base: add sops keys for everyone and everything

2024-04-01 23:45:29 +02:00 · 2024-04-01 23:45:29 +02:00 · fde69ca283
parent 06bd93e5d1
commit fde69ca283
3 changed files with 10 additions and 0 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -17,6 +17,10 @@ creation_rules:
    key_groups:
    - age:
      - *host_jokum
+      - *host_ildkule
+      - *host_bekkalokk
+      - *host_bicep
+
      - *user_danio
      - *user_felixalb
      - *user_eirikwit
--- a/base.nix
+++ b/base.nix
@ -84,6 +84,12 @@
    settings.PermitRootLogin = "yes";
  };

+  sops.age = {
+    sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    keyFile = "/var/lib/sops-nix/key.txt";
+    generateKey = true;
+  };
+
  # nginx return 444 for all nonexistent virtualhosts

  systemd.services.nginx.after = [ "generate-snakeoil-certs.service" ];
--- a/secrets/common.yaml
+++ b/secrets/common.yaml