valnyx/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add: sops support

Browse source
This commit is contained in:
valerie 2024-07-13 19:04:25 -04:00
parent b5dc006bef
commit 9305702771
Signed by: valnyx
GPG key ID: CC10324DD962CB7E
5 changed files with 102 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
flake.lock
View file

@ -416,6 +416,24 @@
"type": "github" "type": "github"
} }
}, },
"mysecrets": {
"flake": false,
"locked": {
"lastModified": 1720910245,
"narHash": "sha256-xACM/LGDLmgy8JQIPWojb5KOiIqbQpofX9WUbGQHiZE=",
"ref": "main",
"rev": "2f617698545719fd26f7fc074a0da1e6673e62d9",
"shallow": true,
"type": "git",
"url": "ssh://git@192.168.1.203:2222/deva/secrets.git"
},
"original": {
"ref": "main",
"shallow": true,
"type": "git",
"url": "ssh://git@192.168.1.203:2222/deva/secrets.git"
}
},
"nh": { "nh": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -505,6 +523,22 @@
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1720282526,
"narHash": "sha256-dudRkHPRivMNOhd04YI+v4sWvn2SnN5ODSPIu5IVbco=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "550ac3e955c30fe96dd8b2223e37e0f5d225c927",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1719848872, "lastModified": 1719848872,
@ -559,14 +593,37 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"hyprland": "hyprland", "hyprland": "hyprland",
"impermanence": "impermanence", "impermanence": "impermanence",
"mysecrets": "mysecrets",
"nh": "nh", "nh": "nh",
"nix-gaming": "nix-gaming", "nix-gaming": "nix-gaming",
"nix-index-db": "nix-index-db", "nix-index-db": "nix-index-db",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix",
"stylix": "stylix" "stylix": "stylix"
} }
}, },
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1720321395,
"narHash": "sha256-kcI8q9Nh8/CSj0ygfWq1DLckHl8IHhFarL8ie6g7OEk=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c184aca4db5d71c3db0c8cbfcaaec337a5d065ea",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"stylix": { "stylix": {
"inputs": { "inputs": {
"base16": "base16", "base16": "base16",

10
flake.nix
View file

@ -36,6 +36,16 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
mysecrets = {
url = "git+ssh://git@192.168.1.203:2222/deva/secrets.git?ref=main&shallow=1";
flake = false;
};
stylix.url = "github:danth/stylix"; stylix.url = "github:danth/stylix";
}; };

28
os/configuration.nix
View file

@ -5,11 +5,37 @@
outputs, outputs,
inputs, inputs,
... ...
}: { }: let
secretspath = builtins.toString inputs.mysecrets;
in {
imports = [ imports = [
inputs.nix-gaming.nixosModules.pipewireLowLatency inputs.nix-gaming.nixosModules.pipewireLowLatency
inputs.sops-nix.nixosModules.sops
]; ];
sops.defaultSopsFormat = "yaml";
sops.defaultSopsFile = "${secretspath}/secrets.yaml";
sops.validateSopsFiles = false;
# sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# sops.age.keyFile = "/var/lib/sops-nix/key.txt";
# sops.age.generateKey = true;
# This file below is the only file that needs to be copied over (for sops support)
sops.age.keyFile = "/home/${config.users.users.me.name}/.config/sops/age/keys.txt";
sops.secrets = {
id_dev = {
owner = config.users.users.me.name;
inherit (config.users.users.me) group;
path = "/home/${config.users.users.me.name}/.ssh/id_dev";
};
user_password = {
neededForUsers = true;
};
};
home-manager.users.me.home.file.".ssh/id_dev.pub".text = builtins.readFile ./id_dev.pub;
users.mutableUsers = false;
users.users.me.hashedPasswordFile = config.sops.secrets.user_password.path;
nixpkgs.config = {allowUnfree = true;}; nixpkgs.config = {allowUnfree = true;};
nixpkgs.overlays = [ nixpkgs.overlays = [
outputs.overlays.additions outputs.overlays.additions

7
os/dev/default.nix
View file

@ -100,17 +100,12 @@
enable = true; enable = true;
matchBlocks = { matchBlocks = {
"hi@dessa.dev" = { "hi@dessa.dev" = {
host = "gitlab.com github.com"; host = "gitlab.com github.com 192.168.1.203";
identitiesOnly = true; identitiesOnly = true;
identityFile = [ identityFile = [
"~/.ssh/id_dev" "~/.ssh/id_dev"
]; ];
}; };
"dess_key" = {
host = "192.168.1.203";
identitiesOnly = true;
identityFile = ["~/.ssh/id_dess"];
};
}; };
}; };
gpg = { gpg = {

10
os/users.nix
View file

@ -1,10 +1,14 @@
{pkgs, ...}: { {
pkgs,
config,
...
}: {
imports = [./util/user.nix ./gnome_support.nix]; imports = [./util/user.nix ./gnome_support.nix];
user.deva = { user.me = {
username = "deva";
shell = "zsh"; shell = "zsh";
description = "Deva Waves"; description = "Deva Waves";
initialPassword = "12345";
sudoer = true; sudoer = true;
developer = true; developer = true;
extraGroups = ["networkmanager" "audio" "docker" "input" "libvirtd" "plugdev" "video" "adbusers"]; extraGroups = ["networkmanager" "audio" "docker" "input" "libvirtd" "plugdev" "video" "adbusers"];