From 5b32b947de3ac1adb4317e9c92094d67561d1230 Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Sat, 27 Dec 2025 09:01:13 +0530
Subject: chore(os/kay): refactor sops

---
 os/kay/modules/dns/default.nix  |  1 +
 os/kay/modules/dns/secrets.yaml | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 os/kay/modules/dns/secrets.yaml

(limited to 'os/kay/modules/dns')

diff --git a/os/kay/modules/dns/default.nix b/os/kay/modules/dns/default.nix
index 6179527..a11f4cd 100644
--- a/os/kay/modules/dns/default.nix
+++ b/os/kay/modules/dns/default.nix
@@ -29,6 +29,7 @@ in
   sops.secrets.dns = {
     owner = config.systemd.services.knot.serviceConfig.User;
     group = config.systemd.services.knot.serviceConfig.Group;
+    sopsFile = ./secrets.yaml;
   };
 
   services.knot = {
diff --git a/os/kay/modules/dns/secrets.yaml b/os/kay/modules/dns/secrets.yaml
new file mode 100644
index 0000000..e3b8c63
--- /dev/null
+++ b/os/kay/modules/dns/secrets.yaml
@@ -0,0 +1,25 @@
+dns: ENC[AES256_GCM,data:Nma42ej1Q7cbX3TMgqMYbWLnnHA75B5QDa303/KAeRkdPJNtE92UBIL8VN6+UcEmR00/aQciFmne8tp7Qn3e5DJypbZRXwsiLHCSi3vW8wLn5BwCUq/V9aA0Wm9e22aalqIe/ofpnZElAco=,iv:Ql2SUbUjCaN49kShDVPF41rRXAmNAJKdRhpfVWaJffU=,tag:1NX2tsUClgDu2Q5Y+tgvTw==,type:str]
+sops:
+    age:
+        - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmaFR1cWZiS3VjS2RocFYy
+            THY5UndoT09CTmNRTXVPTGNIV3dMMEplQmcwClJBWFloenlQcU4wd1h1UzdVdEFo
+            OTJVZkZtVG1nNGJPanZ4KytFcFJBRDAKLS0tIGNmYi9JbUd1TkJYcnVIcVRERFkr
+            Rkllb3pSdTNlWE5aMkdYSVk4aHVPZFEKniDSHQ7BAYVmlThPP/xh2qS3ai/ZmJ5/
+            y+MFVVCUPqCYCt3PXc+YijE3NMV/3uxg81r3t9PVAvUXJLcLGrGQsg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age15989j5lkkf2kn5wa2p6qc8wlxjjksc63k5ync8rz8t4e87394pzqm7h4rm
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByOHVuNUtGakZIMHhSK1pM
+            cFVyNWZ6aDQ1eEE1WEVDVzdtajNFb3BoUnlZCkYyaHgwVHZMS3prazJGYVBCeWxV
+            b3NyUVhsOUViM2tTVUxlR0R5V25WUXcKLS0tIHA4UkRmVHkwc2tKTHVHZWs1QWl1
+            V3J4L3B0YTJ6eTRuVFBCckcyYTlJaFUKFu++nbDHaixxRS6ybqztQAvYWF3vYtTq
+            Gid9hEmcNrSQf3hLNavHw0fLI3CYO5wKriODZ+bShg4xOPFW62g6Bg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-12-27T03:16:27Z"
+    mac: ENC[AES256_GCM,data:EdJnlxHdpGmoOhKtD1pjfvq47cPGKRShqqLzmdQAveGbS50Vc/ytyGznDctWi7BhUrBq1xnduskvrDKh0iRQs6Eg72iVmY/QgDA4eQN95lSaIWsHH5lL61WcvVzur/Ya8F2cUivgp3CejM2bi+eZa0LeYD+kuDt0NhnUa8pZai4=,iv:Coit8Z0pLpckN7ZKDBbqkJu+q6BfQL7eu/o9muAcCvI=,tag:UVz4WHPNDpeVNOiXthHqLg==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
-- 
cgit v1.2.3