diff --git a/.sops.yaml b/.sops.yaml
index 06999de..487a40c 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,5 +1,14 @@
# AUTOMATICALLY GENERATED WITH: $ inv update-sops-files
creation_rules:
+ - key_groups:
+ - age:
+ - age17jtyn2y4fpey6q7ers9gtnh4580xj89zdjuew9nqhxywmsaw94fs5udupc
+ - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
+ - age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+ - age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+ - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
+ - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
+ path_regex: ^hosts/build01/secrets.yaml$
- key_groups:
- age:
- age1kh6yvgxz9ys74as7aufdy8je7gmqjtguhnjuxvj79qdjswk2r3xqxf2n6d
@@ -18,6 +27,42 @@ creation_rules:
- age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
- age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
path_regex: ^hosts/build03/secrets.yaml$
+ - key_groups:
+ - age:
+ - age1r464z5e2shvnh9ekzapgghevr9wy7spd4d7pt5a89ucdk6kr6yhqzv5gkj
+ - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
+ - age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+ - age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+ - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
+ - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
+ path_regex: ^hosts/build04/secrets.yaml$
+ - key_groups:
+ - age:
+ - age1tc0yavxcq9hnf8rl5akv4twzaqkz5p9g80r2kf8cdv4urxgm4qnszccsy3
+ - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
+ - age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+ - age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+ - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
+ - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
+ path_regex: ^hosts/darwin01/secrets.yaml$
+ - key_groups:
+ - age:
+ - age1xpzexnaulzdjtnwstvgvtq2ar7nkk2lj46u96ewjvtgt7g47jsxs0mhag3
+ - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
+ - age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+ - age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+ - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
+ - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
+ path_regex: ^hosts/darwin02/secrets.yaml$
+ - key_groups:
+ - age:
+ - age158v8dpppnw3yt2kqgqekwamaxpst5alfrnvvt7z36wfdk4veydrsqxc2tl
+ - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
+ - age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+ - age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+ - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
+ - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
+ path_regex: ^hosts/web02/secrets.yaml$
- key_groups:
- age:
- age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
diff --git a/modules/darwin/common/default.nix b/modules/darwin/common/default.nix
index b956bbd..9807c35 100644
--- a/modules/darwin/common/default.nix
+++ b/modules/darwin/common/default.nix
@@ -9,6 +9,7 @@
./packages.nix
./reboot.nix
./software-update.nix
+ ./sops-nix.nix
./telegraf.nix
./users.nix
inputs.agenix.darwinModules.age
diff --git a/modules/darwin/common/sops-nix.nix b/modules/darwin/common/sops-nix.nix
new file mode 100644
index 0000000..cecba08
--- /dev/null
+++ b/modules/darwin/common/sops-nix.nix
@@ -0,0 +1,7 @@
+{ inputs, ... }:
+{
+ imports = [
+ ../../shared/sops-nix.nix
+ inputs.sops-nix.darwinModules.sops
+ ];
+}
diff --git a/modules/nixos/common/sops-nix.nix b/modules/nixos/common/sops-nix.nix
index 1e1e81a..9b69d1b 100644
--- a/modules/nixos/common/sops-nix.nix
+++ b/modules/nixos/common/sops-nix.nix
@@ -1,16 +1,7 @@
-{
- config,
- inputs,
- lib,
- ...
-}:
-let
- defaultSopsPath = "${inputs.self}/hosts/${config.networking.hostName}/secrets.yaml";
-in
+{ inputs, ... }:
{
imports = [
+ ../../shared/sops-nix.nix
inputs.sops-nix.nixosModules.sops
];
-
- sops.defaultSopsFile = lib.mkIf (builtins.pathExists defaultSopsPath) defaultSopsPath;
}
diff --git a/modules/shared/sops-nix.nix b/modules/shared/sops-nix.nix
new file mode 100644
index 0000000..ea871c7
--- /dev/null
+++ b/modules/shared/sops-nix.nix
@@ -0,0 +1,12 @@
+{
+ config,
+ inputs,
+ lib,
+ ...
+}:
+let
+ defaultSopsPath = "${inputs.self}/hosts/${config.networking.hostName}/secrets.yaml";
+in
+{
+ sops.defaultSopsFile = lib.mkIf (builtins.pathExists defaultSopsPath) defaultSopsPath;
+}
diff --git a/sops.json b/sops.json
index 133cf3c..c27512d 100644
--- a/sops.json
+++ b/sops.json
@@ -7,7 +7,12 @@
"zowoq": "age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n"
},
"hosts": {
+ "build01": "age17jtyn2y4fpey6q7ers9gtnh4580xj89zdjuew9nqhxywmsaw94fs5udupc",
"build02": "age1kh6yvgxz9ys74as7aufdy8je7gmqjtguhnjuxvj79qdjswk2r3xqxf2n6d",
- "build03": "age1qg7tfjwzp6dxwkw9vej6knkhdvqre3fu7ryzsdk5ggvtdx854ycqevlwnq"
+ "build03": "age1qg7tfjwzp6dxwkw9vej6knkhdvqre3fu7ryzsdk5ggvtdx854ycqevlwnq",
+ "build04": "age1r464z5e2shvnh9ekzapgghevr9wy7spd4d7pt5a89ucdk6kr6yhqzv5gkj",
+ "darwin01": "age1tc0yavxcq9hnf8rl5akv4twzaqkz5p9g80r2kf8cdv4urxgm4qnszccsy3",
+ "darwin02": "age1xpzexnaulzdjtnwstvgvtq2ar7nkk2lj46u96ewjvtgt7g47jsxs0mhag3",
+ "web02": "age158v8dpppnw3yt2kqgqekwamaxpst5alfrnvvt7z36wfdk4veydrsqxc2tl"
}
}