From 9c83729db0e82d36180e1fbc0080daf7e303fec3 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Thu, 13 Jun 2024 09:01:57 +0200 Subject: [PATCH] Deploy sops age key with homeage --- home.nix | 7 ++++++- secrets/secrets.nix | 1 + secrets/sops-keys.txt.age | Bin 0 -> 397 bytes 3 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 secrets/sops-keys.txt.age diff --git a/home.nix b/home.nix index d19f243..0f92ad3 100644 --- a/home.nix +++ b/home.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, ... }: { +{ pkgs, lib, config, flake, ... }: { imports = [ ./modules/home-manager/neovim ./modules/home-manager/firefox @@ -188,6 +188,11 @@ homeage = { identityPaths = [ "/home/pim/.ssh/age_ed25519" ]; installationType = "systemd"; + + file."sops-keys.txt" = { + source = "${flake}/secrets/sops-keys.txt.age"; + symlinks = [ "${config.xdg.configHome}/sops/age/keys.txt" ]; + }; }; dconf.settings = with lib.hm.gvariant; { diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e542a9a..3c11e2d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -13,4 +13,5 @@ in "syncthing-cert.pem.age".publicKeys = publicKeys; "keepassxc.ini.age".publicKeys = publicKeys; # Secret agent causes private keys in config file. + "sops-keys.txt.age".publicKeys = publicKeys; } diff --git a/secrets/sops-keys.txt.age b/secrets/sops-keys.txt.age new file mode 100644 index 0000000000000000000000000000000000000000..fcb41851c3e0149c12c980b234ad9acfd580fc4f GIT binary patch literal 397 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlaSRA8FIULQ^~nxR zj7ZH(u?%tz^-lFPFe(gk_00%R3Jmkj3iC)b)UQm-Np%S^NanIMEGe`IF7!?bFLo~V zb2jz%C@JwU&I@#O3Nv-jj*M~-4$cj6%r-L1ut2x1%qc3%G+jZvGO*OwFD%bH)JWgO zBqFsk)Z8p7JjvN2EIr3FBGlNs($Uk{Ki56kIGHOmKgB1sC^W|>EWEfVzrd)(&^;-y zGR-f{JKrKaEhwTaC&)|NxilcpFP%$QS63k~*;79(J;gc2FWKG8skkh$)FV5{B0a^h zAl1}6v&5j#Ey$oEsw&$&v6$=m^rNDGO=|pP|1CTyAmtISEYIbI!tS{$ESJc*k#(HoiGOho_FCeo13+%fmZ!&Oc_DmS@uO g|4jd{SN04lahue13$kZipX@MqmzmNb%b!*T0C~`o{r~^~ literal 0 HcmV?d00001