mirror of
https://github.com/oqyude/nixos.git
synced 2026-06-11 04:30:41 +03:00
123
This commit is contained in:
+2
-2
@@ -1,7 +1,7 @@
|
||||
keys:
|
||||
- &oqyude age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
|
||||
- &default age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- age:
|
||||
- *oqyude
|
||||
- *default
|
||||
+18
-29
@@ -12,7 +12,8 @@
|
||||
name = "${xlib.device.username}";
|
||||
isNormalUser = true;
|
||||
description = "Jor Oqyude";
|
||||
initialPassword = "1234";
|
||||
# initialPassword = "1234";
|
||||
hashedPasswordFile = config.sops.secrets.hashed_password.path; # hashed_password
|
||||
homeMode = "700";
|
||||
home = "/home/${config.users.users.main.name}";
|
||||
extraGroups = [
|
||||
@@ -37,45 +38,33 @@
|
||||
age = {
|
||||
sshKeyPaths = [
|
||||
"/etc/ssh/id_ed25519"
|
||||
"${config.users.users.main.home}/.ssh/id_ed25519"
|
||||
];
|
||||
# keyFile = "/var/lib/sops-nix/key.txt";
|
||||
generateKey = true;
|
||||
# generateKey = true;
|
||||
};
|
||||
defaultSopsFile = ../secrets/default.yaml; # наш зашифрованный файл
|
||||
# Указываем секрет SSH-ключа:
|
||||
defaultSopsFile = ../secrets/default.yaml;
|
||||
secrets = {
|
||||
age_key = {
|
||||
hashed_password = {
|
||||
key = "hashed_password";
|
||||
format = "yaml";
|
||||
sopsFile = ../secrets/age.yaml;
|
||||
key = "age_key";
|
||||
|
||||
};
|
||||
age_key_private = {
|
||||
format = "yaml";
|
||||
key = "age_key_private";
|
||||
path = "${config.users.users.main.home}/.config/sops/age/keys.txt";
|
||||
owner = config.users.users.main.name; # владелец – наш пользователь
|
||||
group = config.users.users.main.group; # группа пользователя
|
||||
owner = config.users.users.main.name;
|
||||
group = config.users.users.main.group;
|
||||
mode = "0600";
|
||||
};
|
||||
age_key_root = {
|
||||
ssh_key_private = {
|
||||
format = "yaml";
|
||||
sopsFile = ../secrets/age.yaml;
|
||||
key = "age_key";
|
||||
|
||||
path = "/var/lib/sops-nix/key.txt";
|
||||
owner = "root"; # владелец – наш пользователь
|
||||
group = "root"; # группа пользователя
|
||||
mode = "0600";
|
||||
};
|
||||
ssh_key = {
|
||||
# формат секрета (YAML по умолчанию)
|
||||
format = "yaml";
|
||||
sopsFile = ../secrets/default.yaml;
|
||||
# (имя ключа в YAML: "ssh_key", т.е. ключ из файла выше)
|
||||
key = "ssh_key";
|
||||
# sopsFile = ../secrets/default.yaml;
|
||||
key = "ssh_key_private";
|
||||
|
||||
path = "${config.users.users.main.home}/.ssh/id_ed25519";
|
||||
owner = config.users.users.main.name; # владелец – наш пользователь
|
||||
group = config.users.users.main.group; # группа пользователя
|
||||
mode = "0600"; # права 600
|
||||
owner = config.users.users.main.name;
|
||||
group = config.users.users.main.group;
|
||||
mode = "0600";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -1,16 +0,0 @@
|
||||
age_key: ENC[AES256_GCM,data:zkeyDB6KWGatWCly5s6z17KtCN/w0h8zVnqUkz3JlXpwvDrOmD5acIX9qqTTkum/tt2EU8Aof0e2WWTvpS9q2ZTkkAQLgyJdr8Y=,iv:bitawysyfoODALSaxDPCGVdh3QhaAScArSNWp3KcSUg=,tag:ehLgaw7pglCfQ8cBAANtyA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOeDlqOGZtMVk5dmlRZ1Zl
|
||||
L1A0NStjcUIwdi9SNHp6bVpCVWZ4T2lkUGdnCmdiS3J4WWRBVmhwQTAyYk41NXRX
|
||||
U3IzOElUUG9xNmVEYUtWY3k3ejA2MGcKLS0tIHdreWRVYlI5YUE5a1FmQXB0VTVI
|
||||
S2F2K1RZc1dLdGpxemNNbWpZc3B1aTAKZiyQrcZzzvBvupy1viYVhsWHP7KOs1+k
|
||||
KYC/XDNU5unaYY5XVcm5UY7YBBkqPR4wtzL7HJX5pJ/Wv3y/RmM8Jw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-10-09T13:06:43Z"
|
||||
mac: ENC[AES256_GCM,data:IoFqi6IpkJ1F1IjQoUH1vVChIfmflW8RMdXGstAvghaHr3/WyuzEj8oxKjCgf9rNeEVIJDEO98tPIZxBED7ke7l7AEG/NuoIZH86v5KCht0BSQArfCmI4BRYttvtp3plnZIUX+FcctUTPd3RqJ9japAFm8VJnGXD7eN+ib31Ma4=,iv:0bMATVRXSHVmyGR0MYstdZ1bkSIil/e18XL7Kj4xfJA=,tag:XqMzY/wdxAyzorjedgdaVw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
+10
-8
@@ -1,16 +1,18 @@
|
||||
ssh_key: ENC[AES256_GCM,data:2iywNSQqIUtl/LQQSGf96ctzMD9DqF8GT2M+cq5pI2IEuQnsGLdZF3l2ENYPgD2066+BxYHMcmCKE42t3BfLT6lTJJqm2xS5zWecqrkXXZKi6K+smeieNU/wGuYyEvkH6Jk4fWzNrwSxmucy6NzJxhsvrhfb7LBjJyvwuU9YLlo9xPvcfNoy/Y6MZZePXbDRT7HTWP1culIVNSvPyk7AiqMvBTQO1jgV8vupFADgKUJbmoYnwnOWMP9Mzr9/8XhxjLNzln6I0MpKC63dyxlWSI73xwllDpPw7MtDdsOreJtXX4CUgxvV4+nq9wxCOhV5BcI/vExy6bCB4EBTJPDh0czBxKPV9Q43blPbH64OWff+5WxaBBSaKN6RLCDnBZTsoMg2EijjzOdm+6DasFLnix/9QmfHd7JRJhaQ58DJSxhPqfBE9dkLFx4/aJQ7b3e3aI3R/GuLhdXAmB8cRKIoXEg6SFYxRHvGGo4yPtZxzIfRoU6k5OeVRq/4IuxOLy6kQBw2a/XZ167XbmzO9ef9,iv:fawmM6PQHsjG0M4odbxmHCtg2Qn1V2LL0osI7FqxN7M=,tag:NM58To7p0sFgkwRtrKstcA==,type:str]
|
||||
ssh_key_private: ENC[AES256_GCM,data:cyqjgPmj9rAR1n25ICRM8V+46rb9iZ3r15ujnrulh775MwjhDjKy1wPnDYlCl+YNIWxmsQnxmEYoRi3jHYOwaItQsH47D3velK9BVuBGo/srWsE1D7Sd8olAWFqeM5n1LLlLzm3zB9Jvl1rE1VhkaLj/q0arnTvTGMnkgmpCxTn0x6J9PydV4zNzNyVz2ejtnb2fnYm6fhfF5nCyKlwFQ5k922k5EOnnK57JF6zQEsLV83Rh0hu/vjbwPYeKjeLUsaFTIMtoCfuQg8p+1EEGTt4FUPsSaXaax/5WWtKccSl2Ky6QM+4kHocpEIxcLZlbWVfpY/sfisDBdxNEzq+EeXBc7I3oV8SsvZ7EraCjuDIY17DJjyTxgduZmorVHwQVwGqfTJcunAQ6NTX2FmCrGINPlduIXI5ENHO/ki+XweMugYYGCVxg/A/wBkWdqqGFMkxneXK9e9LNu66Cx3WIALWY0eZJQapo0AaxCb8IFPLtidyxhmBulR50T2SMQFchY0mtbVhUtnWXZmdffbX6,iv:irfuVOG/3kJto9Bfo9kfWuAiMnSDv2lEIgHgS74sNPI=,tag:WMz84t/fUyUokm5WYoNAOQ==,type:str]
|
||||
age_key_private: ENC[AES256_GCM,data:x0B/ch6jnR91pUoh+l299zkLkon8EVdpv43Y9ZaO5UGtoHZTz4WNv+bFlx8JeKpIi225yafviEwDkjXSNVSOyEiKX96AMdITWEQ=,iv:/IPQF64nEXsR6WAFnKRVn9xNLJxnPFkl4zy3Y1SAbow=,tag:OOR+kdQcRIelf2u+MHRT+g==,type:str]
|
||||
hashed_password: ENC[AES256_GCM,data:4XLEKKrBy6J+WVcOOgQLrxyPgkNuqd2QBpE2IZUSe9rxNL8E+hA39EDXzlR/p08VX83Y8SsCc9AP4Lc+E4461fCt7G5JDDVBdqWhWDhRxdiUfQMcjRbj5WoNBCuB85VixwIYNgR2drGvKA==,iv:BbSSWimBybfwc9ICXuQwPn6SENAqbwvW1zfFtcG/RJ8=,tag:bC2xPTVX/rYzAhRuoiKwbA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCTk4xRjJ2UlgwWVFEb3Vq
|
||||
QU92UTdhSHM4bzJRUCtnc3JMdCtHNGlLdDFzCnlSYXkvV1dRaVNtaDFOdzJuUEpB
|
||||
VjZRdU9jUURoWXltaWF4aTRQRFliTDQKLS0tIGFrNDJMV3ZGNmlHdW53OENsSXd6
|
||||
eU9oaUJid0wzR011UlpmSE5PV2N4TWcKBLTGq3uKMEKqkiuuILRlAZELTVvUVcTm
|
||||
cIgBl8mDufx3f0YhOeq7FGOHiPA1cCfZ8JpQpayAEZDCm2regT2g4w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZkU4c1hVTDJFbDkwQlFO
|
||||
aXZqU1JGd2F1OTRESTB5SFhQZFRDc281ZFd3CmVCcVI0Q0hVOVlMYVpIbVEzc0F2
|
||||
Z3FlSURDNzc4M2k1eTRtZnpaUHBHajQKLS0tIDkzMVVqTVFpU3VJcWlDS1BMdVQ1
|
||||
bk9jY0J0dE9jd1gxRzhNUlNBaHc3QlkKFDdWVhqMUgRjndhph+UvkSPcvsP0Z92+
|
||||
5U9lYlHnWwTIUKnFM8pVxdrLDE7O8Q5qw/H33ECttyMD4NZIYjmmyA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-10-09T13:59:25Z"
|
||||
mac: ENC[AES256_GCM,data:gCiw2r3dmNcs+zI9i/frIxOy1SnCqu0wW0Apoi4dHgwM6WbatHJYHZVRkyKALSmKrJpO6eVryn0jD4qkyb7D7Frj/C/JHbuW7ngyUlTSQ8p70Fo+AU+EQUAMlzuHx7O8AWsIu/sOHJGHyZVWRCf8FJODwNNFruvu+e85/jsC41M=,iv:qT4S/eueHT8ZgJRATP1VdV/bI422eiOrl3VtlZ1Kweo=,tag:xhG6o7Tpm3GTE2ZUFKu6dQ==,type:str]
|
||||
lastmodified: "2025-10-09T21:06:50Z"
|
||||
mac: ENC[AES256_GCM,data:sRMK7HtFr2tPXZd47h1sKyK3fPaoFzmAhS80RwqHSEfu+gg1Su1fIda+5stG27+WqvKE0+IqBSCotiJ02WaxYbxaf4OpoMHar/+DEteugotSL/fMnsphZHYPil+Gj4f+iubc0ynsuRv8ej2Xw5pBmAV4V4OGxeOuoahyb7va8Vo=,iv:Trggj7IZEGMOHArlBk92cUO8t77OfRx9EUy0gne4LaI=,tag:LZt2SLYaNDYZog+8e2oWCQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
|
||||
Reference in New Issue
Block a user