diff --git a/flake-parts/install-anywhere.nix b/flake-parts/install-anywhere.nix index aee7ef8..8030b1e 100644 --- a/flake-parts/install-anywhere.nix +++ b/flake-parts/install-anywhere.nix @@ -8,7 +8,9 @@ _: { runtimeInputs = [ pkgs.sops pkgs.ssh-to-age + pkgs.bitwarden-cli + pkgs.jq ]; text = '' @@ -38,10 +40,10 @@ _: { sed -i -E "s|(agePublicKey\s*=\s*\")[^\"]*(\";)|\1$new_age_key\2|" "hosts/$host/default.nix" echo "==> Updating SOPS secrets..." - if BW_SESSION="$(bw unlock --raw || bw login --raw)"; then + if BW_SESSION="$(bw login --raw)"; then export BW_SESSION fi - SOPS_AGE_KEY="$(bw get notes 'admin age-key')" + SOPS_AGE_KEY="$(bw get item 'admin age-key' | jq -r '.notes')" export SOPS_AGE_KEY SOPS_CONFIG="$(nix build .#sops-config --print-out-paths)" export SOPS_CONFIG diff --git a/flake-parts/sops.nix b/flake-parts/sops.nix index 19772de..015cd23 100644 --- a/flake-parts/sops.nix +++ b/flake-parts/sops.nix @@ -47,12 +47,15 @@ pkgs.ssh-to-age ]; - nativeBuildInputs = [ pkgs.bitwarden-cli ]; + nativeBuildInputs = [ + pkgs.bitwarden-cli + pkgs.jq + ]; shellHook = '' - if BW_SESSION="$(bw unlock --raw || bw login --raw)"; then + if BW_SESSION="$(bw login --raw)"; then export BW_SESSION fi - SOPS_AGE_KEY="$(bw get notes 'admin age-key')" + SOPS_AGE_KEY="$(bw get item 'admin age-key' | jq -r '.notes')" export SOPS_AGE_KEY SOPS_CONFIG="${self'.packages.sops-config}" export SOPS_CONFIG diff --git a/hosts/laptop/default.nix b/hosts/laptop/default.nix index 2ddcf5c..1523a62 100644 --- a/hosts/laptop/default.nix +++ b/hosts/laptop/default.nix @@ -36,10 +36,6 @@ enable = true; ssh.enable = true; }; - nebula.node = { - enable = true; - address = "10.254.250.3"; - }; syncthing = { enable = true; deviceId = "Q4YPD3V-GXZPHSN-PT5X4PU-FBG4GX2-IASBX75-7NYMG75-4EJHBMZ-4WGDDAP"; diff --git a/hosts/laptop/keys/nebula.crt b/hosts/laptop/keys/nebula.crt deleted file mode 100644 index b9041ae..0000000 --- a/hosts/laptop/keys/nebula.crt +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN NEBULA CERTIFICATE V2----- -MIGloD+ABmxhcHRvcKEHBAUK/voDGIUEaUsu2oYEayh99IcgFUP+GVuq3tcsxWoM -TgOEhDMlEFpe1AjCbmBFMjtzRWiCIDQsjID+DOXgSXkAkkIySZqpe8qDwc/RSe9/ -rUqoGr07g0DDH0+/63YpveHA2JKKvl8T5/1kPm2Tp4SKLLy6i5g01dw4QSwaRGlW -nrPxsi9gbci2Jdw2AiOZmshHA7tJOpoL ------END NEBULA CERTIFICATE V2----- diff --git a/hosts/laptop/keys/nebula.pub b/hosts/laptop/keys/nebula.pub deleted file mode 100644 index 21d14de..0000000 --- a/hosts/laptop/keys/nebula.pub +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN NEBULA X25519 PUBLIC KEY----- -NCyMgP4M5eBJeQCSQjJJmql7yoPBz9FJ73+tSqgavTs= ------END NEBULA X25519 PUBLIC KEY----- diff --git a/hosts/laptop/secrets.json b/hosts/laptop/secrets.json index 359a568..e0cc189 100644 --- a/hosts/laptop/secrets.json +++ b/hosts/laptop/secrets.json @@ -14,9 +14,6 @@ "cert": "ENC[AES256_GCM,data:laxunEiRygs7Bq2TYCQSakI2piTb2Qwat+ltKT6bjd3RdZ7/HGJOkP+ogubH07VEzebL3KMUFzTL+q3Nuo39wzprktAtgX1bF46p2HEf5eIHwYwzPMOS7pKilCLX1zNpwS9jEcjrIzI1pv2Qc7XhE7N2nzEEu8lJt+n3xKzSuQZo9hhHcQI/WjuI+8dSDkLGi3QgyVj8XB0eAixprjNU5G3aEG79v+qamTDMJz91joH1yhyU71cxsZNRDSElIRnZnGUD04VrHBqkaU5JEv5LTOnvrId8V3KoIEAZiWTkWq/NQIKkjo7BPzTb3P6yAAvCisIwnpuPT6tILCCVycvJ7q0wAJAgJqf8jJhyuLXf+6vhT6e7XvuItJratMoDO1ncMJ4u44i9713XBl5bUM9QJ4PirtbRxrJ9HqaujOiBLiPc5oFYxvOr/e6K59aBsnDS/KsO3rNbe5SBttbP5LLvq6/ZhlvUls6SifLp9isr1hbEAKk9C43LNzjxv7DxpaPsauagUX3yBkT9qftgzMBO6yF0t0K1N2y5Zj0vDGK2wPz9sJWL0FAVLG7eiknEhdAEVDWNCySqy6en7vYTLGZbstTNmHUvTzAGe7ckw+0VsFMgpRYyFHWKJ9v8CUGomcgIr7uix4rJPgVRGq5qthWjPLmVNXwgz5D6Y+I5vS/UGaLs1LFKR3lzuHWUo3d3wO5TQXfEr1Gfu/ZnZlGPNhtBEeV616oa0/5WYG3yND77Ipvt77ZY5TNNhWJtqyUlu6xiRS3QpmpPl8MiCHnTJSf9WzkOQAVzjJkaVRODSp12NP8IAmXCc/6vGosLDuJkH9JWj1gxkrN00nryPCHYcDgGGeLl/gHVCovHPAzAvW3s32JNHAMZvOS0T6n/8LmuiigV4cAtTxgb4dYphGVT9M/IBUjVwADdSR5GsSjcng6BVwNMlhcirArdgpmqzwzpHbchrQ7waBWPwBWhxjMqsSu9IjEg6hakMg+A1nyH+7kB2YR6ewkXYP2lcO6RUzg45R1T+ri/HApeT+6eucPhnm/VXqBkQahQjrf1Rrg=,iv:W82k3U5tBcGfuSsrY/4RpQmpbw2jYn8NuXKRluB3fyg=,tag:iM+WSkSE/LjEA+rlp1GGkQ==,type:str]", "key": "ENC[AES256_GCM,data:C7IWbdaPNYa/TmqOK0BbU5xTk+0EbF3CrWHXYLFW4XdbvAzprITW/xD0jJhCBd/jTnWdmoEdbwdLF4BnYYXhBZcyMZALtfT5sKMk82vAoasTvZLDqBxm0CIA5npXjw+OhpI5a031BNXHaFBoN7cmfwZWmzEN9BwgHwlpExKGDXY/NWThTYp6b2HhWujCA5dTMTrrFOzxu/Wmh3Zv7GhYnnRhtCNONWzKMlSehlSC4R6ERrBG2khxXoPbyerwhhmPSpKbsnknPYcc4hkU4MuSF5zbgD/1m0PMVmSDBY3z1N7WwKO8dqcKETzyaqQ8fjiLuChT85q+mzz/btyXqOJi6pmV6vAcsNIogEMZ4E9va1TbD7vkESruIPrhf5XB1HVx,iv:4GFnhwE+Bp6JmqV6w3s7kd9usNh5eFAKqGR6vk5SSVA=,tag:lrvxVWVG2WBLVrLehao8ng==,type:str]" }, - "nebula": { - "host-key": "ENC[AES256_GCM,data:bj+rc2zDOWvQODR7fggh9IfVbqhKx0ejTT519ZRrrwJuQWCqno4g2LC9CvD1fStktl3jqtKtvP5XM4PkNRCtzTVmyQaQ7XJDQpUHd4O6o6mLOJFa4Hr72PGSTU/5cyALe/28sLIDLR183U1se3tPbSykZWt8OJA/eA2LXNuumw==,iv:jpMP9Asa0xaTvm+kaMim9CuGkje4gdTn5es6l/52Y1A=,tag:NsRz9Svswa2soH7YINPQ6w==,type:str]" - }, "sops": { "age": [ { @@ -28,9 +25,9 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPM1k5U2pCM0JkKytwSE16\nek1zdVVuQjdKS1MyZ29xSUZkK1FId2JVZ0dFCng5bjV3SGlGRHdvaHkvWnNQcWpk\ndGlMbWl6STdERmtHeXVMYTJ6NjQzSU0KLS0tIFBza3d4eVlsVHB3YS9ySUNFMjUx\neUkwQlExdGNwWU1hbHlzS0RkS3NLbFkKLiP/N/5jOnsQhRCOkZ/BieX3OLJOq82e\ngp57skqFeG0k22sPpbgOS0Uz7jckv7/C3kFpuwXQGpEHdzp3QZ+Owg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-12-23T23:35:27Z", - "mac": "ENC[AES256_GCM,data:+4U7yeb/0mDHuVz/DcGzg3whECVm3HJChE/T1NNJKCkbc1lkdIfLvI7p68IBe5QtkTsGtm2pGqJn8ztbOCAJJ1feoZyHMdcDqGbJG+IpDSrPRdmwqvey5CGtrGgIdgW0vZUMCCywmbASzEmsVoFvOzBp5GAxeJsJZRuPU8ditRc=,iv:dkqg3210wXfVAjXPmXYkerLJX14muxeKPMKU65PrKMc=,tag:TPbzWHamgoVBbAyshiRahg==,type:str]", + "lastmodified": "2025-10-11T15:48:45Z", + "mac": "ENC[AES256_GCM,data:vhDLrAXe7RuLiHREyjV2LVkPzRqOpQ1LCOKW1Rd0UWVRxo0NY2UeZ5gSEFRDLAeJ/mQZcJkXS89GFnLlIoniN44xAesEq/G0KC58oTioQ25GGbmWMkjsGihJ3L0ydwmckURFSBQloP7Oa1DcSllUljZ67e5kDBXnoTtfyWy2rWg=,iv:8GXxKP6YR0wH3/5AN5VUPRCxdv5pzqgxdYOkYU1ICe0=,tag:mGc45QcR0ljkI/ifR5u4sg==,type:str]", "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" + "version": "3.10.2" } }