add sops for vps6

2026-01-12 04:19:22 +08:00 · 2023-07-31 22:14:31 +08:00
parent 9299314a1b
commit 1bb777b80f
5 changed files with 12 additions and 10 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,11 +1,15 @@
 keys:
  - &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
  - &chn-PC age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
-  - &chn-nixos-test age1thf94z6z4835nxsx56upa3s32vfqq2s6d67rpg7weawj2lrk25asw8smhh
+  - &vps6 age1nu7jdj02gfvpsvzcwmj7gepzwzhcls2g73f6w44yaf2tz92r93ms4a5hra
 creation_rules:
  - path_regex: secrets/chn-PC\.yaml$
    key_groups:
    - age:
      - *chn
      - *chn-PC
-
+  - path_regex: secrets/vps6\.yaml$
+    key_groups:
+    - age:
+      - *chn
+      - *vps6
--- a/flake.nix
+++ b/flake.nix
@@ -231,7 +231,8 @@
 				# sudo nixos-install --flake .#bootstrap
 				#		--option substituters http://192.168.122.1:5000 --option require-sigs false
 				# sudo chattr -i var/empty
-				"bootstrap" = inputs.nixpkgs.lib.nixosSystem
+				# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
+				"vps6-bootstrap" = inputs.nixpkgs.lib.nixosSystem
 				{
 					system = "x86_64-linux";
 					specialArgs = { topInputs = inputs; inherit localLib; };
@@ -261,7 +262,7 @@
 							};
 							services.sshd.enable = true;
 							boot.grub.installDevice = "/dev/disk/by-path/pci-0000:05:00.0";
-							system.hostname = "bootstrap";
+							system.hostname = "vps6-bootstrap";
 						};})
 					];
 				};
--- a/modules/packages/default.nix
+++ b/modules/packages/default.nix
@@ -112,7 +112,7 @@ inputs:
 						gparted snapper-gui libsForQt5.qtstyleplugin-kvantum wl-clipboard-x11 kio-fuse wl-mirror
 						wayland-utils clinfo glxinfo vulkan-tools
 						# nix tools
-						nix-template appimage-run nil nixd nix-alien
+						nix-template appimage-run nil nixd nix-alien ssh-to-age
 						# instant messager
 						element-desktop tdesktop discord qq nur-xddxdd.wechat-uos # jail
 						inputs.config.nur.repos.linyinfeng.wemeet # native # nur-xddxdd.wine-wechat thunder
--- a/secrets/chn-PC.yaml
+++ b/secrets/chn-PC.yaml
@@ -1,6 +1,3 @@
-password:
-    root: ENC[AES256_GCM,data:WlD/i0GDlzeVsc4uJXVK+cRLvjATZGSbVCRedenTBayPeMebC6jrGPhsK4SSZIv3uw9RKztGGkziBTe61CCKwg/Rm0oFuF661A==,iv:YBPmukuz2tiVmIEBMClYjgzPf33NjmdqihcydD1gdhg=,tag:uURlnbNmEgo1qfoU0gPwEg==,type:str]
-    chn: ENC[AES256_GCM,data:NMTdEfxBMqJP5bnLqinzQ1NP/4eCM3zzH5aR2HOoeu/p8BNp3JDspyuE+DkjVlb/uuVugnFPTOSASRZeEliG0B6NvpZ8gP1O/g==,iv:SNVxJ/xfdfAiVljlRMd5maIhxH0RBs90bqrypBubM6w=,tag:A7Wemy4eLcIUfV/sZ6//VA==,type:str]
 xray-client:
    server: ENC[AES256_GCM,data:VeaWBXupVGmYjDdchQ==,iv:SGw9ramdMIQPzjcQgyBKr44SFEOYWhIpcLrncm/UMIo=,tag:ecdUKPvV39/LzJbFmCtw6Q==,type:str]
    uuid: ENC[AES256_GCM,data:DlObWxoYN7vzvTdSkoWKf5i6uEkW1U9a6GsO7XHH3f0CEu+p,iv:pGL9GRxM1rAvs1ySZaT32w+rUGXyzO+lWLxc0yUkZYQ=,tag:QMxUopHC2+rdlj8vD/PAvg==,type:str]
@@ -29,8 +26,8 @@ sops:
            OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
            +K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-07-27T11:13:30Z"
-    mac: ENC[AES256_GCM,data:Yrm2/uaovVU5LtzIRYQlKdalnCbXGRfYKZwar0xR87G8FlhmYZnKOpQnxTAnNHlOOAXFmKEIUrsOQK44CyWnWVl0y7bm8o19dA809lh8uwv1F9BHFpqmm30V6EovVV5Jm00AEkygaSz1Szj0iWv66+yk+ZRcdP0jN86vp9D8k4g=,iv:U0//cgxBdmMW60Rx2bUDuTA+5i/liEUjIUxUD2vkYHg=,tag:nH7fBgtefZ0GTJmz4win0A==,type:str]
+    lastmodified: "2023-07-31T14:14:20Z"
+    mac: ENC[AES256_GCM,data:LKE5F+5gJxvKO63Ad7JpH3BQqmsFcU4LV0TqP5awH3JDq4zGdKHM5tM9AbJkKUr7BAwrSRb+fxByeJUcJk0aGI9xycO5cUQRnwbFU3T6Pwm5h0jeK0JKe2eqGgSuTobLNQOBp0YRV5De2ic+8rTTcikAccH7zN02fLQPycSoWgk=,iv:cCFWW1/pvxatZ/WbjvMJu9DmwPmhC+fOoiVd144MDTQ=,tag:+g19M+DwujyhuhcBexNC9w==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/secrets/vps6.yaml
+++ b/secrets/vps6.yaml