123

2026-06-10 20:20:41 +03:00 · 2025-10-09 17:00:15 +03:00
parent e86a055a1d
commit 92caad8ffc
3 changed files with 23 additions and 18 deletions
@@ -47,7 +47,10 @@ let
        useUserPackages = true;
        users."${xlib.device.username}" = homeModule;
        users.root = rootModule;
-        sharedModules = [ inputs.plasma-manager.homeModules.plasma-manager ];
+        sharedModules = [
+          inputs.plasma-manager.homeModules.plasma-manager
+          inputs.sops-nix.homeManagerModules.sops
+        ];
        extraSpecialArgs = { inherit inputs; };
      };
    };
@@ -35,11 +35,13 @@

  sops = {
    age = {
-      sshKeyPaths = [ "/etc/ssh/id_ed25519" "${config.users.users.main.home}/.ssh/id_ed25519" ];
+      sshKeyPaths = [
+        "/etc/ssh/id_ed25519"
+      ];
      keyFile = "/var/lib/sops-nix/key.txt";
-      generateKey = true;
+      generateKey = false;
    };
-    defaultSopsFile = ../secrets/default.yaml;      # наш зашифрованный файл
+    defaultSopsFile = ../secrets/default.yaml; # наш зашифрованный файл
    # Указываем секрет SSH-ключа:
    secrets = {
      age_key = {
@@ -50,9 +52,9 @@
        key = "age_key";

        path = "${config.users.users.main.home}/.config/sops/age/keys.txt";
-        owner = config.users.users.main.name;   # владелец – наш пользователь
-        group = config.users.users.main.group;  # группа пользователя
-        mode = "0600"; 
+        owner = config.users.users.main.name; # владелец – наш пользователь
+        group = config.users.users.main.group; # группа пользователя
+        mode = "0600";
      };
      ssh_key = {
        # формат секрета (YAML по умолчанию)
@@ -62,9 +64,9 @@
        key = "ssh_key";

        path = "${config.users.users.main.home}/.ssh/id_ed25519";
-        owner = config.users.users.main.name;   # владелец – наш пользователь
-        group = config.users.users.main.group;  # группа пользователя
-        mode = "0600";                           # права 600
+        owner = config.users.users.main.name; # владелец – наш пользователь
+        group = config.users.users.main.group; # группа пользователя
+        mode = "0600"; # права 600
      };
    };
  };
@@ -1,16 +1,16 @@
-ssh_key: ENC[AES256_GCM,data:xa1sTBAHSBhkZ4SxEIWJZ7trb4EbFIbQTiTiBU0ARg0Rptz0UipQBG3tM7hoML1VnZOS1Xe3N61pKmwhvgtfay+Xs7Fb9Mj3k9MIgo58UozgufzrG3w0gZq6hpXSDkd83H2iRcQnsXitYy+3Jl5/Dvr/ldVcSlrkX+qXb8VrrXf6buoCozTZL0UAKRKH3CHTgZZyltT5XdA24o6eCBqHZF+VA5VOS+S8ESkrdASFAtAokidLZFlXOKkNoxOG+eDJz5d6M02Vpk73g9ZBjdeBdrbDw8i11/opEENzEUTEg5I/uPj7JGbsiGjYNYNBFw2xoHYl2MbCLO+785k89HQep6xmPhSeL9KWriMPncJnYS9Z4puai/+4lGN8uXNjVN2aAG/0m7zbZxYS4kwdOK7JCTmxW1OnLB/ujTLW5lY0256YMSYaGdL/VNXEvm0ObIwzQ/OWzJk7aRjSsZbqjTQMP76weYukZNybMPuL6rz3CpGaIBPvSy5COe7dyYvLRWGq7p/rWcTn/SMFHi10Rt31,iv:R5brgW6svZtIttvzDZjqS7PdApXhJZZsi2ZBRcF1f8g=,tag:jSZ1uAFj/exFqF8WTvms3A==,type:str]
+ssh_key: ENC[AES256_GCM,data:2iywNSQqIUtl/LQQSGf96ctzMD9DqF8GT2M+cq5pI2IEuQnsGLdZF3l2ENYPgD2066+BxYHMcmCKE42t3BfLT6lTJJqm2xS5zWecqrkXXZKi6K+smeieNU/wGuYyEvkH6Jk4fWzNrwSxmucy6NzJxhsvrhfb7LBjJyvwuU9YLlo9xPvcfNoy/Y6MZZePXbDRT7HTWP1culIVNSvPyk7AiqMvBTQO1jgV8vupFADgKUJbmoYnwnOWMP9Mzr9/8XhxjLNzln6I0MpKC63dyxlWSI73xwllDpPw7MtDdsOreJtXX4CUgxvV4+nq9wxCOhV5BcI/vExy6bCB4EBTJPDh0czBxKPV9Q43blPbH64OWff+5WxaBBSaKN6RLCDnBZTsoMg2EijjzOdm+6DasFLnix/9QmfHd7JRJhaQ58DJSxhPqfBE9dkLFx4/aJQ7b3e3aI3R/GuLhdXAmB8cRKIoXEg6SFYxRHvGGo4yPtZxzIfRoU6k5OeVRq/4IuxOLy6kQBw2a/XZ167XbmzO9ef9,iv:fawmM6PQHsjG0M4odbxmHCtg2Qn1V2LL0osI7FqxN7M=,tag:NM58To7p0sFgkwRtrKstcA==,type:str]
 sops:
    age:
        - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2bU9xUDVRMEdCMUczZity
-            TS9SeFJzdWNRTkdTUk1LTWJZOUY1VW1iY204Ck52bWlaaG8wZTZaZnJ5WXFaRW56
-            dVhHRENVcW1BRDJaRzFiTmJDekdvSkEKLS0tIC9nVTQ4WEVTRk5iVjNRQ2lKRVNo
-            Y3ZpV3BuY1dyMzFEbU9kWjBzV3JJVkEKYRTSsHuOSMDleYst5loSPQpKY0ovf3l9
-            yadmT0jBd0TbUT4kZulgAdR96b/EdDVUCJNP6HrILpiai1KI8sjyjw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCTk4xRjJ2UlgwWVFEb3Vq
+            QU92UTdhSHM4bzJRUCtnc3JMdCtHNGlLdDFzCnlSYXkvV1dRaVNtaDFOdzJuUEpB
+            VjZRdU9jUURoWXltaWF4aTRQRFliTDQKLS0tIGFrNDJMV3ZGNmlHdW53OENsSXd6
+            eU9oaUJid0wzR011UlpmSE5PV2N4TWcKBLTGq3uKMEKqkiuuILRlAZELTVvUVcTm
+            cIgBl8mDufx3f0YhOeq7FGOHiPA1cCfZ8JpQpayAEZDCm2regT2g4w==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-09T12:35:23Z"
-    mac: ENC[AES256_GCM,data:H0LsP8DAHAcyV9EJTXf//luWUbJLtDoXNf/J/at/TKbTsPB6qFEIQQ7/eEwZJkQsld5r9A9gtZ/4hEUhW6jsDEQoN2JKLzU6hLizgMkgUgYmBwYQgin4QRRSeeYCUktVmbYyZMWzFNcBWjScr24zCBRfmExMSoKqf2tJvsZrQr4=,iv:CY9/xcR0jUgDpeoyo9KTroQwpMY/z0T2C2NTRaS8Dcg=,tag:qZ5sfNF59ubkhAwnyUbEKg==,type:str]
+    lastmodified: "2025-10-09T13:59:25Z"
+    mac: ENC[AES256_GCM,data:gCiw2r3dmNcs+zI9i/frIxOy1SnCqu0wW0Apoi4dHgwM6WbatHJYHZVRkyKALSmKrJpO6eVryn0jD4qkyb7D7Frj/C/JHbuW7ngyUlTSQ8p70Fo+AU+EQUAMlzuHx7O8AWsIu/sOHJGHyZVWRCf8FJODwNNFruvu+e85/jsC41M=,iv:qT4S/eueHT8ZgJRATP1VdV/bI422eiOrl3VtlZ1Kweo=,tag:xhG6o7Tpm3GTE2ZUFKu6dQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0