From 0ee8546194c3719d731a1b818fca02f029907cf4 Mon Sep 17 00:00:00 2001 From: blake Date: Mon, 6 Oct 2025 11:22:01 -0500 Subject: [PATCH] 32 current 2025-10-06 11:21:59 25.05.20251001.5b5be50 6.12.49 * --- flake.nix | 2 +- modules/system/sops.nix | 9 --------- modules/system/tailscale.nix | 1 - secrets/secrets.yaml | 6 +++--- users/blake/blake.nix | 1 + 5 files changed, 5 insertions(+), 14 deletions(-) diff --git a/flake.nix b/flake.nix index 8bfc37e..3891eae 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ # flake for blakes nixos config # define new devices in outputs -# generation: 31 current 2025-10-06 11:12:32 25.05.20251001.5b5be50 6.12.49 * +# generation: 32 current 2025-10-06 11:21:59 25.05.20251001.5b5be50 6.12.49 * { description = "blakes nix config"; inputs = { diff --git a/modules/system/sops.nix b/modules/system/sops.nix index e0a79f7..a1acfca 100644 --- a/modules/system/sops.nix +++ b/modules/system/sops.nix @@ -30,18 +30,9 @@ in "tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable { owner = "root"; }; - "key1" = { - owner = "root"; - }; - "key3" = { - owner = "blake"; - group = "blake"; - path = "/run/secrets/HEHEHEH"; - }; "blake_pass" = { owner = "root"; group = "root"; - path = "/run/secrets/blake_pass"; neededForUsers = true; }; diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index 6a88077..af5c746 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -3,7 +3,6 @@ let cfg = config.modules.system.tailscale; authkey_file = "/run/secrets/tailscale_authkey"; - authkey_file2 = "/run/secrets/key3"; in { options.modules.system.tailscale = { diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 8215123..25fd4c4 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -2,7 +2,7 @@ tailscale_authkey: ENC[AES256_GCM,data:SU0k3asrJd+WZ86VbC4w8TDJp+MqsbyagrzCfDcgTzO5yvBjpWAKbJ7A+VxgQvdu4+S2jMYbdrONPp3YbQ==,iv:VMYmGVk5GpUQApKKQYhdOw/cYCXrXxEZJJwHfQL4MjQ=,tag:7ruaoCDxuFQ7tE/JLJ37Xw==,type:str] key1: ENC[AES256_GCM,data:gMml+RqSdw==,iv:P2EQv9dXrt2OViOknGkSZyqFu9QK50fx8ryKDBX6t04=,tag:2coTjqnria4T6DCyYa1w9g==,type:str] key3: ENC[AES256_GCM,data:Gk4/ZtLSFOR0MA==,iv:2QuQsQc8SoiDhlV1VJu1FX8Rso8QxPth22hr7KS22MU=,tag:siBpyqSze65eZtJbOm1ZUA==,type:str] -blake_pass: ENC[AES256_GCM,data:IMAQHFXu1Rc=,iv:jcdVxQpt51Ca5OO3S0GIkU5WyIkLfAutY/CncGKQ+S4=,tag:ujI6sh+0G9Mh7rcw5qHf6A==,type:str] +blake_pass: ENC[AES256_GCM,data:fpaWxiIdEkz6nff5BBE/uvTalsll7Jrn9Jmjt6H+3rV7GrEqSf69qBTDSxeOCYooO7NG9tPcD8hnxjbIos3hsTsNhl5Ki4J9VslukKtsEb1k0yLDy25ShlotythSULzddE3y6/54CG5jRw==,iv:6cL4kFjEQv4yOi7+uygw6uTYAwOJ88G3qJ6MUdmfNDI=,tag:9ESCewiw80BzW46MsCD5DA==,type:str] sops: age: - recipient: age14gfh682a7m7jfp3qrulql03x5rs7yedwmxwksxrrmgjsunstyuksqx93pz @@ -14,7 +14,7 @@ sops: U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-06T16:12:19Z" - mac: ENC[AES256_GCM,data:fjSJdnaLAc9Ol+apnSsEHH4SfAnI74RJajbP2uaVUV7oz1W/YwLoJhd0qf9HUUN7WxSt7NK4As3kCKO45Sa+5yj3xjuooeQbFNyMNNvjyPO2QR3Ht1fAj5FZvy/X7GNLKLpa8SFEvPNej+W0ET2jV5hXwciVkBd0ru4RvltGdLw=,iv:E1z1nl7jMv48gB3YmE6uTQE8N9zhxfA0Yilq8ZjFmjY=,tag:1eMkLrpi5jaIInaAYWz0jw==,type:str] + lastmodified: "2025-10-06T16:21:33Z" + mac: ENC[AES256_GCM,data:PammtAnK2l+xl7JVgjvBYklcHDBf/I/AdWb8pXpuATsPexTvCpO2p9tNamVJGliwj0ZTRwC85HcPAO4jKBKLQVpMFMmJyhcddqYD+t5xJCnZF4C1R7uCpPPvN6yuMFJFp2dnHi579ZR0D/UPJSNosLhdGLamgxo9u+83Qc6V/q4=,iv:37Uly4qvsihefzkmVQh7O7uOq+XIs3vGIZGYgQ0uTdU=,tag:QtVavsr+aflwm0YDOnBfMw==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/users/blake/blake.nix b/users/blake/blake.nix index 5b0866b..31dfad4 100644 --- a/users/blake/blake.nix +++ b/users/blake/blake.nix @@ -24,6 +24,7 @@ in uid = 1000; shell = pkgs.zsh; group = "blake"; + hashedPasswordFile = config.sops.secrets."blake_pass".path; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBK0AGJfZGyqW8/krvQV+PL7axcDW/EnKyHy9M8wryQx klefki" "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBPdC9cCX8awvA19Ri65fvbYjZYe8X1Ef+nOZAIv92AS6u4SkJYqOvPYfqRHXORNDpbzjTV6nackyCKvV5EO4niv4MFIgdkEQwuVHcYX32/dOsWdDoeXBT/l2sFFM7JESwQ== blake@zygarde"