxOF
GdWUhbXTsfLGGYgrYrIrDif0U/Cb81U+Oy7uUVkrs6BIeLOsAR7Vap+O8fdC3nNd
bPH0ruE07S5ZxpDyqBjSc4AJFy0o04VE4n9jGH1Gg3/agal/RFAFMX2bO3jsGAdJ
W3k13mfUHoUpDLPDpMCkrv2zwOaT/i9HOoK6pfNI6ia7+bEgEXvC7GvX6CWmnNkx
W9S1XI64x8PRQNJa8WGIMkfa0b+pWRtbMwL5EquguSUjSNV6jdJgB2pZ/BQEwr5U
zJh+rLM9QDO5N8XUMCgG3sRqVUcRcCXRdFsTI501/HIukIH2usJ225j8FEqDMBPA
3sY5FMytbTd6B3/MU8RQRGGtzMTW7QSa2RAVAWo67KNbAidykStB2BEONfTjwLcS
jNiGR0vFSZBso18+BSephmW4Db9bZVMCIMLBKTmvt9KfbdjZR3+gyJLD0PNuIiXH
n7JOpDjGxoWKRLKhw0ThgeM+PhFjrnWt3ZRLwu+7bdrW7I+RVZtYEONvg+PjSNW8
i+R+9x4plMfLJ80EKynroul5y9etu9GklA6aaWvr2fkjcOkLdH5/1G7wSQARAQAB
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
AQgAFgUCAAAAAAkQwI4yL3v9krECGw8CGQEAAC1oEAAjfd65ObN1SRYispR1WuOc
JF2zvUxmZ3fU/L4VH+/cm1t2xMMD+MfDiSLPrcYAgzBu563oQaa6HKEWj6t+Kfw5
q/aFyt+ry7XP7wlWHM0R8ydbZkfVoJD+JDYLXFkeIK5S+tFbyUJfYIEd8hdKARwL
67C5evvb6VYHuPMP8w/RWCD5tvtgHJoRCdlnza4C5hbmiQxTRtb66oyfKjhsZkji
m3VtaA00y0lJ8rtJD6fsFD0KYcl4voXottn5VvbOhZZw/BsehSr9YfPaQWUUvkxo
VyUQbdSiltSc0VqDaB6v2zceoK3K5EDOhv/TxP9Q3l6oKWl2VGpPZbgcCmuqv00g
sssRh3uVbrdB7LhlhdOZmc40fQKIpfoDF6LuSsgfMUdGO5CS7E7HaKOeUbpY70Zk
hriBXfkpx7j7FHl+EU46N4ZvvQsnCwLyv7xvuAe/i2p15E2tWvHPvCCk1lpRXxSL
caQIImiXfbZGtCHt4jwn+BNZC4buy7t0IIuCZ8Bb4JCEVS1J5aNScQoODbE+RzsZ
ETqRQJxAS3Pu3yQDsm7dsq35qseZQVU6ChigL97yWIgH5SaNdhq+1ExIveKmu/0e
gcOmfadoNlCrT4RPEacG6xkZq69K17FirTWh/3QUOLfn/R3Zv7YXMqsJ2Jg9JuNo
BRtuXqcpUfc3rrMSvGDaSQ==
=ojin
-----END PGP PUBLIC KEY BLOCK-----