moved secrets.yaml

2026-04-17 04:58:19 -04:00 · 2025-01-07 00:32:42 -05:00
parent 15234fa2bb
commit 71e6fa377c
4 changed files with 68 additions and 60 deletions
--- a/users/richie/default.nix
+++ b/users/richie/default.nix
@@ -5,8 +5,17 @@
 }: let
  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
 in {
+
+  sops.secrets.richie_password = {
+    sopsFile = ../secrets.yaml;
+    neededForUsers = true;
+  };
+
  users.users.richie = {
    isNormalUser = true;
+
+    hashedPasswordFile = "${config.sops.secrets.richie_password.path}";
+
    shell = pkgs.zsh;
    group = "richie";
    openssh.authorizedKeys.keys = [
--- a/users/richie/secrets.yaml
+++ b/users/richie/secrets.yaml
@@ -1,57 +0,0 @@
-my_secret: ENC[AES256_GCM,data:90kRHkDdhuBhskNGeA==,iv:2LTCXQyPJoddxbgCDX+sA8YPEZjS+2V9ZVKYu0dD1WE=,tag:d7wDFBnBwcCuhX+w8gOvaA==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTE5lQ001N3dBTTluU3Bq
-            TWNwWG5SVURnMFJ3Z21UemlNVHI0dDVMVTB3CjVtK1VBZXFQQlZUckRGM3QyQnhs
-            eVdhc2c2dHQ1MXFWMmlpS2JpZTBGZWcKLS0tIEluL0ZKZWJXVGtlbUJCcEFTYWtB
-            ZU5rSHUyR0doWUQyMjJWaUZ0NzNPYncKXnx2/Kg+NGO1ApyVjd2CeWXphgg4zZSL
-            D79j5NhPrk6Bhr3IcwD6hc0OPZ74pw6mg14yzBFglrw82WZdDnAHxw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1q47vup0tjhulkg7d6xwmdsgrw64h4ax3la3evzqpxyy4adsmk9fs56qz3y
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WFhiMURJSkdOUVhoNGxo
-            R3NWdVJvSUZKMFduM29wTkJDNGszOHdRRTBvCmUxQkhrV1dyV2tJMmcwZHNjOXcv
-            NUdIeDl3R0o2d2M1R3AzV3k1SkZhc00KLS0tIGhEVEtvVGtBdEcrK3ZMVUhuYklv
-            WXMyUkZZVmRERENOSldCcDB4OHQ4NVEK81zddZggn7+TzANzjMkjbpnCOHtX4TcA
-            2F/Uin4RVD8ECdcoLLeTddo8ILIC4dQ9bD1TA3Wu23v0qsP6KkhczA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age13lmqgc3jvkyah5e3vcwmj4s5wsc2akctcga0lpc0x8v8du3fxprqp4ldkv
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQelZhczRxNHJPdFNPd2R1
-            VkFTUFJ2N3FLN1VvU1BqN0JqV2VyVVFUUzJnCndQWjYrS2lYbzRROFg3VGtMb3BP
-            NDlYYkhuRGZCdjVncHlXV3ZHcHZ1U0EKLS0tIEM4MUVkaDU4QlphWm5VM1RjbWR2
-            R0Y0d3lJNlMvZVEvTnNwbC91YmNoMU0KErYP7q4xGVCyF4GGGEkaydMjFQ8759ER
-            o9+vtEjJme9AQosa3T4uuATIebxBzqpheRHmvxyNwdt9pZtWvaROng==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1yxx8uwxkugvncseatftkxttnmy8888wxemtygdkzhfzj5fzzfvgsuj3hn2
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSWFkeHI2UHdZN1RhSlV3
-            dlNtWGlkWW95WjdhZTl1VzBvT0V4VytNOVN3Cmd6ZTEvNmJEMUt6bVRKM1hlUE1n
-            ZlA5TVNpWm9PUWpXOG9JMUhtRk5aUnMKLS0tIDJBd1RWQ3RmSzJPNjZ5ZTdMZFlZ
-            UHhwbURCdHdFOGppZXVJcGFvMWNWTVkK90smB4htJ4aN52zFVpGUYwkledxpGdUr
-            so6rQ3FfXsE7ik/+f89hPXZJUZLxpO+ENIWitMvH1ZNFmjz3uT+NYA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1xzxryqq63x65yuza9lmmkud7crjjxpnkdew070yhx6xn7xe4tdws5twxsv
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadlVCTGRWY0trNnViTm1u
-            NVFBUW1GbVVxOUtpRUt1dElPNFU3clhLUngwCldWa1UzUms0QlJFRngzQitPek9O
-            c3Z3S2FpRXMrYWU1bFdrUDlzdUwxSW8KLS0tIHg0M1NWWXRTY0swUmw3MXpQQ21o
-            Q2IyU01yUjVYWFUzVEsyR1dyYlVVTWMK7+3zPVmkQ1lpFmD7f+rpDHVCtmBrZ/sH
-            5D8FEbUfqu4l7LDCrtJ8LBBSvntwkcVKQlBu3fwBIDqhgOy9fGjZWA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-05T20:53:12Z"
-    mac: ENC[AES256_GCM,data:FbzvVgRSBBQ39ppKY7CmPghmkwgvSH8tW3aEC2VD90Xb7YypthnCYTos6Igmv/LkF77F4gkpoF3IT2KqkXJbAZ478ZD412sSkKtOl/A3dWtVkdMSgO8Lv/jvyC6/HtF3MEFHtUM8eG+2brQOUIwWg9fcT+4iaxfEBvJV8duW/XE=,iv:WRWaBWRrB8AthHbtHlNVfcrL0N31g3Z5uAYbeEN1jm4=,tag:qQW69HfEKNmPkeZw4nncwg==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.9.2
--- a/users/secrets.yaml
+++ b/users/secrets.yaml
@@ -0,0 +1,58 @@
+richie_password: ENC[AES256_GCM,data:XpDkJ/DXQWVuqzbqod9NsQ44WLwu2wMePjtiT8r0tZBeCUGY4g9hXDUUYdt/W5E62HQ7adpnkrQiqaV4X0OHvZH959rLjcYCRA==,iv:3kOljaQbdvqAjb3QlEy38V6AhWp3Gfn8ny9SnPOaw/w=,tag:JZMkf/C04thmljr76UdTxQ==,type:str]
+gaming_password: ENC[AES256_GCM,data:mk3AitOvkCaY/xSmvxi5uXYjGWORlqhfLQSeYBXJwAFv804yIyGyCL14ssTKdChVt+A+db8wRAPEZxplPDQPQoe7IBvLrbNwhw==,iv:z3jS/EhouJTtTP53e01DpJAB6o2h+v6PeVlg+I5txP0=,tag:IDByYmYGGvoA+shFFf0g6Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqR1lUREVMR3hyTTFNZ3U0
+            NkFkY202RGtMS0taTjRnOEd4OGlsZ1VORUhFCnIxUlV1eS81N0U1NXpOcWYxSUU0
+            WER1cFY3a2lWU01tTUQ2Vk5VK2JmSDAKLS0tIHUxL3F5UWZ2aUwxd2JXZG5ybE9w
+            d29oZ1poZU5ZTlgxMmlsVWpoMUtFYjAKdRoXdqxfxyOL++pP0izdUuZngMcF24ne
+            OJ6kVJexJF9Hu9InwPeDtRboMhMi01gt6L5a47hOX5FUsi+4HbeVLQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1q47vup0tjhulkg7d6xwmdsgrw64h4ax3la3evzqpxyy4adsmk9fs56qz3y
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBWmJZWDZtWFJaTCtmdVNG
+            QkNiK1hFdWlnVFp0ZG01V1A3cFdtU2xGN1NBCm1oeXlLT3NYMC9lZDlHSnJGQUc1
+            RnppNjc0QnBqSW5XTWUxZExBMHhORDQKLS0tIHpJNDJBU25COGR2dlg5em5YcGZB
+            VTBqRjhZWkdmdVdoa0V0VmIzdm5hbTgKEa9hW6jU538meU2Sm//b7OUBqqjAHHL5
+            rluVCSMcrcoVtui0mB8vMoKeh6/n/qRLe38a/puvAj0q/PolN9ZEhA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age13lmqgc3jvkyah5e3vcwmj4s5wsc2akctcga0lpc0x8v8du3fxprqp4ldkv
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVlp4clVEb3Y4d0hzSEtW
+            dUMyb3V1aHlMS0Fvc0lGU3doRjE3SVFrNVdFCkpTQ1k2RTBIb2tzQ3UxajlPSWhY
+            ZzkwUWlDYWROZXpHMlFVaTM0MFlpMXcKLS0tIFNUN1QyRk41WkhPblZMbVFXNkZi
+            N1RkUVc0N0hIaUs3RXpXTWpDZTBOUXcKgOW6IV1mh3q8NT2Ky9EKlywWBaaCn5ML
+            bhfmmvt1Fndh2ys3poxODjNDiow34VxwhS+Ou0HsxsJ7zu7VvmPh0w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1xzxryqq63x65yuza9lmmkud7crjjxpnkdew070yhx6xn7xe4tdws5twxsv
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnOXR6SWh2SlBWdjZVL3F1
+            ckd4N3JKNkkzYWtlRWN2QUFob3FJRkxQU1RNClllMDFMRE80ODROZDR3Y2g0Z2xs
+            aXJORTI1azEzbnhJMkZiNmNKZDBsOVUKLS0tIHZjV3BXaG9WVzNzVDZHYVdmOFdM
+            S3hZMkgvYkl5Ky9uYmpjVHpFUlMwYTgKIHxHRPMgEAgQNXg5lK2QkdBjMcamlxSp
+            HEoT/APYI/NN3V2l7mgfiH/fn2FXGdd3Ct5mqwp25GUYIp45zN3pqA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ufnewppysaq2wwcl4ugngjz8pfzc5a35yg7luq0qmuqvctajcycs5lf6k4
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXSnNxaDVSbUJ2Y1NSc0hV
+            TWhzNzNRWTNhV1BBMFhPeVQ5eHkzb3Bkams4Ck1YdDExcU1WdExEQ0M1VXZpUzBV
+            L0xSTENrOEZlOU1XUHNUbEtHbURSK1UKLS0tIEJkaE9QOUdzN1VDbWFTSWd6RkY4
+            UzQzWEFtSDJwR201cmZoeXh5T0RmSk0KWLOpw5cWbtnfVP/ISa7n1vZchoD+nxmn
+            7yr7igpEIro0Sd238KinOQYswVaT0NHB9p1dSW/mN+aGQliSNLzkDQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-07T05:29:07Z"
+    mac: ENC[AES256_GCM,data:UQdrRT/SHTxHeX2AORJ3N7oc5MDIE6kcWw/KecYGarQ0+ToUST+WOIiiPauM7xUt0nwT2FpU/sArVpjLsldUd4JjeErh6yvfRfYgW+K3w/m7G5LdRlU7wDB1FoNkX/Caue56Vcd9qcF5mBelp6pwaAvjK+EmTHM0TEf/OKN8Aws=,iv:D+70S9dZerl27sTNb+yDfnue7fufWj6fQIbPmP5V348=,tag:Lvjok0HBVtagverUSuxYQQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.2