diff --git a/.sops.yaml b/.sops.yaml index 45e3e74f..74dc8bcd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,6 @@ keys: - &ereslibre age14tw3lf9mdn6dyxrxdsz9w96rp7g7qcdg04sqlmxzms0sjnkldvkq3jsz48 - - &host-hulk age1znnnyj40897mtt8syaa6p7f0xsvatn0s3lsgr0u4r0st258tjcqqchv20l + - &host-hulk age1k5vzngjg6ujawwuw66d4gfl2wjy7l449xcpvjhfgkmk2836f8yeqf4pkm7 - &host-nuc-1 age1jsrzvlyj5fzf6c3rysd79f68drmpgvh4myxqsl7mlm7gyhfunywq573mss - &host-nuc-2 age1ph4vt4lhrw4q974gm2g0xue3y8swy8qw9k8kg68hzxs7s04cxyzs5jujvs - &host-nuc-3 age1jt7ucv03v82ccuwwhaulgywswsc5h2uxauyrdmra8gsd47ajfyasyp4r9q diff --git a/hulk/configuration.nix b/hulk/configuration.nix index 8fc19bb5..f35ff4e1 100644 --- a/hulk/configuration.nix +++ b/hulk/configuration.nix @@ -1,4 +1,4 @@ -{ +{config, ...}: { imports = [ ./hardware-configuration.nix ../common/aliases @@ -20,6 +20,7 @@ networking.hostName = "hulk"; sops.defaultSopsFile = ./secrets.yaml; + sops.secrets."github-pat" = {}; nix.extraOptions = '' !include ${config.sops.secrets.github-pat.path} ''; diff --git a/hulk/secrets.yaml b/hulk/secrets.yaml index 285050c0..20f662ef 100644 --- a/hulk/secrets.yaml +++ b/hulk/secrets.yaml @@ -1,4 +1,4 @@ -github-pat: ENC[AES256_GCM,data:o2E4Yv6BdndEGbbIrb+8C1uUFBgiRDujO42qBOZpCnCFAP8vN31Oqb3yCTW0fmKrPrgsf6hsVf5uo7b8CyBAqO1bY/k=,iv:/fGktRrQJpEasH1WrxBGr80f7FBdrho6YoCNp7Hbxd8=,tag:BlYuYtjvoXzjRLjEGJkLOw==,type:str] +github-pat: ENC[AES256_GCM,data:BXEX9I4YIlzM2kIBgYSoRswSmsLI0laha8zbv6uW8CjsiQdKP9M+GCp3GP/hxD52NhXNJsOzK8q4ucCFUi1RdXIJ5q8=,iv:/fGktRrQJpEasH1WrxBGr80f7FBdrho6YoCNp7Hbxd8=,tag:XaWh9vbKRlZKf6I+DkAWMw==,type:str] sops: kms: [] gcp_kms: [] @@ -8,23 +8,23 @@ sops: - recipient: age14tw3lf9mdn6dyxrxdsz9w96rp7g7qcdg04sqlmxzms0sjnkldvkq3jsz48 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6R24raEVIS0c2QjhsOWNp - eXcvWmFCc0VuT2doN204bEJtNGV1c3VSSWdNCjBjWDZnQlFTeWVwRmdDbm5PU01T - bDlRbWhQem9rZzNYZGxaNUJSaDRWMGcKLS0tIDR4UndUVldzUmZqMm1FZEVJNm1x - MTVTZFhxeTFyaElrYWtlbHcrS2I3dmMKtw0vGFZrWh0DgiDyZ22wxi3IXmBmjyCu - CAR3iDwAgTChP8sbuCPc6VDVlr5Yxk+Rxqz2rRXDC3euaTzVKXHXaA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiYlU3UVNnUnhpWEI0ZWNh + WHVVd29PL2RqaGZlV3ljZHpNZ0FSSndWMVdrCkRCKy9yZGE5SEZ4cnB4dHhTc1E3 + NUNvcERldHhOb0lxMFRERFpTM1g2dm8KLS0tIDlMRTNVY0dlVXltTkE1b1hyWGt6 + RDAzYWltRG9BTUJHSUxoaERxQi8rTm8KJcCUV3L6KQDkX7bMJRp1JwkKqgN01P8Y + qq+eYFAWOJEp6c5LQhsz/j/WK03IXnYb166bbeEM2Y/+lpkAIf6MbA== -----END AGE ENCRYPTED FILE----- - - recipient: age1znnnyj40897mtt8syaa6p7f0xsvatn0s3lsgr0u4r0st258tjcqqchv20l + - recipient: age1k5vzngjg6ujawwuw66d4gfl2wjy7l449xcpvjhfgkmk2836f8yeqf4pkm7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEUkRlN3Bza0JDbWo1RDgz - S2JGQ0ZtTW9IWVlONFZZUHFiVzdid3JRMkUwClBYTXJKNnFDckFwSmIydDJEMGhC - dWtYNWxDcnBhTUZzR1RYMlIyc1N1Q0kKLS0tIDRZSmRIWXBZMzBnNktiWThKdXNj - UVFSU3JuKys4ZzhYb1VWZy9CeFRlaE0K9mzx0e3YjMJIelSbjrjyA5VLp7nn4a5C - GsjTzbZ2j377bIxVEuXngEjHi/qHJC9Y6f0GcBBT7caK6s+80JobKA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlODZ0TGFKNnJXSlZ1dnpW + UDlFdUozbjZLbUNiNVhVM2t2TFJwSUpwbkFZCkZ0bm8yVk9zdTcrMTgwdWVMV0Jz + WDNCZXdBTVBoc3YrVlVpTkM0R0tZcUUKLS0tIGd4QTB0ZWhBbnJMeUtTdkFrQnhO + MkJ0OFBMOXczY21IcVBxUUJieWE3WXcKrUifiNAY15ul+d0ojTJ5vP/9WqlsCfkR + vaATIk9ZpfMhXvjvqyRz8EpXEnl7/gwu/WX2pVIx7B6PKZGyJnqYgg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-29T11:58:47Z" - mac: ENC[AES256_GCM,data:i+JDlqubkhTktzbu0DJBS1AoXC8zCTpBl79rOizQ6kmNNDatKJ3dOtfXS3zLlmvmPmBCGCSwq6aZFzzRFHnz22e6M2TotHhxmp8j6vbNkWeCjekkalX9qGfxEUGAc8KYbn0cDUA2D9OIA+SEAJPaonmSUwJT6VmJ/0XKgH1YUmc=,iv:Ib2T0zscmTjoWqJ+QQzQYablAUAnL7GaC/BGDoJU3bY=,tag:l3cZq58ahqilJw/3PJyGGA==,type:str] + lastmodified: "2024-09-29T12:08:23Z" + mac: ENC[AES256_GCM,data:suubn2FkaNII2z3gOZJGxLjMasoP/nprKukzsrC5ck5/NjxOHdIIBgCP7BI0diARVgBs57v3nODZUk0ld+4iruQLSdgb2NtMUUfUuPJTcfXLukdemsPhAPvAcTUWPLxKQI6GaDTS75YnalJVMePjOQ/3LaA3eViVRcXg01nV1ps=,iv:+i9ghakDBbUznTr3QcihFF2ysFVX0nzUu1l5q6hQre0=,tag:xhG/aZ+NSXbCPrWDD5bbWA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0