diff --git a/.sops.yaml b/.sops.yaml index cc7b9aa..fe724a7 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,9 +1,11 @@ keys: - &stefan_ellmauthaler 3B398B086C410264A14FB353B1E6F03030A4AEAA - &stel-xps e8dfcfbac0c3e65bbdfd62ab534ab685d882e4ca + - &nucturne 9b6a58764eddd81d07180d6dc08e322f7bfd92b1 creation_rules: - path_regex: secrets/secrets\.yaml key_groups: - pgp: - *stefan_ellmauthaler - *stel-xps + - *nucturne diff --git a/README.md b/README.md index 7e4f5c4..f2ce42f 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ ## nix-sops * generate on your (sshd-enabled) machine a pgp key: * `nix shell nixpkgs#ssh-to-pgp` - * `sudo ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key > /etc/nixos/secrets/hosts/.asc` + * `sudo ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key > /etc/nixos/secrets/keys/hosts/.asc` * add the fingerprint of the new key to the `/etc/nixos/.sops.yaml` file * Rekey the secrets with either * a master key diff --git a/secrets/keys/hosts/nucturne.asc b/secrets/keys/hosts/nucturne.asc new file mode 100644 index 0000000..a2dd074 --- /dev/null +++ b/secrets/keys/hosts/nucturne.asc @@ -0,0 +1,28 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsFNBAAAAAABEADQdDDX8sxmtbOcTYmB5ctVP686TA8tdjtXH3jotgMEldkmZBEi +jYIgFxrj55uinUhxjsO+t9kIVCZQMt6Vu6PuZQ309as11RtMM6WowdmBAQaxyxOF +GdWUhbXTsfLGGYgrYrIrDif0U/Cb81U+Oy7uUVkrs6BIeLOsAR7Vap+O8fdC3nNd +bPH0ruE07S5ZxpDyqBjSc4AJFy0o04VE4n9jGH1Gg3/agal/RFAFMX2bO3jsGAdJ +W3k13mfUHoUpDLPDpMCkrv2zwOaT/i9HOoK6pfNI6ia7+bEgEXvC7GvX6CWmnNkx +W9S1XI64x8PRQNJa8WGIMkfa0b+pWRtbMwL5EquguSUjSNV6jdJgB2pZ/BQEwr5U +zJh+rLM9QDO5N8XUMCgG3sRqVUcRcCXRdFsTI501/HIukIH2usJ225j8FEqDMBPA +3sY5FMytbTd6B3/MU8RQRGGtzMTW7QSa2RAVAWo67KNbAidykStB2BEONfTjwLcS +jNiGR0vFSZBso18+BSephmW4Db9bZVMCIMLBKTmvt9KfbdjZR3+gyJLD0PNuIiXH +n7JOpDjGxoWKRLKhw0ThgeM+PhFjrnWt3ZRLwu+7bdrW7I+RVZtYEONvg+PjSNW8 +i+R+9x4plMfLJ80EKynroul5y9etu9GklA6aaWvr2fkjcOkLdH5/1G7wSQARAQAB +zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT +AQgAFgUCAAAAAAkQwI4yL3v9krECGw8CGQEAAC1oEAAjfd65ObN1SRYispR1WuOc +JF2zvUxmZ3fU/L4VH+/cm1t2xMMD+MfDiSLPrcYAgzBu563oQaa6HKEWj6t+Kfw5 +q/aFyt+ry7XP7wlWHM0R8ydbZkfVoJD+JDYLXFkeIK5S+tFbyUJfYIEd8hdKARwL +67C5evvb6VYHuPMP8w/RWCD5tvtgHJoRCdlnza4C5hbmiQxTRtb66oyfKjhsZkji +m3VtaA00y0lJ8rtJD6fsFD0KYcl4voXottn5VvbOhZZw/BsehSr9YfPaQWUUvkxo +VyUQbdSiltSc0VqDaB6v2zceoK3K5EDOhv/TxP9Q3l6oKWl2VGpPZbgcCmuqv00g +sssRh3uVbrdB7LhlhdOZmc40fQKIpfoDF6LuSsgfMUdGO5CS7E7HaKOeUbpY70Zk +hriBXfkpx7j7FHl+EU46N4ZvvQsnCwLyv7xvuAe/i2p15E2tWvHPvCCk1lpRXxSL +caQIImiXfbZGtCHt4jwn+BNZC4buy7t0IIuCZ8Bb4JCEVS1J5aNScQoODbE+RzsZ +ETqRQJxAS3Pu3yQDsm7dsq35qseZQVU6ChigL97yWIgH5SaNdhq+1ExIveKmu/0e +gcOmfadoNlCrT4RPEacG6xkZq69K17FirTWh/3QUOLfn/R3Zv7YXMqsJ2Jg9JuNo +BRtuXqcpUfc3rrMSvGDaSQ== +=ojin +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file