tstarr/dotfiles
1
0
Fork 0
mirror of https://github.com/starr-dusT/dotfiles.git synced 2024-10-05 20:06:16 -07:00
Code Issues Packages Projects Releases Wiki Activity

remove secret management with chezmoi

Browse Source
This commit is contained in:
Tyler Starr 2024-01-14 23:17:05 -08:00
parent 531c7b3fc8
commit 35e0639e4a
7 changed files with 5 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
home/.chezmoi.yaml
View File

@ -1,2 +0,0 @@
secret:
command: "cat"

2
home/private_dot_ssh/config
View File

@ -1,3 +1,3 @@
Host github.com
AddKeysToAgent yes
IdentityFile /run/secrets/github/starr-dusT
IdentityFile ~/.ssh/keys/github_personal

0
home/private_dot_ssh/keys/.placeholder Normal file
View File

6
provision/modules/system/secrets.nix
View File

@ -10,17 +10,11 @@ in {
defaultSopsFormat = "yaml";
age.keyFile = "/home/${user}/.config/sops/age/keys.txt";
# Github secrets
secrets."github/starr-dusT" = { owner = "${user}"; };
# Wireguard secrets
secrets."wireguard/kestrel" = { owner = "${user}"; };
secrets."wireguard/bulwark" = { owner = "${user}"; };
secrets."wireguard/adjudicator" = { owner = "${user}"; };
secrets."wireguard/torus" = { owner = "${user}"; };
# Homelab secrets
secrets."homelab/tstarr" = { owner = "${user}"; };
};
};
}

8
provision/secrets/secrets.yaml
View File

@ -1,7 +1,3 @@
homelab:
tstarr: ENC[AES256_GCM,data:gX6v3mQ7IhQ=,iv:6JYfIZrlWlmgSG7zgkNUkQqk1rz0Hdku+eFyzt+1TLc=,tag:QNRsQ7ML7UrBbTtPT20kbg==,type:str]
github:
starr-dusT: ENC[AES256_GCM,data:/188MCdN6ls5tJ2URQ4hz2Ku7bOHPsR3/i2t9oH3HSwGEzghpwFfasc20mb5AXMa0+SUWRxfd5xKESo0nlnHlM4OCuS2oNG04Y1KXxCYb71EgKn4GhCY8H3/LN7AdlJ9yAi3wEk3cYZUPHTAmTgxuegiJ3+VlZpjikKDM/fvYq7Nl5SPdRrDrjTDEKn8pgeGoBYQnCTSAl86kVRzSqvkqCNThu4f+ipXw2vBCz0nN8aCj/OyTQwNUerPNiWzzCRN9rQr2cGKMiZ1zqpGalBFfmxhNpZxDzSHbvAA5Q69IG+Uka0dSaafPYTw6r8imEp0jHy8GfVHF/nhSv3wwMBjqBd1iVeyZ5EAYTUoMD3hlxASUnSL6OZkPlEZsEue5eGp0r5T7zwejefcxQ/4Tn46xKezybck4pjIb3txSl8Hvsjt78+CNO3Uw2k7B8SM6xsN7igYfcLXuUi1vYCB3Yhr6pRbEU5dAaLNYIPCTfX7tpFYHF9Xh6d60Y5YsgoXg3TNB+sbzkdvvT6q3w==,iv:fZ7nConYY/OhIqHrxxKXUuugMrKjvVBFuTFgq+w/yvM=,tag:awLu6xhqtJOkEGkde50vzQ==,type:str]
wireguard:
kestrel: ENC[AES256_GCM,data:RLDesKMUtpurv+C2YkxMcbBdiP6cHHUGRCYkgO5Qf6FZLxl4vKRyhTdDzWc=,iv:V/9bpCMTT9YQ8QCNYdpfrhu0lc4Yt5Eu0DJMc0uZkNA=,tag:kFnN7GwT4UKqUyvOdlbXxg==,type:str]
bulwark: ENC[AES256_GCM,data:wMMZ1zJ2nPvkAFA5SgcSyl1z+9blDqf/6pVp8olmGaXJsbWc+/gBtDKzTog=,iv:2lZdsFYZhiTumRmYN/q2606gpyS7lCjf4cgeaCIjoxo=,tag:o81+t3pRwfomEys1veQecA==,type:str]
@ -22,8 +18,8 @@ sops:
ajM3YlJYU21PaHRyaGlUNy84RHN2SE0KAvMFdqnfV0TzfNcBdY7OvRLZrBb9uXSI
3y50yFhYnyXtWKLQFTwjN6S5dLaZgqhaGhEQyNCQxb5RGZJDR6g7Yw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-25T10:16:12Z"
mac: ENC[AES256_GCM,data:tlvq7Upl9+ci0chBo/y8IkNPjLuuh0srnqD3iiPTs1VCk6aW7E7ZWcoV8WH9HkD+xlD82mfs4500VPk/UC6Pe9d+BJX5PYqxPRp5sTQacjScC4y0TeMmTEaXwcsYo0faV1JSPCM5v1WmtRtE7GE7awewoIGs5q27TWoP6lBhafY=,iv:WWdfK4e9jt7WV8M5ACZ/tnaNDNiiihy9kauCbk/auu8=,tag:euzBqYNvaOxIB6Qu02UVvA==,type:str]
lastmodified: "2024-01-15T04:40:44Z"
mac: ENC[AES256_GCM,data:SI6uxdQzkiAUflCcJa+l9tKa7xJSQqryr1jZPhxolvRyJy2lqWA3ppgdbFOuFFRFTGLMfVi+pITKRh1vCt/j2+5A0YP4uy5Hwslzaj8n6cawOpqQIQgz7QG4tPpp1iSMG5iOUG2nVIx0Sj6UbrE6F7BlkV6puOSsYanGh6YmMSY=,iv:wytyJU6RIxeZTk4RWoIM4UFvstkh/HNqsYa1Eyr1gUA=,tag:cAy2oRKm2sCjF0SrXClS8A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

2
home/private_dot_wireguard/adjudicator.conf.tmpl → resources/wireguard/adjudicator.conf
View File

@ -1,7 +1,7 @@
[Interface]
# your own IP on the wireguard network
Address = 192.168.3.2/24
PrivateKey = {{ (secret "/run/secrets/wireguard/adjudicator") }}
PrivateKey = <replace with secret>
[Peer]
PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=

2
home/private_dot_wireguard/bulwark.conf.tmpl → resources/wireguard/bulwark.conf
View File

@ -1,7 +1,7 @@
[Interface]
# your own IP on the wireguard network
Address = 192.168.3.4/24
PrivateKey = {{ (secret "/run/secrets/wireguard/bulwark") }}
PrivateKey = <replace with secret>
[Peer]
PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=