Add more SOPS secrets and resign using new SSH key
- Update .sops.yaml
- Resign secrets/secrets.json
- Add new secrets for keepassxc, spotify and my account password
- Change SOPS SSH key locations so that it doesn't need persistence (as sops
happens before impermanence)
diff --git a/modules/secrets.nix b/modules/secrets.nix
index 3435962..4ccebcb 100644
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@@ -11,6 +11,10 @@
environment.systemPackages = with pkgs; [
sops
];
- sops.defaultSopsFile = ../secrets/secrets.json;
+ sops = {
+ defaultSopsFile = ../secrets/secrets.json;
+ gnupg.sshKeyPaths = ["/nix/persist/etc/ssh/ssh_host_rsa_key"];
+ age.sshKeyPaths = [];
+ };
};
}