From 6e6e95cd314816a3dbf789a91b3ace2fb7b060c4 Mon Sep 17 00:00:00 2001
From: Freya Murphy <freya@freyacat.org>
Date: Fri, 24 Jan 2025 13:10:41 -0500
Subject: [PATCH] use single secrets file
---
.sops.yaml | 3 ---
flake.nix | 2 +-
hosts/{shinji/default.nix => shinji.nix} | 2 +-
hosts/shinji/secrets.yaml | 23 -----------------------
nix/programs/sops/default.nix | 3 +--
5 files changed, 3 insertions(+), 30 deletions(-)
rename hosts/{shinji/default.nix => shinji.nix} (99%)
delete mode 100644 hosts/shinji/secrets.yaml
diff --git a/.sops.yaml b/.sops.yaml
index 64573f3..bb1aff9 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -10,7 +10,4 @@ creation_rules:
key_groups:
- pgp:
- *freya
- - path_regex: hosts/shinji/secrets.yaml$
- key_groups:
- - pgp:
- *shinji
diff --git a/flake.nix b/flake.nix
index 58cdb6c..7268eef 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,7 +26,7 @@
options = import ./options.nix;
in rec {
nixosConfigurations = {
- shinji = import ./hosts/shinji { inherit inputs options; };
+ shinji = import ./hosts/shinji.nix { inherit inputs options; };
};
homeConfigurations = {
diff --git a/hosts/shinji/default.nix b/hosts/shinji.nix
similarity index 99%
rename from hosts/shinji/default.nix
rename to hosts/shinji.nix
index d1a02a8..ae06141 100644
--- a/hosts/shinji/default.nix
+++ b/hosts/shinji.nix
@@ -12,7 +12,7 @@ inputs.nixpkgs.lib.nixosSystem rec {
specialArgs = { inherit inputs; };
modules = [
options
- ../../nix
+ ../nix
{
# options
hostName = "shinji";
diff --git a/hosts/shinji/secrets.yaml b/hosts/shinji/secrets.yaml
deleted file mode 100644
index 5bb89cf..0000000
--- a/hosts/shinji/secrets.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-freyanetWg: ENC[AES256_GCM,data:TlaDyx3E6Gez8HHiihFGIGfVedLx9xXSzBNEPmZYC3rqWEHHTfsMh6xL5l8=,iv:qdygQeUQkpVCWOYJ9BLsBtN/F0sYU4fTKz+/Az1QyOg=,tag:88yeDqXtcHshVRiinn2Bsg==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age: []
- lastmodified: "2025-01-24T17:54:22Z"
- mac: ENC[AES256_GCM,data:IfPObEnZ46RUXjHwK4ibIlfwveqYaOHPtKgIhLjBuuElPHfvhSqgeN4KEwTDPnk38F39qRiyDA3TlEZjIvC856t+a5FG7UkdQRkOkotcqMPwtmEHz5YXw0gqMny7y4+iFMvog0NQL94ptodD0kD/OoJKt/2tGmm9Jv3yBO/qqwo=,iv:BGBONzCHiWLhS0AX9Xa3Rt8dZTzDEGWS0jr72GAx4bc=,tag:SIJyE/xWuxf2U2x2+1cX4w==,type:str]
- pgp:
- - created_at: "2025-01-24T17:54:22Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4D/YCJcy0T0DkSAQdAxr7yRTBbTqekdXYr4apLlMvUa00t07itX1tUfrQcQjsw
- spxEodkxhj5ZiD/ohAQRBzhwMN+xhqo69b+yfRPYke1IXc8CqeQAJHGXZKxhlOPO
- 0l4B7AD9YlNgegBsUhFm/7ll5t1oTy3xXzgVKpWhpqAnyMqzyKx7gZcZagjaRaDn
- aMITJxTBRU8cmuZazUvu5O2lUKqFCj9Au/wP42eUWQphzsxKkGeYsnqr1z417N83
- =qn+4
- -----END PGP MESSAGE-----
- fp: 2A8A27879715447AEEC59D0C18DCCBE353963394
- unencrypted_suffix: _unencrypted
- version: 3.9.3
diff --git a/nix/programs/sops/default.nix b/nix/programs/sops/default.nix
index 2447935..c8dec69 100644
--- a/nix/programs/sops/default.nix
+++ b/nix/programs/sops/default.nix
@@ -17,8 +17,7 @@ in
];
sops = {
- defaultSopsFile = config.dotfilesPath + "/hosts/${config.hostName}/secrets.yaml";
- validateSopsFiles = false;
+ defaultSopsFile = ../../../secrets.yaml;
gnupg.home = config.homePath + "/.gnupg";
gnupg.sshKeyPaths = [];