oqyude/nixos
1
0
Fork 0
mirror of https://github.com/oqyude/nixos.git synced 2026-06-11 12:40:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

123

Browse Source
This commit is contained in:
Jor Oqyude
2025-10-10 00:12:13 +03:00
parent 9613c0aa7f
commit ea49a3f258
4 changed files with 30 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.sops.yaml
+2 -2
View File
@@ -1,7 +1,7 @@
keys: keys:
- &oqyude age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm - &default age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:
- *oqyude - *default
nixosModules/users.nix
+18 -29
View File
@@ -12,7 +12,8 @@
name = "${xlib.device.username}"; name = "${xlib.device.username}";
isNormalUser = true; isNormalUser = true;
description = "Jor Oqyude"; description = "Jor Oqyude";
initialPassword = "1234"; # initialPassword = "1234";
hashedPasswordFile = config.sops.secrets.hashed_password.path; # hashed_password
homeMode = "700"; homeMode = "700";
home = "/home/${config.users.users.main.name}"; home = "/home/${config.users.users.main.name}";
extraGroups = [ extraGroups = [
@@ -37,45 +38,33 @@
age = { age = {
sshKeyPaths = [ sshKeyPaths = [
"/etc/ssh/id_ed25519" "/etc/ssh/id_ed25519"
"${config.users.users.main.home}/.ssh/id_ed25519"
]; ];
# keyFile = "/var/lib/sops-nix/key.txt"; # keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true; # generateKey = true;
}; };
defaultSopsFile = ../secrets/default.yaml; # наш зашифрованный файл defaultSopsFile = ../secrets/default.yaml;
# Указываем секрет SSH-ключа:
secrets = { secrets = {
age_key = { hashed_password = {
key = "hashed_password";
format = "yaml"; format = "yaml";
sopsFile = ../secrets/age.yaml; };
key = "age_key"; age_key_private = {
format = "yaml";
key = "age_key_private";
path = "${config.users.users.main.home}/.config/sops/age/keys.txt"; path = "${config.users.users.main.home}/.config/sops/age/keys.txt";
owner = config.users.users.main.name; # владелец – наш пользователь owner = config.users.users.main.name;
group = config.users.users.main.group; # группа пользователя group = config.users.users.main.group;
mode = "0600"; mode = "0600";
}; };
age_key_root = { ssh_key_private = {
format = "yaml"; format = "yaml";
sopsFile = ../secrets/age.yaml; # sopsFile = ../secrets/default.yaml;
key = "age_key"; key = "ssh_key_private";
path = "/var/lib/sops-nix/key.txt";
owner = "root"; # владелец – наш пользователь
group = "root"; # группа пользователя
mode = "0600";
};
ssh_key = {
# формат секрета (YAML по умолчанию)
format = "yaml";
sopsFile = ../secrets/default.yaml;
# (имя ключа в YAML: "ssh_key", т.е. ключ из файла выше)
key = "ssh_key";
path = "${config.users.users.main.home}/.ssh/id_ed25519"; path = "${config.users.users.main.home}/.ssh/id_ed25519";
owner = config.users.users.main.name; # владелец – наш пользователь owner = config.users.users.main.name;
group = config.users.users.main.group; # группа пользователя group = config.users.users.main.group;
mode = "0600"; # права 600 mode = "0600";
}; };
}; };
}; };
secrets/age.yaml
-16
View File
@@ -1,16 +0,0 @@
age_key: ENC[AES256_GCM,data:zkeyDB6KWGatWCly5s6z17KtCN/w0h8zVnqUkz3JlXpwvDrOmD5acIX9qqTTkum/tt2EU8Aof0e2WWTvpS9q2ZTkkAQLgyJdr8Y=,iv:bitawysyfoODALSaxDPCGVdh3QhaAScArSNWp3KcSUg=,tag:ehLgaw7pglCfQ8cBAANtyA==,type:str]
sops:
age:
- recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOeDlqOGZtMVk5dmlRZ1Zl
L1A0NStjcUIwdi9SNHp6bVpCVWZ4T2lkUGdnCmdiS3J4WWRBVmhwQTAyYk41NXRX
U3IzOElUUG9xNmVEYUtWY3k3ejA2MGcKLS0tIHdreWRVYlI5YUE5a1FmQXB0VTVI
S2F2K1RZc1dLdGpxemNNbWpZc3B1aTAKZiyQrcZzzvBvupy1viYVhsWHP7KOs1+k
KYC/XDNU5unaYY5XVcm5UY7YBBkqPR4wtzL7HJX5pJ/Wv3y/RmM8Jw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-09T13:06:43Z"
mac: ENC[AES256_GCM,data:IoFqi6IpkJ1F1IjQoUH1vVChIfmflW8RMdXGstAvghaHr3/WyuzEj8oxKjCgf9rNeEVIJDEO98tPIZxBED7ke7l7AEG/NuoIZH86v5KCht0BSQArfCmI4BRYttvtp3plnZIUX+FcctUTPd3RqJ9japAFm8VJnGXD7eN+ib31Ma4=,iv:0bMATVRXSHVmyGR0MYstdZ1bkSIil/e18XL7Kj4xfJA=,tag:XqMzY/wdxAyzorjedgdaVw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
secrets/default.yaml
+10 -8
View File
@@ -1,16 +1,18 @@
ssh_key: ENC[AES256_GCM,data:2iywNSQqIUtl/LQQSGf96ctzMD9DqF8GT2M+cq5pI2IEuQnsGLdZF3l2ENYPgD2066+BxYHMcmCKE42t3BfLT6lTJJqm2xS5zWecqrkXXZKi6K+smeieNU/wGuYyEvkH6Jk4fWzNrwSxmucy6NzJxhsvrhfb7LBjJyvwuU9YLlo9xPvcfNoy/Y6MZZePXbDRT7HTWP1culIVNSvPyk7AiqMvBTQO1jgV8vupFADgKUJbmoYnwnOWMP9Mzr9/8XhxjLNzln6I0MpKC63dyxlWSI73xwllDpPw7MtDdsOreJtXX4CUgxvV4+nq9wxCOhV5BcI/vExy6bCB4EBTJPDh0czBxKPV9Q43blPbH64OWff+5WxaBBSaKN6RLCDnBZTsoMg2EijjzOdm+6DasFLnix/9QmfHd7JRJhaQ58DJSxhPqfBE9dkLFx4/aJQ7b3e3aI3R/GuLhdXAmB8cRKIoXEg6SFYxRHvGGo4yPtZxzIfRoU6k5OeVRq/4IuxOLy6kQBw2a/XZ167XbmzO9ef9,iv:fawmM6PQHsjG0M4odbxmHCtg2Qn1V2LL0osI7FqxN7M=,tag:NM58To7p0sFgkwRtrKstcA==,type:str] ssh_key_private: ENC[AES256_GCM,data:cyqjgPmj9rAR1n25ICRM8V+46rb9iZ3r15ujnrulh775MwjhDjKy1wPnDYlCl+YNIWxmsQnxmEYoRi3jHYOwaItQsH47D3velK9BVuBGo/srWsE1D7Sd8olAWFqeM5n1LLlLzm3zB9Jvl1rE1VhkaLj/q0arnTvTGMnkgmpCxTn0x6J9PydV4zNzNyVz2ejtnb2fnYm6fhfF5nCyKlwFQ5k922k5EOnnK57JF6zQEsLV83Rh0hu/vjbwPYeKjeLUsaFTIMtoCfuQg8p+1EEGTt4FUPsSaXaax/5WWtKccSl2Ky6QM+4kHocpEIxcLZlbWVfpY/sfisDBdxNEzq+EeXBc7I3oV8SsvZ7EraCjuDIY17DJjyTxgduZmorVHwQVwGqfTJcunAQ6NTX2FmCrGINPlduIXI5ENHO/ki+XweMugYYGCVxg/A/wBkWdqqGFMkxneXK9e9LNu66Cx3WIALWY0eZJQapo0AaxCb8IFPLtidyxhmBulR50T2SMQFchY0mtbVhUtnWXZmdffbX6,iv:irfuVOG/3kJto9Bfo9kfWuAiMnSDv2lEIgHgS74sNPI=,tag:WMz84t/fUyUokm5WYoNAOQ==,type:str]
age_key_private: ENC[AES256_GCM,data:x0B/ch6jnR91pUoh+l299zkLkon8EVdpv43Y9ZaO5UGtoHZTz4WNv+bFlx8JeKpIi225yafviEwDkjXSNVSOyEiKX96AMdITWEQ=,iv:/IPQF64nEXsR6WAFnKRVn9xNLJxnPFkl4zy3Y1SAbow=,tag:OOR+kdQcRIelf2u+MHRT+g==,type:str]
hashed_password: ENC[AES256_GCM,data:4XLEKKrBy6J+WVcOOgQLrxyPgkNuqd2QBpE2IZUSe9rxNL8E+hA39EDXzlR/p08VX83Y8SsCc9AP4Lc+E4461fCt7G5JDDVBdqWhWDhRxdiUfQMcjRbj5WoNBCuB85VixwIYNgR2drGvKA==,iv:BbSSWimBybfwc9ICXuQwPn6SENAqbwvW1zfFtcG/RJ8=,tag:bC2xPTVX/rYzAhRuoiKwbA==,type:str]
sops: sops:
age: age:
- recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCTk4xRjJ2UlgwWVFEb3Vq YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZkU4c1hVTDJFbDkwQlFO
QU92UTdhSHM4bzJRUCtnc3JMdCtHNGlLdDFzCnlSYXkvV1dRaVNtaDFOdzJuUEpB aXZqU1JGd2F1OTRESTB5SFhQZFRDc281ZFd3CmVCcVI0Q0hVOVlMYVpIbVEzc0F2
VjZRdU9jUURoWXltaWF4aTRQRFliTDQKLS0tIGFrNDJMV3ZGNmlHdW53OENsSXd6 Z3FlSURDNzc4M2k1eTRtZnpaUHBHajQKLS0tIDkzMVVqTVFpU3VJcWlDS1BMdVQ1
eU9oaUJid0wzR011UlpmSE5PV2N4TWcKBLTGq3uKMEKqkiuuILRlAZELTVvUVcTm bk9jY0J0dE9jd1gxRzhNUlNBaHc3QlkKFDdWVhqMUgRjndhph+UvkSPcvsP0Z92+
cIgBl8mDufx3f0YhOeq7FGOHiPA1cCfZ8JpQpayAEZDCm2regT2g4w== 5U9lYlHnWwTIUKnFM8pVxdrLDE7O8Q5qw/H33ECttyMD4NZIYjmmyA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-09T13:59:25Z" lastmodified: "2025-10-09T21:06:50Z"
mac: ENC[AES256_GCM,data:gCiw2r3dmNcs+zI9i/frIxOy1SnCqu0wW0Apoi4dHgwM6WbatHJYHZVRkyKALSmKrJpO6eVryn0jD4qkyb7D7Frj/C/JHbuW7ngyUlTSQ8p70Fo+AU+EQUAMlzuHx7O8AWsIu/sOHJGHyZVWRCf8FJODwNNFruvu+e85/jsC41M=,iv:qT4S/eueHT8ZgJRATP1VdV/bI422eiOrl3VtlZ1Kweo=,tag:xhG6o7Tpm3GTE2ZUFKu6dQ==,type:str] mac: ENC[AES256_GCM,data:sRMK7HtFr2tPXZd47h1sKyK3fPaoFzmAhS80RwqHSEfu+gg1Su1fIda+5stG27+WqvKE0+IqBSCotiJ02WaxYbxaf4OpoMHar/+DEteugotSL/fMnsphZHYPil+Gj4f+iubc0ynsuRv8ej2Xw5pBmAV4V4OGxeOuoahyb7va8Vo=,iv:Trggj7IZEGMOHArlBk92cUO8t77OfRx9EUy0gne4LaI=,tag:LZt2SLYaNDYZog+8e2oWCQ==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0