Commit 250e987
Changed files (6)
secrets
secrets/base/default.nix
@@ -11,8 +11,5 @@ let
in {
sops.secrets = mapSecrets [
"github-access-token"
- "mihomo/providers/yi_yuan"
- "mihomo/providers/mo_jie"
- "aria2-rpc-secret"
];
}
secrets/base/secrets.yaml
@@ -1,9 +1,4 @@
github-access-token: ENC[AES256_GCM,data:Ca/NER89MA1sF+bGc6Tcz/OVr7vlu7fh6p0eZWEONQ9HvkNeXN1aB3duWLTCWUTv+qvTYXrNicOTVFpLdlpaq3oJhZno+l6jbDu00DIOFUFyg8VfOXXZYPxlCx/K,iv:e+nTOBn4GAARFDXdWOEGZYMvzgjFUwxfk2BmY/Xm/A4=,tag:UuvOUtZ5LbFyy3JAEux40Q==,type:str]
-mihomo:
- providers:
- yi_yuan: ENC[AES256_GCM,data:7K18ggNPbJvU5De/VyLUXkM8gVysDpElw3+Cyt9HXa9yYg5hCcjgndg9f7yg49yjkiS4oAbhsxibte48jW3U+c7hYvV2emaCnbbAiojGY9E06XsH8U3yYxUJu74emvE=,iv:bZtmdTaDR4jR9phF+f8rW/bSEWHHJrykb09oFDlTOiM=,tag:IpOhT9bSibdiwrCDu678aw==,type:str]
- mo_jie: ENC[AES256_GCM,data:4LlsSgySGC8OijK6NsWZv9MoBN7qlrpypM5K3aXa8peMWrCBsefAi37QhDBAaXPPVkYYgmYDV5lTsp+XOCOvDoNj463vgVIvR4fFpImI6g==,iv:j0470ctmLb2zQfpROewDbreKmqSYa1eBKPFe0POz8mE=,tag:qWn0iwihXPii7cnJWG6f2w==,type:str]
-aria2-rpc-secret: ENC[AES256_GCM,data:PhM3uSWJ8BvKYQ==,iv:CT3NRT3nnEGlUohZ6evqqQ7crUJKT4/D+VYEKKxQTMs=,tag:cmi6CCS+FHVZGtNdDEnTJg==,type:str]
sops:
age:
- recipient: age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
@@ -15,8 +10,8 @@ sops:
Yi9ZV013dWo1NjlEbkREMlYxL3FZS0EKMStYByW8u5mTQ+ZthgWqTTOsjatJVuFo
5bOZw/lgD5L6XcSb+xWbM21dlV/Vn7ulMsTHM7FE2Z36OGQc0cwQUA==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-06-24T17:37:56Z"
- mac: ENC[AES256_GCM,data:dUOejuUQVtnvBANiuRbaurODpvLrnhZ5+cME1Le5mfh5srwXIWBiIAgHt7iI7ylGWCEVE5BcdWqvs5uOG9Mrzrht9p6xpe3bd+1ATjUq+dqpzTU689mKtqOjlB+XyeYgEoE+0LHp7fn3KiriifMoSef2+8FzCO1rqqwH2GXajNw=,iv:o3MEWUj8mYMqYLzXBlxqvp2yijSmtINzxucW/UL9JsE=,tag:7tX9uugomqo7kIatE/fmmA==,type:str]
+ lastmodified: "2025-07-13T16:55:44Z"
+ mac: ENC[AES256_GCM,data:avJXHLxu1WPUILzgUpDVobGbhABJq/yKJExBVZx56KN0gMM/Q7GzSoK4GAglw6nrJSLbYwHN/IzH3X/rR5Z1YYD/imHJO/rO5YCMYlnZvXXk/9Hif4bi5e8NdyuWrNGXrSYfUU68x9VVEGF0UWTFu+TAQihXvrx4LLA9J6dmetw=,iv:KgD3mAtonjL6l2WNkcfAyw7NxSxRUezEwNlImQ+9fLY=,tag:tsJaOH2TJFVqdcjLQ4xVTQ==,type:str]
pgp:
- created_at: "2025-06-03T17:06:45Z"
enc: |-
secrets/nixos/default.nix
@@ -0,0 +1,17 @@
+let
+ mapSecrets = keys:
+ builtins.listToAttrs (builtins.map (k: {
+ name = k;
+ value = {
+ format = "yaml";
+ sopsFile = ./secrets.yaml;
+ };
+ })
+ keys);
+in {
+ sops.secrets = mapSecrets [
+ "mihomo/providers/yi_yuan"
+ "mihomo/providers/mo_jie"
+ "aria2-rpc-secret"
+ ];
+}
secrets/nixos/secrets.yaml
@@ -0,0 +1,32 @@
+mihomo:
+ providers:
+ yi_yuan: ENC[AES256_GCM,data:s+aeWYDpUzCJikFdwLaa5bbATg6VFz+dsqbuVJfHd+xnOxQm32lFCpTM3nM22Cw5Fy2KhVupwFKRhGzhwfGZXowf0QDc4fFpQH/nveb8/C82C0mJPGg5w3/r6G2PAsU=,iv:cikjeLhXqfoDDeJGOobRVqejmic8IINOa7Bh7rLDY6k=,tag:ExJCLLrf0Is2SsWZaAwBdg==,type:str]
+ mo_jie: ENC[AES256_GCM,data:cCwgl6ZBXSyv0v9DYFHBk4sS29bQ4yt6SiVTIOMr6F/aBV0hzPavErpO7A6CYCfs6e03ZZCyvQVGjbA+c4TEH8+K/OPPKjUzpE3k3FwfJQ==,iv:tN2Kyo6X2eAAqx+/OOOtAW4YSIYaR2TuoPmUuLQuzCw=,tag:LbxetW8P44/TPV4uk6d63g==,type:str]
+aria2-rpc-secret: ENC[AES256_GCM,data:5q0HzOd4XjDbRA==,iv:54Fwf7RgpOPulHN9ZLglgWpB16EsqpPEiBAcgb2H/Ys=,tag:IKqsUXd4VH/ebaK+X+QiLw==,type:str]
+sops:
+ age:
+ - recipient: age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3blBzNTR1eGhuUEJpUWor
+ d1FqcGlSNnhPNVpJa1I3TlI0TDFHYS9PUTJjClpwREFVTTc0aTJBRW13Y3RWY0x4
+ OWlVa3FNRUZYaWt6YXVJQnFWbVllcVUKLS0tICtKb05DdzlJYldDQndJaWdoclY4
+ V0lEaEYxVVozUHpRRDcwOEFuc002WGMKH6ewbfK1BuUguYbHxEKbzTTC+QbSYHMB
+ WIKu1bHYVaOu8grQq5A4RDDP8pgxFlLrKPDw841Oy5/jHFE4DYiQrw==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2025-07-13T16:58:03Z"
+ mac: ENC[AES256_GCM,data:CurUQKMEi896f/wVzeZSKhHHFQmxi+D1bAHSYqYQMG7IgWL6h8MVhzx3AVHjIlgOU7ikf2HrBs/E9/oOMk5L68t89FLeCeiYWp9XFRU+lNzS/jhqmw/MCEIBDfJFvDhzO4HHZFHKd5yreSm1mTVgH5beTIq3VmeXTm8MtNgoNOQ=,iv:EsbIGcBhyNAOGLoCKzgT7IsDo5RBlvx8EfpHY0gpuUs=,tag:TcEHWrVZNa/VrkaqQC4Djg==,type:str]
+ pgp:
+ - created_at: "2025-07-13T16:57:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4Dh4vQ8CmRuq4SAQdA+tSoSJdi8OD88jazXVsI1LnPUe7kF1aVpZfzC3Vsq00w
+ kXkPlD64pBLoRjwZ8ZHHR3EUD1+BoA2PfKeHWB8jF169d6K3wW4nFMAtCWvuBXEe
+ 0lEBDCgTipKF03XhGPr59dUnMdpWtyA3R4IgowCEcmCq/HHY6F3PxUUmJ59jgGB2
+ 0co9dGWZ7oGzLR8CLKKwWjJylOfiS08PIMrHVOo7Yi+pLPY=
+ =rnOM
+ -----END PGP MESSAGE-----
+ fp: 56AC2ED35E51AFE66EAAA569878BD0F02991BAAE
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
secrets/nixos.nix
@@ -2,6 +2,7 @@
imports = [
sops-nix.nixosModules.sops
./base
+ ./nixos
];
sops.age = {
.sops.yaml
@@ -8,3 +8,9 @@ creation_rules:
- *admin_hpcesia
age:
- *chaser_kevin
+ - path_regex: ^secrets/nixos/secrets\.yaml$
+ key_groups:
+ - pgp:
+ - *admin_hpcesia
+ age:
+ - *chaser_kevin