Jafner/Jafner.net
1
0
Fork 0
Code Issues 16 Pull Requests Actions Packages Projects Releases Wiki Activity

Feature: Add sops-encrypted SMB credentials.

Browse Source
This commit is contained in:
Joey Hafner 2025-02-06 13:39:42 -08:00
parent df2eb5cd60
commit 7291fa354a
Signed by: Jafner
GPG Key ID: 6D9A24EF2F389E55
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
dotfiles/systems/fighter/network-shares.nix
View File

@ -44,13 +44,19 @@ in {
}; };
}; };
sops.secrets."smb" = {
sopsFile = ./smb.secrets;
key = "";
mode = "0440";
owner = sys.username;
};
environment.systemPackages = with pkgs; [ cifs-utils ]; environment.systemPackages = with pkgs; [ cifs-utils ];
fileSystems = fileSystems =
let let
fsType = "cifs"; fsType = "cifs";
options = [ options = [
"x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s" "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"
"credentials=/etc/nixos/smb-secrets,uid=1000,gid=1000" "credentials=/run/secrets/smb,uid=1000,gid=1000"
]; ];
in { in {
"${sys.dataDirs.library.av}" = { "${sys.dataDirs.library.av}" = {

29
dotfiles/systems/fighter/smb.secrets Normal file
View File

@ -0,0 +1,29 @@
{
"username": "ENC[AES256_GCM,data:3+OdL7uFvA==,iv:BmsEVTZonXqel5trzcTNEW6TMmIS1fjDiAog2emUF2k=,tag:pbCJuCvxdGhSD92EaDsRsQ==,type:str]",
"password": "ENC[AES256_GCM,data:U9C7j1/9N+iHa+AwKRbT9di05aM=,iv:A0cZde3iGcrubNroGFec99CtioLd8qg8V1KYHATeiMc=,tag:oVV4uy59doNs6s2VUaT/JA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1v5wy7epv5mm8ddf3cfv8m0e9w4s693dw7djpuytz9td8ycha5f0sv2se9n",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0eEcxWEI5MUFvRGIwQVRW\nUDlGMEJyaFBnS3JQQ244YUt3Q2dqYW5UWVg4CjhnaWVPTkthUk5tVkUxNmxBZ2Fo\nTVVOa1BPaU1vSm91bWtUdUhIOXdXSHcKLS0tIEM4SG1FRjhPb1ZtU0RNdXY0QUJX\nR3dTSGpaQllITkh5ZTRJRlRyNkQzejQKHJWEYc00LNZf8a1ID+uyoeGSco5rG0eF\n0IxTGurLXtY0267RFWRxbS8vSj3/EhnCcpkV1dMyxlmSzJRNAsw54w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmdThqUytHK1lWZWwyVzh4\nMUgxSTAvdW9YTEhZdmxVYXNicm95bWp1eWxzClBWT2w3OS81ZTlyN01STjg5d1di\nOG1sS2tZUzBsYVVxZjFrYlF6cmQrSGsKLS0tIGtpdlNvS0lsNnNnL3A4cEtaeHNM\nMGRTMnI4TW5IdVlFMHY2dmkrMG1kcEEKXF5KgYf9sKxq2BH5kmLaiwAoVaf+BIOq\nCfgOQK96yxiYZ3aAcQHZsEU+J5Tmor2cF8CDn7qIp2szDP3LNfoMkg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1nq652a3y063dy5wllucf5ww29g7sx3lt8ehhspxk6u9d28t8ndgq9q0926",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBweFM1WU9nL25Qa2xVNDlN\nUlozUnQyRHdkRGdocHRXV3MrSVNqWTVPd2lvCm1CcTNYVUlTcHY2ZFA1Y0pxVVVa\nd2xMYTdxUDhvVjFlcEdQdWR4TWNPQTQKLS0tIGxNclAvcEhzZ3lycEtuZThrMHlJ\nTDFJK0V4REJaN0pVQUlmT0tJYkJDUEEKXlpGjZgUdr8XXMq4GyxMyf0xqgQFPDJ9\n9YdnG92gnNDUKy4T75ElI6LchkfomLwt6USmvG4D0YORnsEXw2HReA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-02-06T21:39:18Z",
"mac": "ENC[AES256_GCM,data:3sQuKP6t5ara1yDt+lwro2JSZIsVKybVWJcW+NwEO8zT8mm3v1u3W8ZOYccdGPHimxe+sWShLoKBb/lnyX1AvKw8vNNqYJqUbjHYb4w/tAD9DRbAaPpAQ++90i74Pb2KEPYkJwCi/UFYdCkV3NbbjzfyFBJGWQp4WlWZFZhy3Hc=,iv:VU4YxiEwnydCj1C6axKn1TKy0rgmVNk6q8ZBo7b3Rd8=,tag:RWpLHKu8V6sywkRkrFUjAw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.2"
}
}