mirror of
https://gitlab.com/upRootNutrition/dotfiles.git
synced 2025-12-06 21:17:14 -06:00
chore: refactored sops secrets
This commit is contained in:
Nick
parent
60c469ee7f
commit
9df4b8c8a0
13 changed files with 47 additions and 42 deletions
|
|
@ -31,7 +31,7 @@ in
|
||||||
NIXPKGS_ALLOW_INSECURE = "1";
|
NIXPKGS_ALLOW_INSECURE = "1";
|
||||||
NIXPKGS_ALLOW_UNFREE = "1";
|
NIXPKGS_ALLOW_UNFREE = "1";
|
||||||
GTK_THEME = "catppuccin-macchiato-mauve-compact";
|
GTK_THEME = "catppuccin-macchiato-mauve-compact";
|
||||||
# ANTHROPIC_API_KEY = config.sops.secrets.claude-api-key.path;
|
# ANTHROPIC_API_KEY = config.sops.secrets."claude/key".path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,13 +6,13 @@ in
|
||||||
networking.wireless = {
|
networking.wireless = {
|
||||||
networks = {
|
networks = {
|
||||||
"TheWeeFeez!" = {
|
"TheWeeFeez!" = {
|
||||||
psk = config.sops.secrets."wifi-home".path;
|
psk = config.sops.secrets."wifi/home".path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
sops = {
|
sops = {
|
||||||
secrets = {
|
secrets = {
|
||||||
"wifi-home" = {
|
"wifi/home" = {
|
||||||
path = "/var/lib/secrets/wifi-home-pass";
|
path = "/var/lib/secrets/wifi-home-pass";
|
||||||
owner = user0;
|
owner = user0;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ in
|
||||||
host = ceres.wireguard.ip0;
|
host = ceres.wireguard.ip0;
|
||||||
port = configHelpers.service.ports.port0;
|
port = configHelpers.service.ports.port0;
|
||||||
# auth = {
|
# auth = {
|
||||||
# secret-key = config.sops.secrets."${service.name}-key".path;
|
# secret-key = config.sops.secrets."${service.name}/key".path;
|
||||||
# users.${user0}.password = config.sops.secrets."${service.name}-${user0}-pass".path;
|
# users.${user0}.password = config.sops.secrets."${service.name}-${user0}-pass".path;
|
||||||
# };
|
# };
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -61,7 +61,7 @@ in
|
||||||
secrets = builtins.listToAttrs (
|
secrets = builtins.listToAttrs (
|
||||||
map
|
map
|
||||||
(secret: {
|
(secret: {
|
||||||
name = "${configHelpers.service.name}-${secret}";
|
name = "${configHelpers.service.name}/${secret}";
|
||||||
value = sopsPath secret;
|
value = sopsPath secret;
|
||||||
})
|
})
|
||||||
[
|
[
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ in
|
||||||
listenWeb = caddy.ports.port1;
|
listenWeb = caddy.ports.port1;
|
||||||
listenHttp = service.ports.port0;
|
listenHttp = service.ports.port0;
|
||||||
localDomain = host;
|
localDomain = host;
|
||||||
serviceEnvironmentFile = config.sops.secrets."${service.name}-root".path;
|
serviceEnvironmentFile = config.sops.secrets."${service.name}/root".path;
|
||||||
user = service.name;
|
user = service.name;
|
||||||
plugins = {
|
plugins = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -43,7 +43,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
secrets = {
|
secrets = {
|
||||||
secretsFile = config.sops.secrets."${service.name}-secret".path;
|
secretsFile = config.sops.secrets."${service.name}/secret".path;
|
||||||
};
|
};
|
||||||
settings = {
|
settings = {
|
||||||
instance = {
|
instance = {
|
||||||
|
|
@ -64,16 +64,16 @@ in
|
||||||
};
|
};
|
||||||
database = {
|
database = {
|
||||||
createLocally = true;
|
createLocally = true;
|
||||||
passwordFile = config.sops.secrets."${service.name}-database".path;
|
passwordFile = config.sops.secrets."${service.name}/database".path;
|
||||||
};
|
};
|
||||||
redis = {
|
redis = {
|
||||||
enableUnixSocket = true;
|
enableUnixSocket = true;
|
||||||
createLocally = true;
|
createLocally = true;
|
||||||
passwordFile = config.sops.secrets."${service.name}-redis".path;
|
passwordFile = config.sops.secrets."${service.name}/redis".path;
|
||||||
};
|
};
|
||||||
smtp = {
|
smtp = {
|
||||||
createLocally = true;
|
createLocally = true;
|
||||||
passwordFile = config.sops.secrets."${service.name}-smtp".path;
|
passwordFile = config.sops.secrets."${service.name}/smtp".path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -94,7 +94,7 @@ in
|
||||||
sops =
|
sops =
|
||||||
let
|
let
|
||||||
sopsPath = secret: {
|
sopsPath = secret: {
|
||||||
path = "${service.sops.path0}/${service.name}-${secret}-pass";
|
path = "${service.sops.path0}/${service.name}/${secret}";
|
||||||
owner = service.name;
|
owner = service.name;
|
||||||
mode = "600";
|
mode = "600";
|
||||||
};
|
};
|
||||||
|
|
@ -103,7 +103,7 @@ in
|
||||||
secrets = builtins.listToAttrs (
|
secrets = builtins.listToAttrs (
|
||||||
map
|
map
|
||||||
(secret: {
|
(secret: {
|
||||||
name = "${service.name}-${secret}";
|
name = "${service.name}/${secret}";
|
||||||
value = sopsPath secret;
|
value = sopsPath secret;
|
||||||
})
|
})
|
||||||
[
|
[
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
flake,
|
flake,
|
||||||
pkgs,
|
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ in
|
||||||
port = configHelpers.service.ports.port0;
|
port = configHelpers.service.ports.port0;
|
||||||
bind_address =
|
bind_address =
|
||||||
if configHelpers.hostname == ceres.name then ceres.wireguard.ip0 else configHelpers.localhost;
|
if configHelpers.hostname == ceres.name then ceres.wireguard.ip0 else configHelpers.localhost;
|
||||||
secret_key = config.sops.secrets.searx-key.path;
|
secret_key = config.sops.secrets."searx/key".path;
|
||||||
limiter = false;
|
limiter = false;
|
||||||
public_instance = false;
|
public_instance = false;
|
||||||
image_proxy = true;
|
image_proxy = true;
|
||||||
|
|
|
||||||
|
|
@ -82,7 +82,7 @@ in
|
||||||
secrets = builtins.listToAttrs (
|
secrets = builtins.listToAttrs (
|
||||||
map
|
map
|
||||||
(secret: {
|
(secret: {
|
||||||
name = "${configHelpers.service.name}-${secret}";
|
name = "${configHelpers.service.name}/${secret}";
|
||||||
value = sopsPath secret;
|
value = sopsPath secret;
|
||||||
})
|
})
|
||||||
[
|
[
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ in
|
||||||
{
|
{
|
||||||
|
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
"password-user0" = {
|
"passwords/user0" = {
|
||||||
neededForUsers = true;
|
neededForUsers = true;
|
||||||
sopsFile = ../../secrets/secrets.yaml;
|
sopsFile = ../../secrets/secrets.yaml;
|
||||||
};
|
};
|
||||||
|
|
@ -25,14 +25,14 @@ in
|
||||||
users = {
|
users = {
|
||||||
users = {
|
users = {
|
||||||
"root" = {
|
"root" = {
|
||||||
hashedPasswordFile = config.sops.secrets."password-user0".path;
|
hashedPasswordFile = config.sops.secrets."passwords/user0".path;
|
||||||
};
|
};
|
||||||
${user0} = {
|
${user0} = {
|
||||||
description = name;
|
description = name;
|
||||||
name = user0;
|
name = user0;
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
shell = pkgs.nushell;
|
shell = pkgs.nushell;
|
||||||
hashedPasswordFile = config.sops.secrets."password-user0".path;
|
hashedPasswordFile = config.sops.secrets."passwords/user0".path;
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
"adbusers"
|
"adbusers"
|
||||||
"caddy"
|
"caddy"
|
||||||
|
|
|
||||||
|
|
@ -31,23 +31,28 @@ vaultwarden:
|
||||||
dns:
|
dns:
|
||||||
namecheap: ENC[AES256_GCM,data:Afxyf4cHvdnPIXYoPN3viBOzzqUOeRs3YjQ5ugerlnL9H4iSf/iAsxyzHYysOgZ/9xc0OWt6G6A7cEZHW4i82MX1+mLbvWN5ir1iHL73RtesC14=,iv:3XMTQ4TNL7iXPYFLSa+BapSgqILYuM6ZaQLMQZSJ2pc=,tag:PO69wRhCoey+CwPgnOOR6A==,type:str]
|
namecheap: ENC[AES256_GCM,data:Afxyf4cHvdnPIXYoPN3viBOzzqUOeRs3YjQ5ugerlnL9H4iSf/iAsxyzHYysOgZ/9xc0OWt6G6A7cEZHW4i82MX1+mLbvWN5ir1iHL73RtesC14=,iv:3XMTQ4TNL7iXPYFLSa+BapSgqILYuM6ZaQLMQZSJ2pc=,tag:PO69wRhCoey+CwPgnOOR6A==,type:str]
|
||||||
cloudflare: ENC[AES256_GCM,data:H0ODjZvDZpaicYwM1qX1V05iaiCsJMUo5aIZYVzQ2bGvsVA+nQYKy7i1qCNbG796WmBOvUJOo1XJHsceTyfGB7rQpgs103RA0CXmc9WfvU74tsER+sVbnCxsGrG1kvyZvD80ACsx53s6j9nXkZO2m7uZgdM8LbEEaj/CVOMDg39YWWKwug==,iv:EALcT+2ES7q/4zEwUXDsyrDzSZnUCsYtYZLIU3xNJQs=,tag:RTyPzUpMcrQtDT4UKn4SNw==,type:str]
|
cloudflare: ENC[AES256_GCM,data:H0ODjZvDZpaicYwM1qX1V05iaiCsJMUo5aIZYVzQ2bGvsVA+nQYKy7i1qCNbG796WmBOvUJOo1XJHsceTyfGB7rQpgs103RA0CXmc9WfvU74tsER+sVbnCxsGrG1kvyZvD80ACsx53s6j9nXkZO2m7uZgdM8LbEEaj/CVOMDg39YWWKwug==,iv:EALcT+2ES7q/4zEwUXDsyrDzSZnUCsYtYZLIU3xNJQs=,tag:RTyPzUpMcrQtDT4UKn4SNw==,type:str]
|
||||||
claude-api-key: ENC[AES256_GCM,data:QzGJPBnqx4PrDjNvGeyjl0B/W9pkBS4YWK/lrDK4sx0/eBbwMk2qvi03wOhVfvz71UVRpDIZ0F3eVtB8h8Nr94Ha/8IlFQtKxrh60XIzUs/GLB2jKZursZny8IjqZMrt9YHFOphqAWawB33g,iv:XKPqQ0sGukhy0bPXATYwjJMAfSkXdeanc4kULb5TWmA=,tag:vmH+pzU5qoOF5W0fhVfhDA==,type:str]
|
claude:
|
||||||
searx-key: ENC[AES256_GCM,data:kzKWa4xCKDEWocyMmK8FWyAqHM7BuJ1f63XFfO8Dtig=,iv:Vs27/ri4nBzJ/A0LnxsCZD/kYraFZ6tD63VhUqYFwx8=,tag:8gx+j7RenuRzjj0AY5v8uQ==,type:str]
|
key: ENC[AES256_GCM,data:2uIoCdnTCbo58ZSVaQMmDMUen6IBBCXpglg0cfoW40DNP5Wa5luJVn+QrlPfiYMJm6vESfOuKr3XnP0pxR7mGN8z9EGwp4A88YnzQohNL8YUZDhIt8/lrAWEGpyXGvv8FbUssd/BR0sI6u/uRA==,iv:VqORBkpztn25D9AY9H8keTaviiqXND/cK9bRfmtG7uQ=,tag:1lnZqfXY+ZkTeKeZdMlr2g==,type:str]
|
||||||
wireguard-private: ENC[AES256_GCM,data:JjkTL+ZiU90Rxq1Ut/0TuLLYINAVjOfjHEC8PvUQJLBCORoimUObKT5Q+XI=,iv:XFuc4SlgiVK0kp+QH/jXKyOrRpjSto+ilnkIxRXzWhQ=,tag:+DpxdNJQQWdbs39yCLFgVQ==,type:str]
|
searx:
|
||||||
wireguard-public: ENC[AES256_GCM,data:X2UEVJmLu24w5imKJ6z68wmp4hMdG5ugD59xa9m+xNFTVgOzzhE+0fLN7Rs=,iv:IzW5NkUE6MHpb6Vi2nzCmR9OfB6Ftca5M3xWWhNeZSU=,tag:I2OJPLDC/8YZTjchsIWAwg==,type:str]
|
key: ENC[AES256_GCM,data:GBdZXEKa9/CQt6GfOjzujj0weJ1N6DrxPPxlUzcRhEPw,iv:WGgIlLIZefJ8YWuf8oBdR1f2Z7s7qVKxGwuSa9ll6wo=,tag:ek/BpRvnGohEYGiaQfmxZg==,type:str]
|
||||||
wireguard-phone-private: ENC[AES256_GCM,data:hm6KoNseaalt+/SYCkCW0w4sRzzpNNMjhdaxUG2KryNGgKU3HO4yig7JxuE=,iv:WHDqJFJrNTWdq46VDj8Zf6zCgi6rXwSJvnkY2cyPv4o=,tag:BSzN6WyIJM558EW3q9LicQ==,type:str]
|
wireguard:
|
||||||
wireguard-phone-public: ENC[AES256_GCM,data:gGMAIg3T6dOmo1z2c6oZ8Sgnylp0wjpADRWRyBCAEhmlJp1PVj+d478TO08=,iv:A4DV7zPKXwVF2nyFySyrmfdExoo3LrbiYt6PYa4/WcQ=,tag:wY4fYv1wXE0tYonrLoHpGQ==,type:str]
|
private: ENC[AES256_GCM,data:WvtevXxIXSo7RgRmjPGRTcPaqxITb05HUqBWi6L2OTi0WoaYBBfDwvxXj68E,iv:x/K+vRnh3D2ZXoBEq04shP/7G90WpSSIfzPKO/ovClg=,tag:J3X9/SAlxjBBP1UJOh2z4Q==,type:str]
|
||||||
wireguard-mars-private: ENC[AES256_GCM,data:pUkR29PgGhHeR3d6fFJDs0bwASaC/RqUTsJe+vYs+P2skIGivkRzhi3LRBE=,iv:JK7O28r73V3NiVGikMIZunJtrdtp4jOGPi2quLYSkWY=,tag:nSHqfnZhiLrm7JuZuJtc7Q==,type:str]
|
public: ENC[AES256_GCM,data:jv9+6L0wVw4CPqalirTEoTSlg6cRoiwRUXB4nddUqRV7HOQT8KxLoCVyowQs,iv:/uo+hOtb9H7q2zjvK+syCfus0joTolnvK8CGGRgdVgY=,tag:l9dmh4yUZEGwZVlyq5GK6A==,type:str]
|
||||||
wireguard-mars-public: ENC[AES256_GCM,data:fA37Ev7WL2vsgG/PE4YMFHclbhjHqCgNCOiF5J9L5UD8YuGCHUbpTV7A+w4=,iv:K9W/IZatUL+HZ5k9FGjmA4+He4xTO3IAswqpbelfhPw=,tag:FC5kiMD/pdtNjQxklDvfrA==,type:str]
|
phone-private: ENC[AES256_GCM,data:VsyKRS3G4Jb1zbvPfwJ57KRp9lpgR0X0g1YXKOX0BfLmWCvjVpCDGLMaS69w,iv:P4hXJohkAFgJXjP3/sSWdxbTinFidtbQ4T19eWfPVXA=,tag:huYs/zP6pAJUdvXAsN8NXw==,type:str]
|
||||||
wireguard-deimos-private: ENC[AES256_GCM,data:A/LbG/kTjT0xa93Y31RXfM6D9ibHHjuaZ0TIFr8/zn2l7AD7NfmpgZXuPII=,iv:tK9Iyll/GXPXNsMXJKpNKSxMqeHLqSgCfQTSM8+NOVU=,tag:yfJP9hjR/6DXgKtFKqR5Zw==,type:str]
|
phone-public: ENC[AES256_GCM,data:9CPAWETK3UlLrq4rX6G5gG7YBtMBZ3YpKEvA+q4TRrXzPjMhxm0iXHBo7iKT,iv:9hxWvd9TfJLnz40e7k9RD1U1cWYmLWCd3pagfh7NbBw=,tag:J51qDgxRRcq1fCZyoaYG6Q==,type:str]
|
||||||
wireguard-deimos-public: ENC[AES256_GCM,data:ZhcnUafVzrPtEP19TgnsEl6Edwjxbkeb2N+Rg7V1O7zArhcc+Owk/l6iHU4=,iv:UcKBnz/4sGyLM/lQJo7e3G0qWAWlTtRNl5K1e3oT1sw=,tag:BbjZcjl98X9aoCTD+hfhgg==,type:str]
|
mars-private: ENC[AES256_GCM,data:8pDGDdiye+grBRHjqzvzT9ksSYmDDHEyRR9RdiT1l5q/rDPyJeFBdlBcx7uU,iv:umX+j+3kB1fqFfY++GF20qKTlMUbT68yUlYIhcRBOVM=,tag:5yzNtEFg1fFSQjA5FJhspQ==,type:str]
|
||||||
glance-jellyfin: ENC[AES256_GCM,data:ozdDKgAWkA88J2j8RtiOP/aQPAt/neUOSlAZF20g510=,iv:x+VhYlnA9F/VPrzVcma4/oPelCc8kjWoTZvOs4L9Uqo=,tag:crdSDjr8Y5GH/JAF6t8Yeg==,type:str]
|
mars-public: ENC[AES256_GCM,data:xANXRsX7AYr42HMlpQeJsTuJHkoopCUPGaiVbss3K55l1LLDoajjVzjeqLP6,iv:4nyjeuvHNENRguTXypqHIqSYu4TncyPFmE306Ol3vAU=,tag:+kC41plakQWOFqSLNKqHHA==,type:str]
|
||||||
|
deimos-private: ENC[AES256_GCM,data:2rZ+NokSP5E1Vzlm6mnHh8UGT7S/pXo06c5Z1Zxf4A/m7/VMBzyrPSPBDvmC,iv:1HZGsckq+sUd1mKrM+MBlTvS0C3TVvtoxY42/Xfss1c=,tag:3PLQZ2pVnqxz6WDjenFEWA==,type:str]
|
||||||
|
deimos-public: ENC[AES256_GCM,data:BWsejiKYvCBKKppZw9ckT6uFSpUqrZPmpoB0O93R4n9RuxkEdwdUJIzBxl9l,iv:weYCa3ZGIjpCnjxJpPP5vvpMq5LQQNQ62DFtUojOuc4=,tag:lY2QZhMbM+gcePRYBYVTQA==,type:str]
|
||||||
|
glance:
|
||||||
|
jellyfin: ENC[AES256_GCM,data:Ddpv23kdMGTWvlemn7o5M2ARQ+NuzUfgO9eLuMnRh/kt,iv:RiMRQPoyHtQqqc3wx48g1+Ip3meuCKSOniLZq2iJ3i4=,tag:B2sZT8R4ZnLIKiUMaU3L+w==,type:str]
|
||||||
opencloud:
|
opencloud:
|
||||||
projectenv: ENC[AES256_GCM,data:+XCd3xScfxCN1Zl5L+4RAOjpmMPhVLSBtqH2nkEUpXhssy5EU82qAanNmqwiIJ1VrYXYovuu3XOwRKY3Ub1nsR5h1S0KUCwav2zmFKVopxF/5jVNIk6qR8Ggz/fAa1YQSW+SAnrtRGvP0Q1SERlCgnH4isVxNvWPyWCZKIgiX2Enu7hVwsJXKLYDomRWt47zzXNUzw50aFn7xPtXE/AYbMPBa+FweCrCfkaQ6i6jPvkdc6VBYTqIanD0908wB2SJA+1xvY7bYgRVB17/4a/9DuUN5J4xU84TOW7EFkvC/hWhlhC58GqQrOFyAgTP4YJHKGbLVKPlc4fcNMh5+pENpPG2fRDElCaLoJcYe6sYhaCDSegpDR/U9bgzKirnCu/hmdG+NQ3sGK/C89JL2kZT+tVT1u5JWnKGOGvLGQm73QUmnssDZVd8ubNsnd57W7siqAXY3+DN46yLrGgmTfHTRi4x2DKF8VCD9jXOxWsyoLvKYDyz09H9dI72xlCtSmcrFAt7bY7uEAWutrPCf3Kh/gq6oFUAPBEwfqhgnpgGA1vyA6o4zhxl4Rqye5YZMx2uNkxdA4wmk9KB/e7BVR/P04TSXoAV931OX7bnlw3XjSw5NTPEPnpmwZ3VPRGGkz171RiQQp+CkwUr35+DdwFrGazuv3wlwAhM19h9SRn8jikrw6PPGVehYp8mB/FhpNgqV0nM2DfjaBqE3yMfDzXH5b92t4Q=,iv:6mlHq6yh03x/FbZNu+A9QBoV6ALX1rRWuL13ItJWriI=,tag:tK6Ek2fzgPPWT8WCeU1Frw==,type:str]
|
projectenv: ENC[AES256_GCM,data:+XCd3xScfxCN1Zl5L+4RAOjpmMPhVLSBtqH2nkEUpXhssy5EU82qAanNmqwiIJ1VrYXYovuu3XOwRKY3Ub1nsR5h1S0KUCwav2zmFKVopxF/5jVNIk6qR8Ggz/fAa1YQSW+SAnrtRGvP0Q1SERlCgnH4isVxNvWPyWCZKIgiX2Enu7hVwsJXKLYDomRWt47zzXNUzw50aFn7xPtXE/AYbMPBa+FweCrCfkaQ6i6jPvkdc6VBYTqIanD0908wB2SJA+1xvY7bYgRVB17/4a/9DuUN5J4xU84TOW7EFkvC/hWhlhC58GqQrOFyAgTP4YJHKGbLVKPlc4fcNMh5+pENpPG2fRDElCaLoJcYe6sYhaCDSegpDR/U9bgzKirnCu/hmdG+NQ3sGK/C89JL2kZT+tVT1u5JWnKGOGvLGQm73QUmnssDZVd8ubNsnd57W7siqAXY3+DN46yLrGgmTfHTRi4x2DKF8VCD9jXOxWsyoLvKYDyz09H9dI72xlCtSmcrFAt7bY7uEAWutrPCf3Kh/gq6oFUAPBEwfqhgnpgGA1vyA6o4zhxl4Rqye5YZMx2uNkxdA4wmk9KB/e7BVR/P04TSXoAV931OX7bnlw3XjSw5NTPEPnpmwZ3VPRGGkz171RiQQp+CkwUr35+DdwFrGazuv3wlwAhM19h9SRn8jikrw6PPGVehYp8mB/FhpNgqV0nM2DfjaBqE3yMfDzXH5b92t4Q=,iv:6mlHq6yh03x/FbZNu+A9QBoV6ALX1rRWuL13ItJWriI=,tag:tK6Ek2fzgPPWT8WCeU1Frw==,type:str]
|
||||||
caddy:
|
caddy:
|
||||||
share-auth: ENC[AES256_GCM,data:3jY2B2GOdz5EPJeAyVsk4XCs5NMft3VquIBep7SxYtEZ9H7IDroq1U1Sch6YVQ7VcL85L4Ix/OVPm4jVDEA0sZiGkltbYXRXZ8CR34ifsHtHR35lgjXyj8ZhJLydw7LgmZCEztWO8GjLdvSY,iv:MT5sA32Djx81HGc36rqV2xS5KUHLAeTyZiOdSu8oqQY=,tag:V1dv4yS2RXf4Xqrl5+tEuA==,type:str]
|
share-auth: ENC[AES256_GCM,data:3jY2B2GOdz5EPJeAyVsk4XCs5NMft3VquIBep7SxYtEZ9H7IDroq1U1Sch6YVQ7VcL85L4Ix/OVPm4jVDEA0sZiGkltbYXRXZ8CR34ifsHtHR35lgjXyj8ZhJLydw7LgmZCEztWO8GjLdvSY,iv:MT5sA32Djx81HGc36rqV2xS5KUHLAeTyZiOdSu8oqQY=,tag:V1dv4yS2RXf4Xqrl5+tEuA==,type:str]
|
||||||
comfyui-auth: ENC[AES256_GCM,data:7VTXoRxnD0NyVCFRAjHaZswEUsFuQd/ZIwVfqGPmNNV87hn6CBYWvxvcPPFwe+uw7BmKMt+I66DyKx5ydYENTWxPocyT/rFdgdtWwNoenj+JwsUzegmMbEiH2HCZdiwKj0h1lo142mtA6zkc,iv:xT5XHCj8D4dyvglstE2oqo92fLdscCkaNMux43hJ7nQ=,tag:HgU9wAmjPvfoDXgnorB5yA==,type:str]
|
comfyui-auth: ENC[AES256_GCM,data:7VTXoRxnD0NyVCFRAjHaZswEUsFuQd/ZIwVfqGPmNNV87hn6CBYWvxvcPPFwe+uw7BmKMt+I66DyKx5ydYENTWxPocyT/rFdgdtWwNoenj+JwsUzegmMbEiH2HCZdiwKj0h1lo142mtA6zkc,iv:xT5XHCj8D4dyvglstE2oqo92fLdscCkaNMux43hJ7nQ=,tag:HgU9wAmjPvfoDXgnorB5yA==,type:str]
|
||||||
wifi-home: ENC[AES256_GCM,data:5NYSCUyalDf7gZF7WaRQJCo=,iv:RkVZKsmVEBg5M28DSkBD41673iLM+dqDAAhSwjqejck=,tag:QQ17VSWOnU0bGglZq6455Q==,type:str]
|
wifi:
|
||||||
|
home: ENC[AES256_GCM,data:kjidpmWRBta4EZkLBkDpVtku,iv:8SYK/6LhovjqfhKaAvgsQZj3CiTSjS5BHCDgei91pOI=,tag:RjOHpV92r0T7j7uwXmVsGA==,type:str]
|
||||||
firefly-iii:
|
firefly-iii:
|
||||||
pass: ENC[AES256_GCM,data:WjHcoTuEzEq9pfw4QoqRjI4jhu5VPEMOXlHL0olg9dqUj4EGa1Shv5T/kIxdRFuao0y3zQ==,iv:4/fmFOxxDLzplsNGpSJMQOeoNviZw2c2pFlB1ZkRu+o=,tag:7TQ2q/kEFDU4tZxPx53ebw==,type:str]
|
pass: ENC[AES256_GCM,data:WjHcoTuEzEq9pfw4QoqRjI4jhu5VPEMOXlHL0olg9dqUj4EGa1Shv5T/kIxdRFuao0y3zQ==,iv:4/fmFOxxDLzplsNGpSJMQOeoNviZw2c2pFlB1ZkRu+o=,tag:7TQ2q/kEFDU4tZxPx53ebw==,type:str]
|
||||||
data: ENC[AES256_GCM,data:921LhcRTWVk24eEAQoDMV+RllSP3PbSXCCIDXlQA80Mq,iv:YXEgas77DgdyPTnBZa/ySjcERBIwmdDZJbijeNKNF24=,tag:Wj25wA7tLJ2bZ/faG9DUhg==,type:str]
|
data: ENC[AES256_GCM,data:921LhcRTWVk24eEAQoDMV+RllSP3PbSXCCIDXlQA80Mq,iv:YXEgas77DgdyPTnBZa/ySjcERBIwmdDZJbijeNKNF24=,tag:Wj25wA7tLJ2bZ/faG9DUhg==,type:str]
|
||||||
|
|
@ -60,7 +65,8 @@ backblaze:
|
||||||
repo: ENC[AES256_GCM,data:sRae9XELIfkWPaXelCdgEXIDbLTHVqGcRO0o+WA9aBfB8MUw92JjRCYgMgGXT0Apy38eszyuEHFB3XPpRmtQ7g==,iv:EilVA9zdHm6B9pTIhNxyj6Th1248nXvh0kpnEqZJ5HI=,tag:q9ASAgx5vgY0IePws4rT5Q==,type:str]
|
repo: ENC[AES256_GCM,data:sRae9XELIfkWPaXelCdgEXIDbLTHVqGcRO0o+WA9aBfB8MUw92JjRCYgMgGXT0Apy38eszyuEHFB3XPpRmtQ7g==,iv:EilVA9zdHm6B9pTIhNxyj6Th1248nXvh0kpnEqZJ5HI=,tag:q9ASAgx5vgY0IePws4rT5Q==,type:str]
|
||||||
restic:
|
restic:
|
||||||
pass: ENC[AES256_GCM,data:I5Bf7or9jNwtdK/r/DzUHw6FohzeMtWVrs5AG71geVr6,iv:WnHsFW6oJCBsm84y1rzQ6HbLG8ydPBPQQbHoXKGR7JM=,tag:HsoJxLv8FvrUNSwI0OFCbQ==,type:str]
|
pass: ENC[AES256_GCM,data:I5Bf7or9jNwtdK/r/DzUHw6FohzeMtWVrs5AG71geVr6,iv:WnHsFW6oJCBsm84y1rzQ6HbLG8ydPBPQQbHoXKGR7JM=,tag:HsoJxLv8FvrUNSwI0OFCbQ==,type:str]
|
||||||
password-user0: ENC[AES256_GCM,data:VKrySmPAKh3UwCQXJS0EnOPPLDrigWtw5g4WMbSGz/VRtbzlQxMIgs42c/8NnHiqr98ifWy7u9c280oo7SrHhQmEOOvxfITQ9A==,iv:toGkVKCjsmtPP5Ukk/q8kPSmJo3FcTAyj2vcIEkHmU0=,tag:Nhucsk1kgx7zDZZQKycKZQ==,type:str]
|
passwords:
|
||||||
|
user0: ENC[AES256_GCM,data:72ABhoc8Hjdf56eHkxu82Ls1zTJwUJRkly9hqlHKhQ4INepT66LrUGRHUG1x+4FemNWvAirEXVHvPVtu+rArCrDpGP2ZIbP77f8=,iv:ukq8E7orUwFOUfoqPp9RMjZNm0MMobXcjbWLzx9z1+4=,tag:E9OTDzLkliDIlH5DrLqQVw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
age:
|
age:
|
||||||
- recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0
|
- recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0
|
||||||
|
|
@ -72,7 +78,7 @@ sops:
|
||||||
bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
|
bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
|
||||||
aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
|
aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-11-29T01:51:40Z"
|
lastmodified: "2025-11-29T02:32:25Z"
|
||||||
mac: ENC[AES256_GCM,data:Ojnh9iSEc3FRAOkRzoq58UxX/C7Vn8KxbDf4sBmgnmiJIFq4ZKLfckOI4kXvDT/x+y+QjP0mZyh+AkK9nOpnxw3XTayCOGiG5ozaReJFaQ5LTRurxTY6go81GBSLclho8O6f8ep0DIHkGYPlIC468D4HQq+pVQAOZfPBRARTpZc=,iv:f5fEL+pjHGD8MnCkTOYCQ7lSy6pePZI4Q9dGQ48mE/A=,tag:7Ft2VrVY9vTcQuIl2O8yOg==,type:str]
|
mac: ENC[AES256_GCM,data:DiW/akEjhRu7Bvfh3je1llcfj6ytRT5+ntWUIobdvVZA4fu7z00skzUYiAdAg/CAnepEgAJ1R8JDag/TFIrnKg+JHM4Kdv7F4Ier/qaSGURxGQ/rxG5jwsj5N9ar8nWxpt9X3Ox7alyNyGpCW5bzbLL2EWzPmHVQiHWpfrlkivc=,iv:QOWZ5uAq7eNPiJF2/YY83bCnSaCXhm3b25egDcFDczg=,tag:zSlHQvCRugSP/wxJ7P+gGw==,type:str]
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.11.0
|
version: 3.11.0
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ in
|
||||||
wg0 = {
|
wg0 = {
|
||||||
ips = [ "${ceres.wireguard.ip0}/24" ];
|
ips = [ "${ceres.wireguard.ip0}/24" ];
|
||||||
listenPort = service.ports.port1;
|
listenPort = service.ports.port1;
|
||||||
privateKeyFile = config.sops.secrets."${service.name}-private".path;
|
privateKeyFile = config.sops.secrets."${service.name}/private".path;
|
||||||
peers = [
|
peers = [
|
||||||
# if you need to create a new key pair
|
# if you need to create a new key pair
|
||||||
# wg genkey | save --raw --force privatekey
|
# wg genkey | save --raw --force privatekey
|
||||||
|
|
@ -41,7 +41,7 @@ in
|
||||||
sops =
|
sops =
|
||||||
let
|
let
|
||||||
sopsPath = secret: {
|
sopsPath = secret: {
|
||||||
path = "${service.sops.path0}/${service.name}-${secret}-pass";
|
path = "${service.sops.path0}/${service.name}-${secret}";
|
||||||
owner = "root";
|
owner = "root";
|
||||||
mode = "600";
|
mode = "600";
|
||||||
};
|
};
|
||||||
|
|
@ -50,7 +50,7 @@ in
|
||||||
secrets = builtins.listToAttrs (
|
secrets = builtins.listToAttrs (
|
||||||
map
|
map
|
||||||
(secret: {
|
(secret: {
|
||||||
name = "${service.name}-${secret}";
|
name = "${service.name}/${secret}";
|
||||||
value = sopsPath secret;
|
value = sopsPath secret;
|
||||||
})
|
})
|
||||||
[
|
[
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ in
|
||||||
wireguard.interfaces = {
|
wireguard.interfaces = {
|
||||||
wg0 = {
|
wg0 = {
|
||||||
ips = [ "${deimos.wireguard.ip0}/32" ];
|
ips = [ "${deimos.wireguard.ip0}/32" ];
|
||||||
privateKeyFile = config.sops.secrets."${service.name}-deimos-private".path;
|
privateKeyFile = config.sops.secrets."${service.name}/deimos-private".path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -17,7 +17,7 @@ in
|
||||||
sops =
|
sops =
|
||||||
let
|
let
|
||||||
sopsPath = secret: {
|
sopsPath = secret: {
|
||||||
path = "${service.sops.path0}/${service.name}-${secret}-pass";
|
path = "${service.sops.path0}/${service.name}-${secret}";
|
||||||
owner = "root";
|
owner = "root";
|
||||||
mode = "600";
|
mode = "600";
|
||||||
};
|
};
|
||||||
|
|
@ -26,7 +26,7 @@ in
|
||||||
secrets = builtins.listToAttrs (
|
secrets = builtins.listToAttrs (
|
||||||
map
|
map
|
||||||
(secret: {
|
(secret: {
|
||||||
name = "${service.name}-${secret}";
|
name = "${service.name}/${secret}";
|
||||||
value = sopsPath secret;
|
value = sopsPath secret;
|
||||||
})
|
})
|
||||||
[
|
[
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ in
|
||||||
wireguard.interfaces = {
|
wireguard.interfaces = {
|
||||||
wg0 = {
|
wg0 = {
|
||||||
ips = [ "${mars.wireguard.ip0}/32" ];
|
ips = [ "${mars.wireguard.ip0}/32" ];
|
||||||
privateKeyFile = config.sops.secrets."${service.name}-mars-private".path;
|
privateKeyFile = config.sops.secrets."${service.name}/mars-private".path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -17,7 +17,7 @@ in
|
||||||
sops =
|
sops =
|
||||||
let
|
let
|
||||||
sopsPath = secret: {
|
sopsPath = secret: {
|
||||||
path = "${service.sops.path0}/${service.name}-${secret}-pass";
|
path = "${service.sops.path0}/${service.name}-${secret}";
|
||||||
owner = "root";
|
owner = "root";
|
||||||
mode = "600";
|
mode = "600";
|
||||||
};
|
};
|
||||||
|
|
@ -26,7 +26,7 @@ in
|
||||||
secrets = builtins.listToAttrs (
|
secrets = builtins.listToAttrs (
|
||||||
map
|
map
|
||||||
(secret: {
|
(secret: {
|
||||||
name = "${service.name}-${secret}";
|
name = "${service.name}/${secret}";
|
||||||
value = sopsPath secret;
|
value = sopsPath secret;
|
||||||
})
|
})
|
||||||
[
|
[
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue