tacocatgirl/nix-config
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

added sops-nix

Browse source
This commit is contained in:
Aria Nolan 2023-11-21 23:23:41 -05:00
parent b189bf3d8e
commit a2ffbecf1e
6 changed files with 133 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.sops.yaml Normal file
View file

@ -0,0 +1,9 @@
# .sops.yaml
keys:
- age13dpyswy6ezqr2gyty75waanpc9lhjs073vt56z6tvjyzh9mkydaqwsystl
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- age13dpyswy6ezqr2gyty75waanpc9lhjs073vt56z6tvjyzh9mkydaqwsystl

76
flake.lock
View file

@ -68,9 +68,7 @@
"inputs": {
"crane": "crane",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay"
},
"locked": {
@ -125,6 +123,38 @@
}
},
"nixpkgs": {
"locked": {
"lastModified": 1700390070,
"narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1700342017,
"narHash": "sha256-HaibwlWH5LuqsaibW3sIVjZQtEM/jWtOHX4Nk93abGE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "decdf666c833a325cb4417041a90681499e06a41",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1700204040,
"narHash": "sha256-xSVcS5HBYnD3LTer7Y2K8ZQCDCXMa3QUD1MzRjHzuhI=",
@ -140,6 +170,22 @@
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1700108881,
"narHash": "sha256-+Lqybl8kj0+nD/IlAWPPG/RDTa47gff9nbei0u7BntE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7414e9ee0b3e9903c24d3379f577a417f0aae5f1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1700455140,
@ -160,8 +206,9 @@
"helix": "helix",
"home-manager": "home-manager",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nur": "nur"
"nixpkgs": "nixpkgs_2",
"nur": "nur",
"sops-nix": "sops-nix"
}
},
"rust-overlay": {
@ -189,6 +236,25 @@
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1700362823,
"narHash": "sha256-/H7XgvrYM0IbkpWkcdfkOH0XyBM5ewSWT1UtaLvOgKY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "49a87c6c827ccd21c225531e30745a9a6464775c",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,

21
flake.nix
View file

@ -18,7 +18,7 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
helix = {
url = "github:helix-editor/helix/master";
inputs.nixpkgs.follows = "nixpkgs";
# inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
@ -26,6 +26,7 @@
};
nixos-hardware.url = "github:NixOs/nixos-hardware/master";
nur.url = "github:nix-community/nur";
sops-nix.url = "github:Mic92/sops-nix";
};
# pass in the urls defined above
@ -37,6 +38,7 @@
helix,
nixos-hardware,
nur,
sops-nix,
...
} @ inputs: let
system = "x86_64-linux";
@ -67,6 +69,7 @@
specialArgs = {inherit inputs;};
modules = [
./hosts/JWST/configuration.nix
sops-nix.nixosModules.sops
# nixos-hardware.nixosModules.dell-xps-15-9520
nixos-hardware.nixosModules.common-gpu-nvidia-disable
{nixpkgs.overlays = overlays;}
@ -83,14 +86,14 @@
};
#homeConfigurations: define options for different users
homeConfigurations."tacocat" = inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {inherit inputs;}; # Pass flake inputs to our config
modules = [
{nixpkgs.overlays = overlays;}
./users/tacocat/home.nix
];
};
# homeConfigurations."tacocat" = inputs.home-manager.lib.homeManagerConfiguration {
# inherit pkgs;
# extraSpecialArgs = {inherit inputs;}; # Pass flake inputs to our config
# modules = [
# {nixpkgs.overlays = overlays;}
# ./users/tacocat/home.nix
# ];
# };
# packages.${system}."tacocat" = self.homeConfigurations."tacocat".activationPackage;
};

5
hosts/JWST/configuration.nix
View file

@ -12,6 +12,11 @@
./hardware-configuration.nix
];
sops.defaultSopsFile = ./secrets/secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/home/tacocat/.config/sops/age/keys.txt";
boot.loader = {
efi.canTouchEfiVariables = false;
grub = {

35
secrets/secrets.yaml Normal file
View file

@ -0,0 +1,35 @@
#ENC[AES256_GCM,data:JjngdEl24lzivXSGGtT+BmiEgJv9CYFGoshMp341WTVhGZb0CfJw/INV5Hds4It+b5VdKwsq,iv:z7QQf9jHo/UnOeFL5Xr+Gigvumj5oeCw+qbuDDvC05k=,tag:E76DCMWb0jJtNpjVEY7Tiw==,type:comment]
#ENC[AES256_GCM,data:HICA26c4UzeSp1IhNUkoFukr14zNLQ6PRzXa,iv:Ai2VRUy4F0l58M+zP8UTJ+HwpnnntvhXqRGDFKgfxoc=,tag:u3Z1J+6jjDStKsPVcdQ48w==,type:comment]
#ENC[AES256_GCM,data:91rUTDQieSAoP34dVPhUVQ==,iv:yiCh0c97u0FcofOfTkvJG0kee12GyObDQWiV2cLeN8g=,tag:RxtR8qSFw/U3NdKJl/6q3g==,type:comment]
#ENC[AES256_GCM,data:fBniAj/OEUphfzuouN4V,iv:oDvxL66JaHok1Bmd4gVc85/5bHpVPgixT/DM92eeqwI=,tag:ZQsqpszjmPThhkFaeI3hfg==,type:comment]
#ENC[AES256_GCM,data:5vniSSqRnOLyiyV6ylKevv8AZsJw,iv:Z5mefVGn9jSCPJZRkwjPZ2alkUwao0bCJVS3aRY3egE=,tag:aHZcDJWmHx1MEux6bKuWFg==,type:comment]
#ENC[AES256_GCM,data:al064LOcqMiJljtxOtEkYPiTFanG,iv:mqO28HpExCICHRPbmyo3LK7QFysAOzf8Mn666QgC/9Q=,tag:Pcb0VSAJ3TkQLbDoobJTkA==,type:comment]
#ENC[AES256_GCM,data:tMg+HbmZGZLzc3WZJVrwmOi7JjCBbkJdWRwm,iv:3pDsdJX2OSactrP9CQeNvQR7q01qXo/BR4FKLhcaiyQ=,tag:Wxlf6SuGWgGEVvG7Sjcojw==,type:comment]
#ENC[AES256_GCM,data:Qs7LdUYBaoCLtlu+VdIHrIsA,iv:lWJsId1PA6mc+E0+mP55EfoCk5rixb+Z91XtUg6ivCw=,tag:XVDzTi/poTsRT6m3dbcLZA==,type:comment]
#ENC[AES256_GCM,data:73KcTxpT6YfRex8=,iv:3pLvjR/BOayKYUvCaZbW4JbCpbNqJ0QrcO+GvAAZauo=,tag:y4HM5xLSAzaEBrSqWUlpsQ==,type:comment]
#ENC[AES256_GCM,data:OiGD0S0aKU15hDKi,iv:dIFoxlFYv2dbQFTk1O/pJld30sVNOFpq83z8YqFdruE=,tag:PRat5Zkn5MBfgAt0voPuNg==,type:comment]
email:
school: ENC[AES256_GCM,data:5YdbEGvP3dkwOnGlwL2B,iv:FMHMImPMKCgtIoj8s3O5zPawPfMzJun7p0CACE/Iey4=,tag:NEA8a55p38za/kvhJOgfmg==,type:str]
personal: ENC[AES256_GCM,data:YFgATpdZkwYAmvyJcdbjuA==,iv:709EcGDPSfnUFI4Epdj3FLCQ/V3BvN3e50/c49n9qyg=,tag:xmR6B13j1zOo5KYxYU1iRQ==,type:str]
spam: ENC[AES256_GCM,data:Y0l/i74rH9brxBOyiCPyMaeE3A==,iv:cS/32vlXFLQI3vCIdMqNrzivO/9aqXNPAqQ1YWgjAoQ=,tag:+CBrYlnH5xgHkVZU/MMIDQ==,type:str]
proton: ENC[AES256_GCM,data:0jOY+B5px9GTLHCBXFz+QFE+CQ==,iv:R8CCCewIUo9fJ4gTByzTwwfNyTIOPH9ktUAPPqkGMd8=,tag:nqjFuvmBq5N02MPXi6ha6A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age13dpyswy6ezqr2gyty75waanpc9lhjs073vt56z6tvjyzh9mkydaqwsystl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiNnpRZXBwaXk0aDZhMDBy
cThMNGdWaE9GZlpFN3RTLzhaYVJUKzFORkNjCmtuakFIczhVNXltQk42RWxjUnlz
dTdkUmJOdjBCZXZNZjE4QURGVW5wUGsKLS0tIGhkclA1M3dKZzUxZWpLZDlsRHZR
VTlua3pQRTZGUGw4OEVQSUhsMHZoVncKm0+J++ZOflbTjfb0Q/nC/LnwKXOq5XEE
CvRQmjp4sWgmnP8wrcPvtInPrkVYBHluI9DD9DRoQ+PTYsz8xSIRig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-22T04:23:23Z"
mac: ENC[AES256_GCM,data:JviqHLWwa+6Mnc8rmqaXWkPVRPm9LbwQBzXkc/ZsMHpcpBN2W6jWxof8AbNsU+d7eKhYlT4QeBC/13nlIcgxdNOP1ArDL94g9aFmve7iEyCUOQLf3bBExpFLxHWzUFmDTNh0ZmaGtUBH2gWyj3zY5t6EQ87Wo+PPlaiOHaNskBo=,iv:N1/eXQOjBR027T6hAsmNoZyVzU+uWZrtRBJLesaM76c=,tag:ycl1tNjSn3VkPek9woQWGg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

1
users/tacocat/home.nix
View file

@ -14,6 +14,7 @@
];
packages = with pkgs; [
rnote
sops
libreoffice
notify-desktop
texlive.combined.scheme-medium