delta/dotfiles
1
0
Fork 0
mirror of https://github.com/deltathetawastaken/dotfiles.git synced 2025-12-06 07:16:37 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

move all secrets to sops, remove agenix

Browse source
This commit is contained in:
Your Name 2024-03-15 18:03:46 +03:00
parent 37c603c25c
commit 0bc665d4de
6 changed files with 45 additions and 109 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

96
flake.lock
View file

@ -1,26 +1,5 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": [],
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1707830867,
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
"owner": "ryantm",
"repo": "agenix",
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"anyrun": {
"inputs": {
"flake-parts": "flake-parts",
@ -120,7 +99,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems"
},
"locked": {
"lastModified": 1709126324,
@ -138,7 +117,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
"systems": "systems_2"
},
"locked": {
"lastModified": 1705309234,
@ -155,27 +134,6 @@
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
@ -233,16 +191,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"lastModified": 1709128929,
"narHash": "sha256-GWrv9a+AgGhG4/eI/CyVVIIygia7cEy68Huv3P8oyaw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"rev": "c8e74c2f83fe12b4e5a8bd1abbc090575b0f7611",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
@ -311,22 +269,6 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1709128929,
"narHash": "sha256-GWrv9a+AgGhG4/eI/CyVVIIygia7cEy68Huv3P8oyaw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c8e74c2f83fe12b4e5a8bd1abbc090575b0f7611",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1709968316,
"narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=",
@ -342,7 +284,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_3": {
"locked": {
"lastModified": 1708807242,
"narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=",
@ -360,11 +302,10 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"anyrun": "anyrun",
"firefox": "firefox",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_2",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix",
@ -373,7 +314,7 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
@ -420,25 +361,10 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"telegram-desktop-patched-unstable": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1708964026,

8
flake.nix
View file

@ -10,8 +10,8 @@
anyrun.url = "github:Kirottu/anyrun";
anyrun.inputs.nixpkgs.follows = "nixpkgs-unstable";
telegram-desktop-patched-unstable.url = "github:shwewo/telegram-desktop-patched";
agenix.url = "github:ryantm/agenix";
agenix.inputs.darwin.follows = "";
#agenix.url = "github:ryantm/agenix";
#agenix.inputs.darwin.follows = "";
#ragenix = {
# url = "github:yaxitech/ragenix";
# inputs.flake-utils.follows = "flake-utils";
@ -20,7 +20,7 @@
sops-nix.url = "github:Mic92/sops-nix";
};
outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixpkgs-unstable, home-manager, firefox, anyrun, agenix, sops-nix, ... }: {
outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixpkgs-unstable, home-manager, firefox, anyrun, sops-nix, ... }: {
nixosConfigurations.dlaptop = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
@ -38,9 +38,7 @@
./hosts/generic.nix
./hosts/dlaptop/configuration.nix
./hosts/dlaptop/hardware-configuration.nix
./hosts/dlaptop/age.nix
home-manager.nixosModules.home-manager
agenix.nixosModules.default
sops-nix.nixosModules.sops
{
home-manager.useGlobalPkgs = true;

2
home/scripts.nix
View file

@ -75,7 +75,7 @@ let
keepassxc = pkgs.writeScriptBin "keepassxc" ''
#!/usr/bin/env bash
${pkgs.coreutils}/bin/cat /run/agenix/qqq | ${pkgs.keepassxc}/bin/keepassxc --pw-stdin ~/Dropbox/pswd.kdbx
${pkgs.coreutils}/bin/cat /run/secrets/qqq | ${pkgs.keepassxc}/bin/keepassxc --pw-stdin ~/Dropbox/pswd.kdbx
'';
keepassxcDesktopItem = pkgs.makeDesktopItem {

11
hosts/dlaptop/age.nix
View file

@ -1,11 +0,0 @@
{ stable, inputs, config, pkgs, lib, ... }:
{
age.secrets = {
singbox-aus = { file = ../../secrets/singbox-aus.age; owner = "socks"; group = "socks"; };
qqq = { file = ../../secrets/qqq.age; owner = "delta"; group = "users"; };
cloudflared = { file = ../../secrets/cloudflared.age; owner = "cloudflared"; group = "cloudflared"; };
};
age.identityPaths = [ "/home/delta/.ssh/id_ed25519" ];
}

36
hosts/dlaptop/configuration.nix
View file

@ -22,14 +22,30 @@
# };
sops = {
defaultSopsFile = ../../secrets/example.yaml;
defaultSopsFile = ../../secrets/generic.yaml;
#defaultSopsFile = ../../.sops.yaml;
#age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519" ];
age.keyFile = "/home/delta/.config/sops/age/keys.txt";
age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519" ];
#age.keyFile = "/home/delta/.config/sops/age/keys.txt";
defaultSopsFormat = "yaml";
secrets.example-key = {};
secrets.qqq = {
mode = "0400"; owner = "delta"; group = "users";
};
secrets.cloudflared = {
mode = "0400"; owner = "cloudflared"; group = "cloudflared";
};
secrets."myservice/my_subdir/my_secret" = {};
secrets.singbox-aus = {
sopsFile = ../../secrets/singbox-aus.bin;
format = "binary";
mode = "0400";
owner = "socks";
group = "socks";
};
};
@ -116,11 +132,18 @@
};
};
users.groups.cloudflared = { };
users.users.cloudflared = {
group = "cloudflared";
isSystemUser = true;
};
users.groups.socks = { };
services.cloudflared.enable = false;
services.cloudflared.tunnels = {
"dlaptop" = {
default = "http_status:404";
credentialsFile = "/run/agenix/cloudflared";
credentialsFile = "/run/secrets/cloudflared";
};
};
@ -310,7 +333,6 @@
#firefox_nightly
#inputs.anyrun.packages.${pkgs.system}.anyrun
inputs.telegram-desktop-patched-unstable.packages.${pkgs.system}.default
inputs.agenix.packages.x86_64-linux.default
# inputs.ragenix.packages.x86_64-linux.default
sops
];
@ -331,7 +353,7 @@
User = "socks";
Group = "socks";
};
script = "sing-box run -c /run/agenix/singbox-aus";
script = "sing-box run -c /run/secrets/singbox-aus";
path = with unstable; [
shadowsocks-libev
shadowsocks-v2ray-plugin

1
hosts/generic.nix
View file

@ -61,6 +61,7 @@ in {
#fishPlugins.hydro
fishPlugins.fzf-fish
fishPlugins.sponge
fzf
grc
unstable.nh
any-nix-shell