add all hosts to sops

2024-12-16 08:34:43 +10:00 · 2024-12-16 08:34:43 +10:00 · b260b29a85
commit b260b29a85
parent 7478e0268a
6 changed files with 73 additions and 12 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,5 +1,14 @@
 # AUTOMATICALLY GENERATED WITH: $ inv update-sops-files
 creation_rules:
+  - key_groups:
+      - age:
+          - age17jtyn2y4fpey6q7ers9gtnh4580xj89zdjuew9nqhxywmsaw94fs5udupc
+          - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
+          - age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+          - age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+          - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
+          - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
+    path_regex: ^hosts/build01/secrets.yaml$
  - key_groups:
      - age:
          - age1kh6yvgxz9ys74as7aufdy8je7gmqjtguhnjuxvj79qdjswk2r3xqxf2n6d
@ -18,6 +27,42 @@ creation_rules:
          - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
          - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
    path_regex: ^hosts/build03/secrets.yaml$
+  - key_groups:
+      - age:
+          - age1r464z5e2shvnh9ekzapgghevr9wy7spd4d7pt5a89ucdk6kr6yhqzv5gkj
+          - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
+          - age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+          - age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+          - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
+          - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
+    path_regex: ^hosts/build04/secrets.yaml$
+  - key_groups:
+      - age:
+          - age1tc0yavxcq9hnf8rl5akv4twzaqkz5p9g80r2kf8cdv4urxgm4qnszccsy3
+          - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
+          - age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+          - age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+          - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
+          - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
+    path_regex: ^hosts/darwin01/secrets.yaml$
+  - key_groups:
+      - age:
+          - age1xpzexnaulzdjtnwstvgvtq2ar7nkk2lj46u96ewjvtgt7g47jsxs0mhag3
+          - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
+          - age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+          - age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+          - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
+          - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
+    path_regex: ^hosts/darwin02/secrets.yaml$
+  - key_groups:
+      - age:
+          - age158v8dpppnw3yt2kqgqekwamaxpst5alfrnvvt7z36wfdk4veydrsqxc2tl
+          - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
+          - age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+          - age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+          - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
+          - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
+    path_regex: ^hosts/web02/secrets.yaml$
  - key_groups:
      - age:
          - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
--- a/modules/darwin/common/default.nix
+++ b/modules/darwin/common/default.nix
@ -9,6 +9,7 @@
    ./packages.nix
    ./reboot.nix
    ./software-update.nix
+    ./sops-nix.nix
    ./telegraf.nix
    ./users.nix
    inputs.agenix.darwinModules.age
--- a/modules/darwin/common/sops-nix.nix
+++ b/modules/darwin/common/sops-nix.nix
@ -0,0 +1,7 @@
+{ inputs, ... }:
+{
+  imports = [
+    ../../shared/sops-nix.nix
+    inputs.sops-nix.darwinModules.sops
+  ];
+}
--- a/modules/nixos/common/sops-nix.nix
+++ b/modules/nixos/common/sops-nix.nix
@ -1,16 +1,7 @@
-{
-  config,
-  inputs,
-  lib,
-  ...
-}:
-let
-  defaultSopsPath = "${inputs.self}/hosts/${config.networking.hostName}/secrets.yaml";
-in
+{ inputs, ... }:
 {
  imports = [
+    ../../shared/sops-nix.nix
    inputs.sops-nix.nixosModules.sops
  ];
-
-  sops.defaultSopsFile = lib.mkIf (builtins.pathExists defaultSopsPath) defaultSopsPath;
 }
--- a/modules/shared/sops-nix.nix
+++ b/modules/shared/sops-nix.nix
@ -0,0 +1,12 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
+let
+  defaultSopsPath = "${inputs.self}/hosts/${config.networking.hostName}/secrets.yaml";
+in
+{
+  sops.defaultSopsFile = lib.mkIf (builtins.pathExists defaultSopsPath) defaultSopsPath;
+}
--- a/sops.json
+++ b/sops.json
@ -7,7 +7,12 @@
    "zowoq": "age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n"
  },
  "hosts": {
+    "build01": "age17jtyn2y4fpey6q7ers9gtnh4580xj89zdjuew9nqhxywmsaw94fs5udupc",
    "build02": "age1kh6yvgxz9ys74as7aufdy8je7gmqjtguhnjuxvj79qdjswk2r3xqxf2n6d",
-    "build03": "age1qg7tfjwzp6dxwkw9vej6knkhdvqre3fu7ryzsdk5ggvtdx854ycqevlwnq"
+    "build03": "age1qg7tfjwzp6dxwkw9vej6knkhdvqre3fu7ryzsdk5ggvtdx854ycqevlwnq",
+    "build04": "age1r464z5e2shvnh9ekzapgghevr9wy7spd4d7pt5a89ucdk6kr6yhqzv5gkj",
+    "darwin01": "age1tc0yavxcq9hnf8rl5akv4twzaqkz5p9g80r2kf8cdv4urxgm4qnszccsy3",
+    "darwin02": "age1xpzexnaulzdjtnwstvgvtq2ar7nkk2lj46u96ewjvtgt7g47jsxs0mhag3",
+    "web02": "age158v8dpppnw3yt2kqgqekwamaxpst5alfrnvvt7z36wfdk4veydrsqxc2tl"
  }
 }