From 46a99bf13d83b4d8d8d25ab301c4e26bb71d8c17 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 17 Nov 2024 22:31:57 +0100 Subject: [PATCH] Split sops keys into root and normal user Deploy sops keys using Colmena --- .sops.yaml | 13 ++++++++++--- colmena.nix | 16 ++++++++++++++++ machines/sue/default.nix | 2 +- machines/sue/home.sops.yaml | 26 ++++++++++++++++++-------- machines/sue/nixos.sops.yaml | 19 ++++++++++--------- nixos/default.nix | 1 + 6 files changed, 56 insertions(+), 21 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 7340b99..6412a23 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,8 +1,15 @@ +# Public keys are combination of host + user keys: - - &admin_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw + - &sue_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw + - &sue_root age1nhh8v0z758te7ggg4p73mz5p00kum03zwnjr6czeh367xjzvm9dst3ufle creation_rules: - - path_regex: machines/sue/.*\.sops\.yaml + - path_regex: machines/sue/nixos.sops.yaml key_groups: - age: - - *admin_pim + - *sue_root + - path_regex: machines/sue/home.sops.yaml + key_groups: + - age: + - *sue_pim + - *sue_root diff --git a/colmena.nix b/colmena.nix index 588d476..71ad8b5 100644 --- a/colmena.nix +++ b/colmena.nix @@ -18,6 +18,22 @@ inputs @ { deployment = { allowLocalDeployment = true; targetHost = null; + + keys = { + root-sops-age-key = { + keyCommand = ["sudo" "nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/nixos.sops.yaml"]; + name = "keys.txt"; + destDir = "/root/.config/sops/age"; + }; + + pim-sops-age-key = { + keyCommand = ["sudo" "nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/home.sops.yaml"]; + name = "keys.txt"; + destDir = "/home/pim/.config/sops/age"; + user = "pim"; + group = "users"; + }; + }; }; imports = [ diff --git a/machines/sue/default.nix b/machines/sue/default.nix index b60e7dd..226d5d1 100644 --- a/machines/sue/default.nix +++ b/machines/sue/default.nix @@ -15,7 +15,7 @@ networking.hostName = "sue"; sops = { - age.keyFile = "/home/pim/.config/sops/age/keys.txt"; + age.keyFile = "/root/.config/sops/age/keys.txt"; defaultSopsFile = ./nixos.sops.yaml; }; diff --git a/machines/sue/home.sops.yaml b/machines/sue/home.sops.yaml index cc9e238..e32b0ac 100644 --- a/machines/sue/home.sops.yaml +++ b/machines/sue/home.sops.yaml @@ -1,3 +1,4 @@ +sops_age_key: ENC[AES256_GCM,data:7+Q7B11nLI1jYgI+KCtGOYsCO9r3blXGrGk9x4wR8a1/FbnhCFJgtrv9uGMFDpw7sLWYAeM7hRajEQfAuQV+ikUhgO8XGMd3/do=,iv:RWfKq6OQksKWPOrrY/hRsKgIh1Kw0wz4CxbI55P6tDM=,tag:GOtqISlAqtn8s3kRaCYyeQ==,type:str] keepassxc: ENC[AES256_GCM,data:OLAzLx07hFjoa3Hqdp6xhcGZKX7IoPt+Y31WPVS7PRrowBup1tyI51JlKeSsmHIwJ1kSF+7Jhfw1vOgylFcQzZc00hCgiK3ksFkjYUrzLnPsuKPgBi4Jc3Lnb5K+rqJY8P/7OLWhrAFvscKbMo1trQIZ74qKOGxP45DYJL8kDBRsY9+/6nq9bbIaiWXsp8BUiKXeM+O7XnQ+Ir+vTCF7DTNNArD/wT/x0omZL8SzP29ekhQIBSSiyuAIzQ3EYg5rwa9l6xmfatCnKkwXvqDiEGsTGAZj1hUvkHNCgELwRkyYZXyvw10B2/A1x96LryVBGRB0AxXuLgW3kApWLpxLo5lxUwZXv/TjoOhhKkz92S1hMUJg8nQPmBmBEmTQtfT9NF8t1f65MRaRHwXnaSYDChGoa6YEKWt6/FF874Vw9FsZ87SJXdm+hdrgPiSH7O/dJEJoO103WbrzzumYBbLCtjSDBSbn5xxjb4mfCJVatKTSTuWXNUiXJd0Fy78t8kz+zsASLQskSKpl1/csXsErpKDLSjEfObTx0n2ZNpM8z1KFcLFbzy1WyGHReZ4aJDXEWUnhpFT0bYMNSy8cFNw40XKAptiUq16l41uMkT1nsF+tp+bbGDVZjVy8fQb1P6xmcMWviYw88F2AFFWF05ppE+oXJ51e1W8Fs1NhdVnVRds1sMcLJjx/HTs8rZnUBy7cDwmLAo/V5swkV2eUC7sD1CnZHciuHlVXPVRBkRmE+i9Zanrx9SXr+psvAOV9/t6/8UQxVcs+x4/iqtZcf9vfOwaAufH/lci45WpUcAQb7KhsvnYUmzoOn4t3A4tMe9nCb9fQwNxqIHhZ/lWl5lsxc+uP/5cuYNvCSsliSChDJaNDLt9NnIrBtqLzrsaIfqSK1vFuzYYIh5yuyxPh+TfPFR/KqzjIbVyar0UGmISXJ+9DGPvb9J6GkXggyO4cNY9E9Gfb+8nWOtCPnEFXG36oZAmI4QTCDpjJ0Gp+sROQIvLnpT1uREeDc2u+P7V2Y04h1OVJSPZDUlR8bKqlOXZ3lq/g/rNDxTKit6XLRUnz8u3DtiH2tmSZZ7OhyKhvuwcNgV++3isFP216wJ/x59bUSCJ6SNss3wBgtmk0GTsKU3rWa9MYWpBbS++ZcJ2F5anj5stpmTZguFNL3hYZQLPUoSxUd74dwYUTab3mfK7TeKZFruzE8BapPgjH8rtBnhrhl/88r0N9Vo1poJFBdiaJ3KkYn7vOQCYgPQPXLt1IrlOoplkEzGbtQC7gLSjgMtsT2tQYVqJqJ3DHDMrcVd2iBMENn82Bgnf8vTKz4OTWwy+5AgRD/IOsVHbUqtnS0pAx58S8TEm840mnYWYZV+AprPqLHfi/G0tU54J4McEwxmJsKwP+p0LCACC2dFRjLPg6ssvXStYk/AfE58fIZxkgOf6TjXTH90a7STmN8E7IrbPGNywI/OeOOgt+Li1WfJzyS0lE9IDvXwwNkzHJhlDFTCg95q2FWXvjyF68JMMtesiqz8SXKSjDMzjsRm37obTDvmdBGAO0NuC236GcYvF15KNSuDjcVWyoWPd2xMzCcM/dXHfg3/dlheju2g1TwskoSKnVCcRK8B4V/rSqJfUSTrAsKOkFS5x9ZK1Wm2SEe+lhHr9sYC1fUcU077geCj6OimZ0H3Aky0/KI1H5/zDxlmoS73z56S5nQjII8IWS+LjvSp4j8i28NS/SGqdrgVUQatV5sCctast/U32MbnGn8zdHYJJWHYqY+nXH/n6Vg0e/i7ut0/uqxDbFngVmJbWKwN5dLO6Epv9qskdleWCruvAh7y9qhvmz+k/lxwHiZkdMdOgoUrmIoC3Yn+lGG/xF87PG9TsBF88vius85O8HxY3o3td/awbkUD5x7+OiLdIVnM0iUQDSbdrvFla6qHVkB/kUqcli6GYhaP9HgLUWKm0YgrU+V5eufTG5fu449Q0RcpsSLpncRXghiiZUK/V2z31tVuILeZmlqPBRthQz4xfDgfmzohDu71ttX+2Ih4np/uWIMPx+7ppGWarkp2wsTq92hVAT+U77r9vSQo3H6+8CSpA2AY6q1MU9VPtA0Ze2ZyF8GI08qtVRPiJ6W1q9D3SEBrI2STnk/KdvVu7J1q1HJ6yEVtGBGogXivQiqK/BzXWnDMIzsclU/UZESRVrn+E055kXYDFzKZFNFg1Fa1QimhBs1Ayd4z/aOpWbaXBxOL8jIcmUlRskRU8mQte4vglBNQ06YDZ8OAx8pfaKAz2Xplte07vphWrUnXnFCcQdVrpHHKKN26QhMiObJ0NTUQdWUyiFAiYqmMROanUjVHz3qQQJqW8qq9Z14jXU1lPCOBkcIhvF8hm00Y6OLR7CrOwBWV1t46LC90fyi1VVMcEIKYdNVAvHVVH8jhM5oo6pVcEs7PL3UNHaAldW5KqeFHK0hM4VKUs2vUS5kunYsBBqNFGTYHTewonm+DmB2GM+QOIak53buaygQ37wP4Z4j/QrlIIxtGtUPQo4rENJuCs8fTb1DobDtQrta0NY42vf20VGiS8AJ9kpvj0jC+536RPX1tmu7s6pbsOtvwy1CbDjQyvCmpb24Pv72XtwGn3TQ0GIS0i2iDtRPMgywFbQ7/GctHr8+ikW5QehqRyL1nVtTO876hpYPsztvcqpzA3ZTXHGvAAODsYuHMXNze6xRuQyO0zReT/1aqaL7RH5W7vN6owH/brbsZlnSgaMktTpUNk0F4gQ7/0IxG5Pp4gGoMfXo46D5nGhr57oaSL/RWfMcTQ+f/A4HMMqnPfI4M3MO3bcfs6C75EXiy4EAOyP7uivcCvhRD440195rydqqjIliFFIuIToDjQNZfpU0HnrsSynn5qf9Z8DAuLN9NgbaKq2CbeXxYExOoM7VszulP8XaNpl4gLWONaWvZiQz7+IySlvPu6FpHxAGSNlS6CO0OCGKgcr485/q4T5h6/cH99kvWlNy1sEpoJOOu9bT04fKsSutJ9VihAZy/6s88Jj2IM1OGiU0dP68/GL12X99nYXtVeGTkM7CZYJujOJUf7wx+/UrFFExbUtT+Iv/rlpDjECHcnmrDJcvhEDw1DOAUYyvTd7F3n+rkXpw9MocwY03xuuNcZ/cYijbAe3P5OeCbph9NEFh+E/D5l7G8WS19xLIfb2NP/J0LV98F+o+kq4dqXje1rurdZvWhvjYIpkcfa2MP5QpC9ptSdJwL/Fh9ZF30qsUg1QDeM6jM8Umzk+OWJEMJKQjgxn/KqTlOFDd2MUANsNqxKfvt4PArpJao7CBp1Kywb1Wj8iPCrOviCe8YT1KDcisGhbWhAlr0Bmf2vMk1ynaJg7gf2dpEUNP5L/yRIJQq/+i/6zJnEmu8kf9YEmRvEZKEwFNkkPVztBiub87u6TK48IwXMC4VUQVZyOzd82nLdwdVmdsx5puSm6KLFRNDU1VV25f5KCGcFlBqiRDucg/Em5wYvuTtsTGEm+ff3veP9BeOinzA94wzf0XnZ37fizTg7lv8LoFo6CdqM+/OTPrGubdHTPCKfAmbYWHN/Oa6UEnO2QeOKtpbXenughSoUClsVi/cFYFPx7QWHfqyazjTkJwX8W1SXCu6b3D116NszcrEadTpK3TVOxlVLCG7jZ+bPpT29/Lezrcn6Itsab8uDZEdejflU1lm9d78/bCLcodxcl2Z9DVrsmuYfSkHuOrCVuZ2nh6tjr6IuB072mkkPZN72xuLbFcp7sIcaQF7kO1yk7Z1tQsHkqhl4xo80z6vr8IkmKrHpcxvnrysTxfy2qHCimieAa0OEy7c1SMFyRKUmgB3L1CQQeoNF+rHspZdI6bpCEdU9QKGI570HsE/UsYbyHg15i8wmXlxO7zBv5ER96qlou5seeJCXH170xE5uiKkFAI1KSR7SdY4dFnLq2Z0yLNbtf/3NiUKX2F32UEzk5YRw1dbCpV2l8FhO+bW8oYrUEWeDxSb1PFnNNALVl9DCyvIQsZtsWVxIY51gB+L5fL17otuzKKJn9YUppIhlYkJ+fPs3AxLKIcL/IBd7XW79o/TFscQcCwzK7FmqPKGvOiqpN2I1IFyTuLCkFjIB7k49idnxDfCbCfqPRdOHj6nu+qKNhLAPijEnnUzX2PdiedalObpb2/1Z74jyl70VNSgiH7ZgHtd5mFZDiRTAtX8RuSHM9v7DHqoDtZthjFsaJUG/ORHnQkr0kMLKFbhR/dvk/SuSpGlUcBpGqHmlveeQoaZdV7pXFM8qNha3VIOiC6M8NDfMOyVb7mh68aNKI8G3S8O4U3VXtKXlWN61S0TO/ZFYE4znHUcjUkgpZkK4sgfVXXfl6J8k9DtBy2tLdU47Ev9s33AbMBt97lBRy4xHCFhTsXOvJf+wznc3djEs5x+ZjEMoID91wsK9tU0bCAr54j0HgdXBYbmXMNO0vpecy61jRJU8RhDkQOtKtbsOysStVejJzQKuOrTuUVAvbBjfjipHent9q2pVXXFtXmvAY0RgX8Johhf1KHvIvvmOB329TQOm/xEHbIQn+bWc44OvQo9bqxHK7e/dgzD1EDGKQVJkT/eM5KJLECDxMRrsUR5d+GOc46kxvajQMXiyhgAZ2uMoVbNWtmcJjO3WfkpRvjHw1ruUUFMojp25jYaPs169Uay3p18o0a+plpfd4j41uh0mdLrthgkGaoRPC5m35k5zrPYH0KXJWPUWiaTtCzbkQbHrJ4wHpbb8HpRghmaTKp/ucrox83qUl5q/fOl3zSFnCLzZSgqiGDr49S6Zhz3Kn0vlVPnJXOW9VP8fA20VfO13uFeNVoRa4vKufUlwxI0ru3RgihIX+Pqaf2Utc16YAY+eD3NQdU3QCBY+HTy7Tdx5rdli/wjGO0f51cgZxisJ/IiD4g71wOmuARhSm9aG50K5J2W75I33eKOxzv5IsdhKfsSsNPNPW/UCAQed8OOcxAV1QlbYQmuX9nbe49GEMv8mvVM+BdETIblpzql8jimq+yFn7hu4bSXSc77zpqAo5yFjZqNRlltMFoUDcCdg2Vhk0EegVFJcAm97ofI3VxyWsjfr8XE7hPkKMExf7jyyzeB85AQ5r6SFLqgqsHReD+D3loNmAs4KBUlit4Y9wSyFZhOpfLBFKA9b7kLDPhBn/nd7+ytl2YmX9LpcxTgTHWuwuUCcW5/4unWUlwQz/lwB+fxd4XZi1lfzr+C6sx3K32vfxoJD9BbGUFZ3rnsk58Hv9V8B16k0jQi4xtk64n7KqUI284QUkT6BUODDMD5PqNPw=,iv:ZuPrxGdtL7yfvU9mD9NFJlNTzfRY1af2tUAXhvGvQoA=,tag:ZBu+pR4LbdfOxsw/nTzTfg==,type:str] syncthing: key: ENC[AES256_GCM,data:RynMajMIyEL7E0q5/Rk9ev2/Pd2dqeseaMKiZGEmd59PLuKISuXoNWpy2HNh6rHt+uYPnr43Np7+w13lp8LDz8G5FgW/jy2tHSTBOaFamOpzvKSJAr6yFvuRvbzcO2SW7WKLsVwVFxzj3gLUoG1cJYiuIX03pOB8ljQerMN0mlA8wHBLyIvCGfFy/XekiLpwfl1RjXhCvA0EMn+8o5l4cexXVqh779MEhw6/SbC7g/B5nobT/AQh9z/m4DKxYKB8v2jFdCJck4Lqbz97HL7KaDme4l3iMlOek6kWkYMQiXnr1/tDhDlaI0uBSMCL8MXrhq509S4iNhdtsn2Dq6bjhilTw5fdqTuD2miaU0soF7XEmRMtx3vIz8ju56iEXwFq,iv:pN9P/AoJwnvU3Rg0hngjqM7IonqWSze8qcAURIG++7E=,tag:UueCEDULSy1mf3d3WEdoww==,type:str] @@ -11,14 +12,23 @@ sops: - recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFVmp1NE04Z3BLamJmcUx4 - MlZ3N0FVL2EwSDg1OG9uWDY3ZGpYRWMzK2pJCjN5aGlZWkhFSml6SThRRHkzOHhZ - bVNwYnNXREszQTAybnI4SUhvTk5kTUEKLS0tIGhkUEZ1VGJNQ1UxVkIxREszeFhJ - c0hUTEk1MlhxZTRkOUZrWjBpQ2lla2sKwhgQQ05yZOpbn8cLIYdwAQJIbkgXXPKO - ppBCirRPqv7s3JVF3zYCfHPQ+Hx5H/FzfckDgkFFt5NVtIK2D/3oIA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTENnd2J2VXFoeHhWZE5Q + MEU2Mi9hM1p3SWpRbzZNY2Zja2tFN0ZVTkVRCnVIckx3Qlo5c3M0alJPVjZaa1Y3 + RW5mamV6bmdIZ2pJZzB5KzBLTGtuUlEKLS0tIFFtT2JmZDI5V0RsL0ZxenlpWGlr + dmdiRmlxMWdmTmZUUTM1alRrMGdzYTAKbViJnEFIO3dpHYWyJxqXRkWqqpDCKV/L + jwNbatnwksT2RW6ecHUF6R/kL7YQJ5Vv3iTdCHfpcW7qRQvl0ZJEzQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-17T18:32:05Z" - mac: ENC[AES256_GCM,data:y2lb4TlzCGDcXc1ZxBhUIrbdJ7ZT0gEqjmpCf09LnSKOHCSNq7FPGSUDWolBUuFgo94qng6rDhqafJPBoaUr54k3Z8aZ9Z+glJRz4WByBan6Qom84TFlHnd197AgkpiK3WE57lpFKvHxkm8OW6KjSSsr1JpiHaod5NuP10tgrHc=,iv:BhuHt+Yz8jwrYWiQDXncTxhWE34bznm/JCXe0vj22NQ=,tag:OvY9H07sPEk7A2hxsOhhxw==,type:str] + - recipient: age1nhh8v0z758te7ggg4p73mz5p00kum03zwnjr6czeh367xjzvm9dst3ufle + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MTlnM2VyeDhPR0lkUGtB + d0hJSHdEYUptTjBySUhUYUpVOU00QWh5ams0CkJrYWRNMFZDRkZZUGFWbnlFcXdH + dzhwZGdNU1BYWnJLUFpodzBWcHJZV1UKLS0tICtiUVVqY0loQlpTYjUzRk5YR2Vo + RkVRSHQ2cVJRdWNpZzZCd2laL1R2NjgKhaY90NYGLTuYs4hJs1so24WFvFhquD4V + KwVKoyFdni0jWOaULvA0+xausV2Hx4C1xk7b4SsuT3YkDZdOT41gHA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-17T21:12:25Z" + mac: ENC[AES256_GCM,data:m9TJL1G7D0l5f6ZIC6NfKvRDuHY1l0cp9hFbsFy9f2f/ixCRM2JFuAZ4muL6eyvZqAiGgB76u26hFU+yO/E3vtnAYSrLCk1JaRe3rajZIpu+Dwe4zht7ysJ/NeybWB7KzetS8BijDjp8YDHDcX35xwT8ScWBVqj/hjxls4JRe/c=,iv:Z3tRizJNpVHyErL2iFo6ALGO97IarZPiKzyBDPm7sQA=,tag:1sH+wHJoAHfsIju+OWMTHQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.1 diff --git a/machines/sue/nixos.sops.yaml b/machines/sue/nixos.sops.yaml index 2e0eb2f..71ac1d9 100644 --- a/machines/sue/nixos.sops.yaml +++ b/machines/sue/nixos.sops.yaml @@ -1,3 +1,4 @@ +sops_age_key: ENC[AES256_GCM,data:3PebFyNHLlycKPN0L/MAL5NpKWqUiEFxivqnPtuavnET13NEEgPvyD9ZyuSYlQRefgKNHuKaAgaMNULOyL+mWF+AV+YYiVyrp14=,iv:gvxb6BK+i270b4Pr/dwRpwno+vqVplyyWdxEQIEVjmc=,tag:5LJ609yQOBkLCCwluI3AUg==,type:str] wireguard: home: presharedKey: ENC[AES256_GCM,data:TXCvGNW0iU74TnC2tlYBGhGfiuQmscVq6EPRr8dcRVI23au7nm2xQU5Ubfo=,iv:drGxozD/d0kqxJckJNKo0U7trgjAOMpztCqCxX+IJx8=,tag:liDTEqzrN48UslLMSgn6iQ==,type:str] @@ -8,17 +9,17 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw + - recipient: age1nhh8v0z758te7ggg4p73mz5p00kum03zwnjr6czeh367xjzvm9dst3ufle enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZG5oSDZCdjBPalBOTDVU - aDJVaC9lSE9jZ2M3aEVaZTd0YXh3azBQTkdrCjc2QWFUN2U2ZFdRc1VSMXhwRTRu - N2VpY0haNElXVmhzVUhoZFNnNXYvc1kKLS0tIFRHRlJzS0J5b1J4a1dTSERmc2hy - NGxjNVpvQnU1WVoyQ2xDeE16b2JuWEEKiVqccRZfhp1mQ3ecnogxrIkC6EZq4kUG - kLJbBFwf1FkWZQgFq9tKNBf0vykjF0qnSDXn1xpIqht3B9Vtnggjvw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bDRqNDNqYnRDZno2QnFo + MjlvNWpZNjhabDBFV2VJSGFCaWlvd21Ybmc4ClhOS3VRQ1VySFJYZWZ5ZHV4RUFs + NVo4WlFrai9CTi9uTWJGUExKWnpGN2cKLS0tIFc0UStVRGpHR3hsQUR3elFIK3Nu + ekZEZEZVTzJJYXRIT2k0OVJmZUhzN1EKVK307/rhSMQA89hHUD0MH/vhzKnmWF7K + QoTpJ20WxzLfNuGqqv9IpdRTKOrxCDbj3MUEv6d6k+X4sSEaOGVQ1A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-17T18:33:25Z" - mac: ENC[AES256_GCM,data:korXgi1xEdCr18DQNFF5XwuFum3GinSLH+L5Mhhy1PHzGJ4S8WuutRONnbX4tw2p16XH/KPszA3u+ypo3IthEEJu8KrmlHhUrZiA2scWpNL3CEaDuNJ6CN9feLgS0FExYxWWQ7qLorTH1JuzRhg0aW3cKoTW32FscrAku/ni3pw=,iv:MskH0LE+xHCNYRvOiBVW173ePQsg22Fm/XUwS7Jzxwk=,tag:MVcDcUVVUtsIKbROWnboGg==,type:str] + lastmodified: "2024-11-17T21:25:05Z" + mac: ENC[AES256_GCM,data:qgPbH0i6difL063Nmy9EIAdkv9mq/ztGk8S8OAahDTddoUbJkC3EQUgS6lsd3KHbFBGopn1yMpuWkkOgNFc7nGy4QP0Mm8DpRaawA4vq5+QOh91CRTvQDujDw4EXEHqa27iR5dnbscU5zYMmta4Dl5FnK3ujraifdp67H1RCH0I=,iv:IZvXt93K54xshv5YcXur5MeDGPq+ROTxuFSC/B7eheM=,tag:ZFhh/yMfEMFqlerQNvMhCg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.1 diff --git a/nixos/default.nix b/nixos/default.nix index 2c2dc77..c929578 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -86,6 +86,7 @@ yq ncdu lshw + sops ]; };