diff --git a/flake.nix b/flake.nix index 3891eae..3ec87cf 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ # flake for blakes nixos config # define new devices in outputs -# generation: 32 current 2025-10-06 11:21:59 25.05.20251001.5b5be50 6.12.49 * +# generation: 33 current 2025-10-06 11:32:10 25.05.20251001.5b5be50 6.12.49 * { description = "blakes nix config"; inputs = { diff --git a/modules/system/sops.nix b/modules/system/sops.nix index a1acfca..3000894 100644 --- a/modules/system/sops.nix +++ b/modules/system/sops.nix @@ -30,7 +30,7 @@ in "tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable { owner = "root"; }; - "blake_pass" = { + "blake_passwd" = lib.mkIf config.users.blake.enable { owner = "root"; group = "root"; neededForUsers = true; diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index af5c746..7517788 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -2,7 +2,7 @@ let cfg = config.modules.system.tailscale; - authkey_file = "/run/secrets/tailscale_authkey"; + authkey_file = config.sops.secrets."tailscale_authkey".path; in { options.modules.system.tailscale = { diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 25fd4c4..b3b2882 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,8 +1,7 @@ -#ENC[AES256_GCM,data:9A2p05BEY4NdZQ==,iv:QDSNH1BPOO7zbA1kuxvsAgRCXFGXVTZaFOelbgshONY=,tag:zx4jKl2fDXaU0UX1TDpwiQ==,type:comment] +#ENC[AES256_GCM,data:VsYgTuXjXtUrOQo7yJuA9i2Z3SiWNu8FhA==,iv:o/vqoZjcmZN9wLJ4m6nEIptfkoG+fwRHvC4g1mhQGFY=,tag:Efmz69DLXcP+WCd1TmMUsg==,type:comment] +blake_passwd: ENC[AES256_GCM,data:AfFql6/ghGhCDLOb4+QuAsDznz4hC4ilxZYCIH2sgBWX9tWXsUOgFw1k7CIhDoXIehz6YlTy0czekXPCqHL5gmIKRQTowU4svocw/Bl/Qz5CQ58RASB6YpnzOKTrwX7HCnu/ghpdMrcy2A==,iv:hMAkLcHjP0hiyCY4rhMU0Ae7jdYPa6MffEd2WGolbEo=,tag:p/6xmD8Te1RnFkp0zWw+ew==,type:str] +#ENC[AES256_GCM,data:ZxHtUSuOy19M0EKoT5xltFiqRg==,iv:72PJL2eG68VC4wiJFo6wL0l7AaDIsge8l/D/ZlLOWWA=,tag:Q16ztObK2AnbCCS5mRgjtA==,type:comment] tailscale_authkey: ENC[AES256_GCM,data:SU0k3asrJd+WZ86VbC4w8TDJp+MqsbyagrzCfDcgTzO5yvBjpWAKbJ7A+VxgQvdu4+S2jMYbdrONPp3YbQ==,iv:VMYmGVk5GpUQApKKQYhdOw/cYCXrXxEZJJwHfQL4MjQ=,tag:7ruaoCDxuFQ7tE/JLJ37Xw==,type:str] -key1: ENC[AES256_GCM,data:gMml+RqSdw==,iv:P2EQv9dXrt2OViOknGkSZyqFu9QK50fx8ryKDBX6t04=,tag:2coTjqnria4T6DCyYa1w9g==,type:str] -key3: ENC[AES256_GCM,data:Gk4/ZtLSFOR0MA==,iv:2QuQsQc8SoiDhlV1VJu1FX8Rso8QxPth22hr7KS22MU=,tag:siBpyqSze65eZtJbOm1ZUA==,type:str] -blake_pass: ENC[AES256_GCM,data:fpaWxiIdEkz6nff5BBE/uvTalsll7Jrn9Jmjt6H+3rV7GrEqSf69qBTDSxeOCYooO7NG9tPcD8hnxjbIos3hsTsNhl5Ki4J9VslukKtsEb1k0yLDy25ShlotythSULzddE3y6/54CG5jRw==,iv:6cL4kFjEQv4yOi7+uygw6uTYAwOJ88G3qJ6MUdmfNDI=,tag:9ESCewiw80BzW46MsCD5DA==,type:str] sops: age: - recipient: age14gfh682a7m7jfp3qrulql03x5rs7yedwmxwksxrrmgjsunstyuksqx93pz @@ -14,7 +13,7 @@ sops: U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-06T16:21:33Z" - mac: ENC[AES256_GCM,data:PammtAnK2l+xl7JVgjvBYklcHDBf/I/AdWb8pXpuATsPexTvCpO2p9tNamVJGliwj0ZTRwC85HcPAO4jKBKLQVpMFMmJyhcddqYD+t5xJCnZF4C1R7uCpPPvN6yuMFJFp2dnHi579ZR0D/UPJSNosLhdGLamgxo9u+83Qc6V/q4=,iv:37Uly4qvsihefzkmVQh7O7uOq+XIs3vGIZGYgQ0uTdU=,tag:QtVavsr+aflwm0YDOnBfMw==,type:str] + lastmodified: "2025-10-06T16:30:00Z" + mac: ENC[AES256_GCM,data:Lc9DMTOwf4y8lqMzNWYgix4rn6VdSkkaAtoOWQznCTtcj0t4wUm/nN0zhI/IQgH/t5pPL5SkNEnEcwlI0aIwbA2QLUxngHxGedA8pwVH/gJwmwVakrJOhc5IiFGhwdgzmT+EajTHQu8poBVw53Eg8lxXDnns3p3sKGO0kkvxJ8c=,iv:kxNAxe+4dm2BcYN138tlJijX3ABBGZ7QutlUDbz/ojs=,tag:faFUfxgvsr6qWmylQVYgog==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/users/blake/blake.nix b/users/blake/blake.nix index 31dfad4..409a82c 100644 --- a/users/blake/blake.nix +++ b/users/blake/blake.nix @@ -24,7 +24,7 @@ in uid = 1000; shell = pkgs.zsh; group = "blake"; - hashedPasswordFile = config.sops.secrets."blake_pass".path; + hashedPasswordFile = config.sops.secrets."blake_passwd".path; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBK0AGJfZGyqW8/krvQV+PL7axcDW/EnKyHy9M8wryQx klefki" "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBPdC9cCX8awvA19Ri65fvbYjZYe8X1Ef+nOZAIv92AS6u4SkJYqOvPYfqRHXORNDpbzjTV6nackyCKvV5EO4niv4MFIgdkEQwuVHcYX32/dOsWdDoeXBT/l2sFFM7JESwQ== blake@zygarde"