feat: secrets management

.sops.yaml

@@ -5,3 +5,7 @@ creation_rules:
     key_groups:
       - age:
         - *primary
+  - path_regex: secrets/homex-secrets.yaml$
+    key_groups:
+      - age:
+        - *primary

hosts/homex/secrets.nix

@@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  imports = [ ];
+  options = { };
+  config = {
+    sops.defaultSopsFile = ../../secrets/homex-secrets.yaml;
+    sops.defaultSopsFormat = "yaml";
+
+    sops.age.keyFile = "/home/guz/.config/sops/age/keys.txt";
+  };
+}

secrets/homex-secrets.yaml

@@ -0,0 +1,20 @@
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1sseqwwa7fc0ftry8njyuagdg28fkmtdwmj6m7p3etjsj83suee3shfzjyz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkeGg1UzNkV0g1U0J4cUhr
+            dS9lZ1c0c0sxQzJjanRNSVBmQ09rQ1R2S0RRCmhzalFnWUNISis0K1JHSmcyN2cx
+            QWhQWFMxdmxKL1FkYU1PdmFHL1BoQncKLS0tIFN4MFRZTW5mUDI5T1Mra2tMS0Qz
+            amRmVkVoS2RqeEs3OXZVeTlsZUVEV28K1WcbGJHT8LMah5b7NN1psiucTl1OfZYO
+            4T3RDSQMB3qj1TGQSdixjwRRKbMGtL3LXnvkNd+caVi5Z9OkF1O9Yg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-01-26T00:59:09Z"
+    mac: ENC[AES256_GCM,data:HNMLXL1s8/rdcmwaUnPoOkI/a+ZkN4Hj5tYt4hpPPTB5tdrTjFum6gk0Dl9RiV2h8x8WIfCk/jUDLgZSbTKrOJTdiD1zw7oBg7SnwLy9Q5yZejQ83J6Sx8E0UVvqg8xT7b+2pwbiou9+xw9s3oW+ipNyQrJHLaOfHp+vwKkNGH4=,iv:Gg0QbvPtw2wD8yez/hXfHAeqnkWgqxJ0JvM+psrVOPY=,tag:M5hFdS9pLQMi5g2SstXZ7w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1