added sops-nix
This commit is contained in:
parent
b189bf3d8e
commit
a2ffbecf1e
9
.sops.yaml
Normal file
9
.sops.yaml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
# .sops.yaml
|
||||||
|
|
||||||
|
keys:
|
||||||
|
- age13dpyswy6ezqr2gyty75waanpc9lhjs073vt56z6tvjyzh9mkydaqwsystl
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: secrets/secrets.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- age13dpyswy6ezqr2gyty75waanpc9lhjs073vt56z6tvjyzh9mkydaqwsystl
|
76
flake.lock
76
flake.lock
|
@ -68,9 +68,7 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"crane": "crane",
|
"crane": "crane",
|
||||||
"flake-utils": "flake-utils",
|
"flake-utils": "flake-utils",
|
||||||
"nixpkgs": [
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"rust-overlay": "rust-overlay"
|
"rust-overlay": "rust-overlay"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -125,6 +123,38 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1700390070,
|
||||||
|
"narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-stable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1700342017,
|
||||||
|
"narHash": "sha256-HaibwlWH5LuqsaibW3sIVjZQtEM/jWtOHX4Nk93abGE=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "decdf666c833a325cb4417041a90681499e06a41",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "release-23.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700204040,
|
"lastModified": 1700204040,
|
||||||
"narHash": "sha256-xSVcS5HBYnD3LTer7Y2K8ZQCDCXMa3QUD1MzRjHzuhI=",
|
"narHash": "sha256-xSVcS5HBYnD3LTer7Y2K8ZQCDCXMa3QUD1MzRjHzuhI=",
|
||||||
|
@ -140,6 +170,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs_3": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1700108881,
|
||||||
|
"narHash": "sha256-+Lqybl8kj0+nD/IlAWPPG/RDTa47gff9nbei0u7BntE=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "7414e9ee0b3e9903c24d3379f577a417f0aae5f1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixpkgs-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700455140,
|
"lastModified": 1700455140,
|
||||||
|
@ -160,8 +206,9 @@
|
||||||
"helix": "helix",
|
"helix": "helix",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs_2",
|
||||||
"nur": "nur"
|
"nur": "nur",
|
||||||
|
"sops-nix": "sops-nix"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"rust-overlay": {
|
"rust-overlay": {
|
||||||
|
@ -189,6 +236,25 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"sops-nix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs_3",
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1700362823,
|
||||||
|
"narHash": "sha256-/H7XgvrYM0IbkpWkcdfkOH0XyBM5ewSWT1UtaLvOgKY=",
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"rev": "49a87c6c827ccd21c225531e30745a9a6464775c",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"systems": {
|
"systems": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681028828,
|
"lastModified": 1681028828,
|
||||||
|
|
21
flake.nix
21
flake.nix
|
@ -18,7 +18,7 @@
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
helix = {
|
helix = {
|
||||||
url = "github:helix-editor/helix/master";
|
url = "github:helix-editor/helix/master";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
# inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
home-manager = {
|
home-manager = {
|
||||||
url = "github:nix-community/home-manager";
|
url = "github:nix-community/home-manager";
|
||||||
|
@ -26,6 +26,7 @@
|
||||||
};
|
};
|
||||||
nixos-hardware.url = "github:NixOs/nixos-hardware/master";
|
nixos-hardware.url = "github:NixOs/nixos-hardware/master";
|
||||||
nur.url = "github:nix-community/nur";
|
nur.url = "github:nix-community/nur";
|
||||||
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
};
|
};
|
||||||
|
|
||||||
# pass in the urls defined above
|
# pass in the urls defined above
|
||||||
|
@ -37,6 +38,7 @@
|
||||||
helix,
|
helix,
|
||||||
nixos-hardware,
|
nixos-hardware,
|
||||||
nur,
|
nur,
|
||||||
|
sops-nix,
|
||||||
...
|
...
|
||||||
} @ inputs: let
|
} @ inputs: let
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
@ -67,6 +69,7 @@
|
||||||
specialArgs = {inherit inputs;};
|
specialArgs = {inherit inputs;};
|
||||||
modules = [
|
modules = [
|
||||||
./hosts/JWST/configuration.nix
|
./hosts/JWST/configuration.nix
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
# nixos-hardware.nixosModules.dell-xps-15-9520
|
# nixos-hardware.nixosModules.dell-xps-15-9520
|
||||||
nixos-hardware.nixosModules.common-gpu-nvidia-disable
|
nixos-hardware.nixosModules.common-gpu-nvidia-disable
|
||||||
{nixpkgs.overlays = overlays;}
|
{nixpkgs.overlays = overlays;}
|
||||||
|
@ -83,14 +86,14 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
#homeConfigurations: define options for different users
|
#homeConfigurations: define options for different users
|
||||||
homeConfigurations."tacocat" = inputs.home-manager.lib.homeManagerConfiguration {
|
# homeConfigurations."tacocat" = inputs.home-manager.lib.homeManagerConfiguration {
|
||||||
inherit pkgs;
|
# inherit pkgs;
|
||||||
extraSpecialArgs = {inherit inputs;}; # Pass flake inputs to our config
|
# extraSpecialArgs = {inherit inputs;}; # Pass flake inputs to our config
|
||||||
modules = [
|
# modules = [
|
||||||
{nixpkgs.overlays = overlays;}
|
# {nixpkgs.overlays = overlays;}
|
||||||
./users/tacocat/home.nix
|
# ./users/tacocat/home.nix
|
||||||
];
|
# ];
|
||||||
};
|
# };
|
||||||
|
|
||||||
# packages.${system}."tacocat" = self.homeConfigurations."tacocat".activationPackage;
|
# packages.${system}."tacocat" = self.homeConfigurations."tacocat".activationPackage;
|
||||||
};
|
};
|
||||||
|
|
|
@ -12,6 +12,11 @@
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
sops.defaultSopsFile = ./secrets/secrets.yaml;
|
||||||
|
sops.defaultSopsFormat = "yaml";
|
||||||
|
|
||||||
|
sops.age.keyFile = "/home/tacocat/.config/sops/age/keys.txt";
|
||||||
|
|
||||||
boot.loader = {
|
boot.loader = {
|
||||||
efi.canTouchEfiVariables = false;
|
efi.canTouchEfiVariables = false;
|
||||||
grub = {
|
grub = {
|
||||||
|
|
35
secrets/secrets.yaml
Normal file
35
secrets/secrets.yaml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
#ENC[AES256_GCM,data:JjngdEl24lzivXSGGtT+BmiEgJv9CYFGoshMp341WTVhGZb0CfJw/INV5Hds4It+b5VdKwsq,iv:z7QQf9jHo/UnOeFL5Xr+Gigvumj5oeCw+qbuDDvC05k=,tag:E76DCMWb0jJtNpjVEY7Tiw==,type:comment]
|
||||||
|
#ENC[AES256_GCM,data:HICA26c4UzeSp1IhNUkoFukr14zNLQ6PRzXa,iv:Ai2VRUy4F0l58M+zP8UTJ+HwpnnntvhXqRGDFKgfxoc=,tag:u3Z1J+6jjDStKsPVcdQ48w==,type:comment]
|
||||||
|
#ENC[AES256_GCM,data:91rUTDQieSAoP34dVPhUVQ==,iv:yiCh0c97u0FcofOfTkvJG0kee12GyObDQWiV2cLeN8g=,tag:RxtR8qSFw/U3NdKJl/6q3g==,type:comment]
|
||||||
|
#ENC[AES256_GCM,data:fBniAj/OEUphfzuouN4V,iv:oDvxL66JaHok1Bmd4gVc85/5bHpVPgixT/DM92eeqwI=,tag:ZQsqpszjmPThhkFaeI3hfg==,type:comment]
|
||||||
|
#ENC[AES256_GCM,data:5vniSSqRnOLyiyV6ylKevv8AZsJw,iv:Z5mefVGn9jSCPJZRkwjPZ2alkUwao0bCJVS3aRY3egE=,tag:aHZcDJWmHx1MEux6bKuWFg==,type:comment]
|
||||||
|
#ENC[AES256_GCM,data:al064LOcqMiJljtxOtEkYPiTFanG,iv:mqO28HpExCICHRPbmyo3LK7QFysAOzf8Mn666QgC/9Q=,tag:Pcb0VSAJ3TkQLbDoobJTkA==,type:comment]
|
||||||
|
#ENC[AES256_GCM,data:tMg+HbmZGZLzc3WZJVrwmOi7JjCBbkJdWRwm,iv:3pDsdJX2OSactrP9CQeNvQR7q01qXo/BR4FKLhcaiyQ=,tag:Wxlf6SuGWgGEVvG7Sjcojw==,type:comment]
|
||||||
|
#ENC[AES256_GCM,data:Qs7LdUYBaoCLtlu+VdIHrIsA,iv:lWJsId1PA6mc+E0+mP55EfoCk5rixb+Z91XtUg6ivCw=,tag:XVDzTi/poTsRT6m3dbcLZA==,type:comment]
|
||||||
|
#ENC[AES256_GCM,data:73KcTxpT6YfRex8=,iv:3pLvjR/BOayKYUvCaZbW4JbCpbNqJ0QrcO+GvAAZauo=,tag:y4HM5xLSAzaEBrSqWUlpsQ==,type:comment]
|
||||||
|
#ENC[AES256_GCM,data:OiGD0S0aKU15hDKi,iv:dIFoxlFYv2dbQFTk1O/pJld30sVNOFpq83z8YqFdruE=,tag:PRat5Zkn5MBfgAt0voPuNg==,type:comment]
|
||||||
|
email:
|
||||||
|
school: ENC[AES256_GCM,data:5YdbEGvP3dkwOnGlwL2B,iv:FMHMImPMKCgtIoj8s3O5zPawPfMzJun7p0CACE/Iey4=,tag:NEA8a55p38za/kvhJOgfmg==,type:str]
|
||||||
|
personal: ENC[AES256_GCM,data:YFgATpdZkwYAmvyJcdbjuA==,iv:709EcGDPSfnUFI4Epdj3FLCQ/V3BvN3e50/c49n9qyg=,tag:xmR6B13j1zOo5KYxYU1iRQ==,type:str]
|
||||||
|
spam: ENC[AES256_GCM,data:Y0l/i74rH9brxBOyiCPyMaeE3A==,iv:cS/32vlXFLQI3vCIdMqNrzivO/9aqXNPAqQ1YWgjAoQ=,tag:+CBrYlnH5xgHkVZU/MMIDQ==,type:str]
|
||||||
|
proton: ENC[AES256_GCM,data:0jOY+B5px9GTLHCBXFz+QFE+CQ==,iv:R8CCCewIUo9fJ4gTByzTwwfNyTIOPH9ktUAPPqkGMd8=,tag:nqjFuvmBq5N02MPXi6ha6A==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age13dpyswy6ezqr2gyty75waanpc9lhjs073vt56z6tvjyzh9mkydaqwsystl
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiNnpRZXBwaXk0aDZhMDBy
|
||||||
|
cThMNGdWaE9GZlpFN3RTLzhaYVJUKzFORkNjCmtuakFIczhVNXltQk42RWxjUnlz
|
||||||
|
dTdkUmJOdjBCZXZNZjE4QURGVW5wUGsKLS0tIGhkclA1M3dKZzUxZWpLZDlsRHZR
|
||||||
|
VTlua3pQRTZGUGw4OEVQSUhsMHZoVncKm0+J++ZOflbTjfb0Q/nC/LnwKXOq5XEE
|
||||||
|
CvRQmjp4sWgmnP8wrcPvtInPrkVYBHluI9DD9DRoQ+PTYsz8xSIRig==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-11-22T04:23:23Z"
|
||||||
|
mac: ENC[AES256_GCM,data:JviqHLWwa+6Mnc8rmqaXWkPVRPm9LbwQBzXkc/ZsMHpcpBN2W6jWxof8AbNsU+d7eKhYlT4QeBC/13nlIcgxdNOP1ArDL94g9aFmve7iEyCUOQLf3bBExpFLxHWzUFmDTNh0ZmaGtUBH2gWyj3zY5t6EQ87Wo+PPlaiOHaNskBo=,iv:N1/eXQOjBR027T6hAsmNoZyVzU+uWZrtRBJLesaM76c=,tag:ycl1tNjSn3VkPek9woQWGg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -14,6 +14,7 @@
|
||||||
];
|
];
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
rnote
|
rnote
|
||||||
|
sops
|
||||||
libreoffice
|
libreoffice
|
||||||
notify-desktop
|
notify-desktop
|
||||||
texlive.combined.scheme-medium
|
texlive.combined.scheme-medium
|
||||||
|
|
Loading…
Reference in a new issue