Fix: smb-credentials

Fix: update secrets.yaml with correct keys
Fix public key for anzu
2025-06-08 15:45:47 -04:00 · 2025-06-08 15:07:07 -04:00 · 2025-06-08 15:02:46 -04:00 · 2025-06-08 14:52:21 -04:00
4 changed files with 31 additions and 17 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,7 +2,7 @@ keys:
    - &users:
      - &chase age19uwxm2gynhjl9m90gckrkh76m9hjut44ak6d8969y4swhz8ypyeqvfcaas
    - &hosts:
-      - &anzu age19uwxm2gynhjl9m90gckrkh76m9hjut44ak6d8969y4swhz8ypyeqvfcaas
+      - &anzu age1wdjujpvc2zd0g592a9gqa7qzz4pcans8m0tyq3m6eq9np9a3lg2s8kxf3h
 creation_rules:
    - path_regex: secrets.yaml$
      key_groups:
--- a/hosts/anzu/configuration.nix
+++ b/hosts/anzu/configuration.nix
@@ -24,11 +24,10 @@
    fsType = "cifs";
    options = let
      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
-      username = "chase";
-      password = "$(cat ${config.sops.secrets."smb-password".path})";
-    in ["${automount_opts},username=${username},password=${password},uid=1000,gid=100"];
+      credentials = "${config.sops.templates."smb-credentials".path}";
+    in ["${automount_opts},credentials=${credentials},uid=1000,gid=100"];
+    #in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"];
  };

-
  system.stateVersion = "24.11";
 }
--- a/nixos/base.nix
+++ b/nixos/base.nix
@@ -119,16 +119,21 @@
  sops = {
    defaultSopsFile = ../secrets.yaml;
    validateSopsFiles = false;
-
    age = {
      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
      keyFile = "/var/lib/sops-nix/key.txt";
      generateKey = true;
    };
-  };
-
-  secrets = {
-    smb-password = {};
+    secrets = {
+      "smb-username" = {};
+      "smb-password" = {};
+    };
+    templates = {
+      "smb-credentials".content = ''
+        username=${config.sops.placeholder.smb-username}
+        password=${config.sops.placeholder.smb-password}
+      '';
+    };
  };

  # List packages installed in system profile.
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -1,16 +1,26 @@
+smb-username: ENC[AES256_GCM,data:pFkBi+c=,iv:JSRlBHBGMNZVZZuQaSHj/cpXOaxRV3xkG/OaTOjFDZc=,tag:ALMWCi+gAqt2HtSKGGaS5Q==,type:str]
 smb-password: ENC[AES256_GCM,data:LgxYSOZhj5DwvTwAoF0cLJezxYQ=,iv:is3PWEgvWmbFc39npdjD9qYrMo76wWAczZlo7LCoNf0=,tag:vanjCeI01KaL5STCSwxM/g==,type:str]
 sops:
    age:
        - recipient: age19uwxm2gynhjl9m90gckrkh76m9hjut44ak6d8969y4swhz8ypyeqvfcaas
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4UjJDeGRGT2tmM0l5empp
-            T25YQ2RZakFEQXFIOWJRWEo2OGhURzIyTEdBCjgvU3JxSHlldFQyUWMvSndoQ24r
-            Njk5YjlFc3pnaVJ3VkdhSm81T3FZeTAKLS0tIFZWdjFaN1BxaXpnc25lcDgrQ1gv
-            TkVHWWFVS1NMa3Q4c1NnK2xhZDdTaGMKFapQQONKJ04excJXhWzmKYe6UefYAmD6
-            QT6EOlUKZZhEE49rFeih0ZMtEzbFeP1fq8DxyRD+ditlAUIyCi4Uqw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiaFZIL1UzQWJlcG5hN29q
+            YTVqeXAyY05nWDJyNHZIdlNrUWFDbmZBakFRCkQwUG40MTJaZE5obldBNG9YVUlq
+            NEVRMTl3RnhkSno3ck5NcjAwVVV2T2sKLS0tIHozVmdCWVcvcm9HZisycHlXejNM
+            aitVV05pZ29Kb2N0OFZxZ0R0Q2RrcWsKuCuZvI6mWOlqnoWvYsGNZ0DyrutWjBiX
+            0r5nrOw0Fp3P5YJyHss0of/aU116gTUYxJn6zqHTqKfDGRAu8kcI7Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-06-08T17:56:04Z"
-    mac: ENC[AES256_GCM,data:fFVK7hOu5MnZ8XKv+J3cOcHHNAdx+3L/HidlgRuCrI4KTMnkK+17MThF7xNblERQtMlb2qgz/I7A/4+GcaH/Whrgynduy+Bc6g7GlzZBnT7EhASt/TjMurqqH3AXcdFHiG2K7zhDYH4ssu8aPIDYpw2gCytQPNgqWkRjygkLrDo=,iv:E1Hh35wGOiiNMNFhRns48wtTMxe8mdj/ueU4nxYO8Ug=,tag:5OqmX0f2tSVdgqkEHjA60w==,type:str]
+        - recipient: age1wdjujpvc2zd0g592a9gqa7qzz4pcans8m0tyq3m6eq9np9a3lg2s8kxf3h
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dDBCQmFuTUJ1Ym5OTlRh
+            UDFMd3ZKQjFrUTBZOVB2UmpSbkVRdk82WEVNCmRlVkFJZHpNbzVIbjgrN1BTb0Uv
+            TTlXUEhZUUtWa3hlSVR1endieExOTjQKLS0tIGJTTWlHVnNtZHRZOVkrS0NxL3do
+            aVFNTW8yeEUvb2tLcnRpUFltSVlZVXMKSnKkMhnW7/ZOW/LkBGJZvrfE6lUT1TrB
+            O83/WxPsN5mFz9WxqKevPNlLJaPwqJQjAS2TRYlya3uvGydpJoV7+g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-06-08T19:43:47Z"
+    mac: ENC[AES256_GCM,data:9YpgBrJwWhz2utNPldpIU/ylaN2QfkSj1LvWa8sISSnuXvsBsZ8a+oNzuGDd5+Q1pSYtoiBt6viqZn65wp8x+kb9ZMJdsWoZZG2U1b3rHUsadOYarvwMVDoQ5TZFFjEOyzyCgT7ln6v1rfAKwL5LJ3Kjv6SRIb9dK51sDsVijhQ=,iv:yTlxgZoOdB7pu5iZKP+q1cXbDsTT5HgsWo4tkix8948=,tag:qJbiq+Fayx5L9V7to1ijvQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.10.2
Author	SHA1	Message	Date
chase	bb1ec1cbce	Fix: smb-credentials	2025-06-08 15:45:47 -04:00
chase	27cf08d271	Fix: update secrets.yaml with correct keys	2025-06-08 15:07:07 -04:00
chase	4a81ea1e0c	Fix public key for anzu	2025-06-08 15:02:46 -04:00
chase	eaf4b88ee2	Fix: formatting	2025-06-08 14:52:21 -04:00