diff --git a/lib/users/manuel.nix b/lib/users/manuel.nix index 1df7e01..d46cf8a 100644 --- a/lib/users/manuel.nix +++ b/lib/users/manuel.nix @@ -12,8 +12,16 @@ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; - defaultSopsFile = ../../secrets/global.yaml; - secrets.nextcloud_password = {}; + defaultSopsFile = ../../secrets/manuel/secrets.yaml; + secrets = { + nextcloud_password = {}; + proton_password = { }; + proton_2fa = { }; + proton_uid = { }; + proton_access_token = { }; + proton_refresh_token = { }; + proton_salted_key_pass = { }; + }; }; programs = { @@ -32,7 +40,23 @@ baseUrl = "https://cloud.nuth.ch"; username = "manuth"; obscuredPasswordFile = config.sops.secrets.nextcloud_password.path; + vfs = { + enable = true; + }; }; + + proton.Proton = + let + inherit (config.sops) secrets; + in { + username = "m@nuth.ch"; + obscuredPasswordFile = secrets.proton_password.path; + webAuthnTokenFile = secrets.proton_2fa.path; + clientIDFile = secrets.proton_uid.path; + accessTokenFile = secrets.proton_access_token.path; + refreshTokenFile = secrets.proton_refresh_token.path; + saltedKeyPassFile = secrets.proton_salted_key_pass.path; + }; }; }; diff --git a/secrets/global.yaml b/secrets/global.yaml index 9b11956..fd535ac 100644 --- a/secrets/global.yaml +++ b/secrets/global.yaml @@ -1,5 +1,4 @@ default_password: ENC[AES256_GCM,data:u6AqBJh7B4ZZH3ajoxlAeqNAbIQSCubPXpbL/mgLy1ma8JQmgX3rCHWog+AqMDJmjmjzaPGDvs5LDfAEKg8fNcmBXg9QU10M2w==,iv:JGTLsMHMPQ/kswvwQQLmQhP1Evb8sAM/vC0LUFjmaMA=,tag:LrsYykB/5J8NKs//vf+xjQ==,type:str] -nextcloud_password: ENC[AES256_GCM,data:VHYLQzVohZJuLWt538YbVzd3kfwW6H3iLE37UiUCHhlJeixZCT150YEBCEitzGyPPXyyzO189JfcIBke,iv:ygiqXNNtsfmzOZ3qGFWLKZ3jp2l3rkxBOwyLGsohPuU=,tag:lipWOIfHp0UzfYODM9v2Yw==,type:str] sops: kms: [] gcp_kms: [] @@ -42,8 +41,8 @@ sops: T1hzZlluaGs3aDNpWGxsdFNhb2lEM00K24MVEpAnvtOn4sD3VnAHZQwSnFcKxvyW y1GfuG+2ktTuY/lglbXt+JlIU2OlBkV+qjWtsF6424YhfJ8PUExO0Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-16T00:11:24Z" - mac: ENC[AES256_GCM,data:UHbn7T5oVD9BhtDcbVno26yelKVR8ngR5jkGAucagntATD7h2iteLMQljX0hRqpr7w0HPbBSaBbdz4PlyLvu57/sU6VQbjFuZi/79F+d5rOrulSUFgpKl0kyrkG97Dx+mZAHdvSc/JuGGf+0Bs/rqevzp8ZhXnpYgI4v0x7pk3M=,iv:7vge+gdMTKqTH5VdVee42osWeWRosrTJEXC2AsPaCqE=,tag:266n4f2IFuGl3Jk0t4gsSQ==,type:str] + lastmodified: "2024-05-16T16:30:51Z" + mac: ENC[AES256_GCM,data:CB264tpQNa4SgpeJRU+JuYRhVyDhDpVLrb0w6+mEa+s3/FoXEq37CdLvPUsM/WizUYjfMHZskSYT1D0AXVe6Pbpj47YrgZAwxDJcoSZI+4bzcDAMiy3MUlUU9/i1K3v9oskNH/liquDsjbphKUrHyhrF/ZAM3d7PzLHbkB7NaXA=,iv:H5Ifxc1A1ERhonXnGEiQiqzO3p6UTkqFOZx7tqClbGI=,tag:pUF8ga79W2DJBjC76n2Y9g==,type:str] pgp: - created_at: "2024-05-16T14:39:29Z" enc: |- diff --git a/secrets/manuel/secrets.yaml b/secrets/manuel/secrets.yaml new file mode 100644 index 0000000..3f8d09f --- /dev/null +++ b/secrets/manuel/secrets.yaml @@ -0,0 +1,74 @@ +nextcloud_password: ENC[AES256_GCM,data:E6Tm/33YhXUyU0bHFnG8R1yWR0knqWECCRjsmz+Bqb6n42pSfVWdrYBNgdSnBag8quzt6aUrUVxU4fCV,iv:WtNoTm1jqh7r+Qbhy1b467JrVrLqX1orHtJJtGUcIqE=,tag:+9ldjM6876TY/BjyWxCI8Q==,type:str] +proton_password: ENC[AES256_GCM,data:86l9+DhrKCq6xkh8dVQwE+VK9kBZh6pUVlO74hq7c/Wpx/ROHBg1jbFtoMn0tmaEw+ecIok8ZGLEw2dy6k2pZg==,iv:nZ0fNo3Fy7+7v5qpITNNfG2SE4WvuG1fPwEAnL/+lbg=,tag:HwruciYwbdfe19kf2y4lkw==,type:str] +proton_2fa: ENC[AES256_GCM,data:Y5Oxoe74,iv:Q9EpXANE7Q77fPiTzPpEQGzE0LwmQDd0arhr4XoGAnk=,tag:pPXxFTo2gPFyrb6fjlAOAw==,type:str] +proton_uid: ENC[AES256_GCM,data:Rx5Su1Nu6ByjnSH7//NWChViMfDAB+M9zivKcwsZDsI=,iv:J5ShpPTRr+/tqa7lB6nrtEihJV18PBt+JmVerY1baBA=,tag:sH0qAhBdRl2vlkrxLKZcWg==,type:str] +proton_access_token: ENC[AES256_GCM,data:VT79m3dtQLvcpnnfe7aDry1wTcxFaSQpW+WZ52Gr4lo=,iv:4lRSZPA3vKfwfpdUv4di1h1EqIl3zR8z1Xg8qrBk83Q=,tag:wiadZg4PfB8uAl5fMAYw/Q==,type:str] +proton_refresh_token: ENC[AES256_GCM,data:N6ozXbEmiufLB/4NIX5WZVW5+yEDBWBITQmYfetwFao=,iv:N2WEIcJpAosz2k1WygFFU70mdjWEMSD6kJaO83kJBUE=,tag:jS/5/m5UuAUh52K+lwtbig==,type:str] +proton_salted_key_pass: ENC[AES256_GCM,data:Sn83S0N2fRk6KHjWcbYHHjR3jlPjeGcdzo0Ua2Cm7dxUi1eWAjsrWw8kjG0=,iv:L9z7v2Kj82RGSKqnUWqkMB8ct+fuST2xGwGe/c/GECE=,tag:6O/uAjUvTaTBS49MfGOx9w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ytjxrfkag8n73zym7ptt0axsehtxt85gf06qxdtyntzpcqcd34wqa5kv25 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VzFpTnU4UnErQUJKdVhG + UUJjd2dTNFlOcWQ5emtKVEprcHNXYW4vSkI4CnpnMGJ6VjZrSTFKNDU3QTIvZFpL + aFhoTlMrVlA2SUxBUzRGUmxkQXdlakkKLS0tIExTZGY3eFp4SVpESE4rOG9tSnlv + Mm1naVlnV2ZVU280cGFqT3FwUFliUGcK2ry1pM3slqly20mQrRvIPe1M1gRqwsTE + blQ9ui0Ix7B/TFy3rJchPIj0ZpV7no3UEIRdF4Ee4m85DsmUxT0cLA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1nxlfrn0rs7kplgyd37plnwxy9yn9wmqwqw4xs5g5lr8xqqgl3ecql7mq3w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqUnJzMHRYWXEzcSt6TE1D + ZVEvajEwdW5YS0xZM2doUFZ0M2dnZ2w3ekF3Cnp5YjR5ZFpuRTRqb2ZCUm9kdzR3 + ZU1hVlZmSUxVNVYvdWtMcVFDK3ZJZWcKLS0tIHN5RWNneVhpWUpVRUkzdTcxYXcw + bUY4ZG9ORFVSNWxBclNEajB5cGpXZncKSXi3WRFnD6zhzS4CnTZ7diFS0AS4i/HN + /T24BWzHW7tLot/FsZKx0+ZszpJynLmR6kv1RWNO2I67oblRJnXfKg== + -----END AGE ENCRYPTED FILE----- + - recipient: age12dlu69eph80an3xzfjtutahn8k7qx7jsaplvkmzrm3pw7ph84e5s22nymj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMZG9jU0hHYmoyQkRvSm1Y + T0lzWDFLWWxsdC9PbEdIYVEzUVlrZUJmOXdnCk9tc1BmVU0wQlBYSUFmY1JLaElT + ZVZpa3lncGNWbmtvc0h1elhQaXNJRDAKLS0tIE92WWFJbi9FeUxDYUhxY2F5WURW + bjlGS1BOZ1NrTXhURVNYOE10M2JidG8Kt9n/DczoNRewbUbRvqYlppGihIFPKMDy + k8AxW5l8pw6H/QePdfvLUOD2WJONX37Z/491Jk5k5lDmJBBRt9r60g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y9aqkecwlfzj7n2awtt5xyjt3arn3uszn7np7xdm5glhdpsqh3csea2qem + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqTE9UaUU4Q1U4bEhpeFRY + Tzc3UytRNHZTQTgrUEF5QVpZTmdUcThTMENNCldFblRFWEx3c2JKRjhlNW9vSzd0 + U0FCd3pEVE9nYlVnTnpnb0Nwby9VYm8KLS0tIFJqZVBTaGRBS0pkdTQxWDBTTjVx + cFJ2S0ZUNXZNVVVEOHdSSWE4MzU3MzQKtEklDJqaKqVDBr7M+IwND15J2qpQ/M/V + rceYKJd+vWefkqqe7LOn/xfkWsucEJFCrsSqIpl53cM1INMD+O1ipA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-16T20:42:49Z" + mac: ENC[AES256_GCM,data:5jPCzkEalaLVM/bIq3hBe02o0EcYSt0JBqQC2WfqMUOyDoO9N4J12m1V1TK2IA710EGusUsRHY+1HyXvZBZM0wzDXrnG3N44k+8SsCMKd34tAtMNmOUFYjtuyeRJzL/rO45iObGRt31IpMO5N0aY1v3Kx8BMg3iwOUP3WLhPRts=,iv:ddi3sfPMnUmNKpkQE0txPsffCaqsv0l9jDvDmwbGgwU=,tag:mj7iUxkx30VXGHnpzZBEnQ==,type:str] + pgp: + - created_at: "2024-05-16T16:25:13Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAwAAAAAAAAAAAQ//RHkNvaBlTYjCArY3/9KcCkotpit5pXWaKrXadjRe5U/c + YwE2nLZR2U1dmmQ2A16tg+EI/DgXVfmg7oRtpwj0TDZ7IzjtTxdS4z/PJ5cEQDI7 + ZHXcunUvaT+30gvZ4tl9ZDdvckJVNk7N6RHFGFGI+ZE8qXB+eyLd85wxXecjYmYx + 1nsSko9ihqwhRpEeN7MiNQDlWEpBpwU8GthrSI5hhDSk670uYU/c7jSUODnsTfB9 + SGC+g0KgX5DNWS1Q9o/UF3KGfZXQvMzhugXRe751q3oajHNzXL6e+Q2PU2ciPtaG + QgI/6F6IyQ8YWt9CVPFVzsxJbEka5zcXXyBOAf7fVIHKxrVv4p1Z8uKV1Msgam7X + AV+HyZF8sC+IGcXNb7y5AlkmX0/CoF17jBtktt8EuSSs3dkQ7L8OiOOdqphAadkz + o74DwTEcBUEvobOm5S2eHJLtj1k32UxZeIzyd30YlT/Iemc5veK5kuRulZsSWvf0 + jApLGw0PIUw6dNZsBt6EvMVsp6TWHLg5UarcVdxgMyuLc7KOw/MNa81INHR4TPB5 + r1zHyAEMhB5BX2ITeF+ZzTIeP7hXcGbfXUXtW2ognGsgn45s4/Y3cWP0WllcNRNB + /ncedxpAWn7MQ9XyTa570k2BUZaNvoylgrw+TCSRMWf7gfBfzIfKYklEq3JHWiXS + XAHnmuk1RK3+ot0EpJPRGl/FR8nVzZrVLT8lQrvXfNKaYRk5KhY7rMq4VqLyIrNB + 7pYnFEG1QiyJo89A6TY+6Fr9SOJK5O4hJe8RzOoGKpdTgDembHjyi2OqlojG + =AnBL + -----END PGP MESSAGE----- + fp: bbc2e771fcf10534c8c7f960030d26b30736cba9 + unencrypted_suffix: _unencrypted + version: 3.8.1