From 84385dfe15dac2b5ecfc127be62f200ff2a052eb Mon Sep 17 00:00:00 2001
From: Daniel Flanagan <daniel@lyte.dev>
Date: Thu, 27 Jul 2023 13:41:25 -0500
Subject: [PATCH] Add beefcake-specific secrets file

---
 os/linux/nix/machines/beefcake.nix         |  2 +-
 os/linux/nix/secrets/beefcake/example.yaml | 36 ++++++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 os/linux/nix/secrets/beefcake/example.yaml

diff --git a/os/linux/nix/machines/beefcake.nix b/os/linux/nix/machines/beefcake.nix
index 7596240..48584ff 100644
--- a/os/linux/nix/machines/beefcake.nix
+++ b/os/linux/nix/machines/beefcake.nix
@@ -10,7 +10,7 @@
   ];
 
   sops = {
-    defaultSopsFile = ../secrets/example.yaml;
+    defaultSopsFile = ../secrets/beefcake/example.yaml;
     age = {
       sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
       keyFile = "/var/lib/sops-nix/key.txt";
diff --git a/os/linux/nix/secrets/beefcake/example.yaml b/os/linux/nix/secrets/beefcake/example.yaml
new file mode 100644
index 0000000..8febbe6
--- /dev/null
+++ b/os/linux/nix/secrets/beefcake/example.yaml
@@ -0,0 +1,36 @@
+example-key: ENC[AES256_GCM,data:LSGltrcgYatbjSQ2Zg==,iv:Yelgg+MOwAM6/TehmWicEy+lOZZWy+jxlC64MgzPs7s=,tag:zP67Db+Sah+nxi/DGpF9Ww==,type:str]
+#ENC[AES256_GCM,data:TsYwHzmr1nE3uSS5Z2x+uQ==,iv:uo+VnHC4Zu87XUDUrxy9oaMZp1sbneSFD8ZpaMZ2cI8=,tag:ef8pAgMh2OxhjUYiAfLbwg==,type:comment]
+myservice:
+    my_subdir:
+        my_secret:
+            - ENC[AES256_GCM,data:asIufg==,iv:LO6jZ71TMzQQE3oalsGn0KBgFsItX5WzyH9cMqm5cq4=,tag:cZdAEK8G8+eWkP3MSaJIsg==,type:bool]
+            - ENC[AES256_GCM,data:gvO1hM8=,iv:Ew2PzyP0L/Ha1VR3e3/kl0zwIlpSuEsYqINR7Uz73Rc=,tag:KJhlE8XkodBYwneRl0Sx8g==,type:bool]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdHRHclo3amJpU2ptbSts
+            ZGU4cit6TmZsWWNaUjdyZ1I1eXE4U3FtOEd3CmNGbnpiSlNON0tNTm83K2tuK0xS
+            eTFONThab1hIdG1jbkJVYTY1b2VsU0kKLS0tIEw3c2JvZ3RJR2RSZWRqa0lqc0VX
+            VlZHbFVMMjlucVNzeGNNQmNnbmNmTWcK524R2Ca+hX/80dr9ZDyoY10FnykHHpCv
+            GJyqsdDxCIqat52KPYUgLFggj8yubjBBeB9pAfgwHL2nG0wIVj/Dqg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSHRQd3g2WUtmRGlPQTlj
+            NkwxeXdRVHN0eC9XbTlGY0x6M2kyMXg1UkZ3Cm5EdXFiMHQyLzNtUjNPRk04UGQx
+            WkllcktrSUl4N3EwUmpzUDA0c2hSM00KLS0tIFZPS2l5UE9WN25Dczh0dlZneGcz
+            eWdYc2ZmZWdybHprQTZEc1BLY3ZodTgKPc9oMfrj3hLL0TwMGlhKS5t2nkZAmn8J
+            2FwSNj8iX9c7Pg7fDnc3QnagVKzZDSW7DlrNliaFf+ZVp78Ibk//xw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-07-27T18:41:23Z"
+    mac: ENC[AES256_GCM,data:kAvS8LdJtvLvNbZYQmpA54F9j9WDRXAzrLokcNdSI4pkclJbvAbXzKVLpTIthOM3JEsatm3RUEfQddOKJLbp5O6yVDcyfaO5Z4cvQxeaM16AdNAKPjF8mXZsRkZSNVL0ktKg86rlSMyXfDrsVjWk6yL4VVKKhuLcXkcWPgDkQpE=,iv:CXtj3eygtdBA/Gg2+X0lsiq0aiunPHdiHthYwgMDLIo=,tag:Opx1Q5QfwS4Bidsx1u1bbw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3