diff --git a/.sops.yaml b/.sops.yaml index 916b2b0..32134aa 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,7 +2,7 @@ keys: - &dlaptop age15ztewc67js3aunwx8zvkdukqy8r3qswpqucjsqqnqjy3zecvacyqdxhl4y creation_rules: - - path_regex: secrets/[^/]+\.(yaml|json|env|ini|bin)$ + - path_regex: secrets/[^/]+\.(yml|yaml|json|env|ini|bin)$ key_groups: - age: - *dlaptop diff --git a/flake.lock b/flake.lock index bc119a7..61f6036 100644 --- a/flake.lock +++ b/flake.lock @@ -154,24 +154,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -193,26 +175,6 @@ "type": "github" } }, - "home-manager-unstable": { - "inputs": { - "nixpkgs": [ - "nixpkgs-unstable" - ] - }, - "locked": { - "lastModified": 1709204054, - "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "2f3367769a93b226c467551315e9e270c3f78b15", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -381,22 +343,6 @@ } }, "nixpkgs_4": { - "locked": { - "lastModified": 1709128929, - "narHash": "sha256-GWrv9a+AgGhG4/eI/CyVVIIygia7cEy68Huv3P8oyaw=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c8e74c2f83fe12b4e5a8bd1abbc090575b0f7611", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1708807242, "narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=", @@ -418,12 +364,10 @@ "anyrun": "anyrun", "firefox": "firefox", "home-manager": "home-manager_2", - "home-manager-unstable": "home-manager-unstable", "nixpkgs": "nixpkgs_2", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix", - "telegram-desktop-patched": "telegram-desktop-patched", "telegram-desktop-patched-unstable": "telegram-desktop-patched-unstable" } }, @@ -491,46 +435,11 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "telegram-desktop-patched": { + "telegram-desktop-patched-unstable": { "inputs": { "flake-utils": "flake-utils_2", "nixpkgs": "nixpkgs_4" }, - "locked": { - "lastModified": 1708738847, - "narHash": "sha256-FqoFulqt0FqqHWxbMHeMAUzSm57VxZae+VVzZdUu+ZA=", - "owner": "shwewo", - "repo": "telegram-desktop-patched", - "rev": "c47ff4b4b9ebdf94317d193c9ee2e40767f98475", - "type": "github" - }, - "original": { - "owner": "shwewo", - "ref": "release-23.11", - "repo": "telegram-desktop-patched", - "type": "github" - } - }, - "telegram-desktop-patched-unstable": { - "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_5" - }, "locked": { "lastModified": 1708964026, "narHash": "sha256-WCbIER+gJo+3sUtgM0vuWd/sYzVkAxgCOzmItnLkt9I=", diff --git a/flake.nix b/flake.nix index 9535c6e..396cad6 100644 --- a/flake.nix +++ b/flake.nix @@ -5,13 +5,10 @@ nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; home-manager.url = "github:nix-community/home-manager/release-23.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; - home-manager-unstable.url = "github:nix-community/home-manager"; - home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable"; firefox.url = "github:nix-community/flake-firefox-nightly"; firefox.inputs.nixpkgs.follows = "nixpkgs"; anyrun.url = "github:Kirottu/anyrun"; anyrun.inputs.nixpkgs.follows = "nixpkgs-unstable"; - telegram-desktop-patched.url = "github:shwewo/telegram-desktop-patched/release-23.11"; telegram-desktop-patched-unstable.url = "github:shwewo/telegram-desktop-patched"; agenix.url = "github:ryantm/agenix"; agenix.inputs.darwin.follows = ""; @@ -23,7 +20,7 @@ sops-nix.url = "github:Mic92/sops-nix"; }; - outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixpkgs-unstable, home-manager, home-manager-unstable, firefox, anyrun, agenix, sops-nix, ... }: { + outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixpkgs-unstable, home-manager, firefox, anyrun, agenix, sops-nix, ... }: { nixosConfigurations.dlaptop = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { @@ -42,7 +39,7 @@ ./hosts/dlaptop/configuration.nix ./hosts/dlaptop/hardware-configuration.nix ./hosts/dlaptop/age.nix - home-manager-unstable.nixosModules.home-manager + home-manager.nixosModules.home-manager agenix.nixosModules.default sops-nix.nixosModules.sops { @@ -99,7 +96,7 @@ ./hosts/generic.nix ./hosts/huanan/configuration.nix ./hosts/huanan/hardware-configuration.nix - home-manager-unstable.nixosModules.home-manager + home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; diff --git a/hosts/dlaptop/configuration.nix b/hosts/dlaptop/configuration.nix index fdd4017..1ba55f6 100644 --- a/hosts/dlaptop/configuration.nix +++ b/hosts/dlaptop/configuration.nix @@ -22,7 +22,14 @@ # }; sops = { - age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519.pub" ]; + defaultSopsFile = ../../secrets/example.yaml; + #defaultSopsFile = ../../.sops.yaml; + #age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519" ]; + age.keyFile = "/home/delta/.config/sops/age/keys.txt"; + defaultSopsFormat = "yaml"; + + secrets.example-key = {}; + secrets."myservice/my_subdir/my_secret" = {}; }; @@ -305,6 +312,7 @@ inputs.telegram-desktop-patched-unstable.packages.${pkgs.system}.default inputs.agenix.packages.x86_64-linux.default # inputs.ragenix.packages.x86_64-linux.default + sops ]; users.users.socks = { diff --git a/secrets/example.yaml b/secrets/example.yaml index 4ab725c..13ac996 100644 --- a/secrets/example.yaml +++ b/secrets/example.yaml @@ -1,13 +1,10 @@ -hello: ENC[AES256_GCM,data:F982o/L8SSA8Nmdysb+lnn3UqcIsMoaL9XCUQLUbWHl3fJxPKCpKuOkwE8Ll5no=,iv:BRAWLYw0Apqcw54zTVRaQvsGvl/Vwhvr4qowHa+6i3k=,tag:U79Z2FQSU5QRYu9wcon9ew==,type:str] -example_key: ENC[AES256_GCM,data:fIfs7s3YFnu173V7wg==,iv:TTNVEdjxx/PqmMD7jf917r80c/4yZRwcwC06c3+nIVQ=,tag:6Q45ZbZonuR2SeZQOjbIJQ==,type:str] -#ENC[AES256_GCM,data:t0YOQe7K6Cb5R67CJSB5ig==,iv:y4R8T74RNVn5R2CGCmQqrMn3iJBr39zDuMEH5TP9Pks=,tag:UNI1U7ru6pEHOTBv/z6Paw==,type:comment] -example_array: - - ENC[AES256_GCM,data:Ty75UCVboLfXiS6cFVc=,iv:2PLRd11O5gnLRQjJf9c8lw3+zFipsoBsZvF87ZqL3Bo=,tag:ewDPFQ/1XvAgJG1PrQ7waw==,type:str] - - ENC[AES256_GCM,data:MQaT5bYSaBfRbd66860=,iv:NiBBE1xrktOzHgjtxOrk3wV+6k8DwUBxIWPGxnY/QFE=,tag:M4NcBIx4owKJo5C+3JgHiQ==,type:str] -example_number: ENC[AES256_GCM,data:g+qLV9A/I0x+Yw==,iv:ME3zRKj0hc8p4MhtBgxYgIcEFjhC8WrKW/T/Q4DNkUE=,tag:g5chJsqwrd7KUwO0QdS0bw==,type:float] -example_booleans: - - ENC[AES256_GCM,data:7Xp+PA==,iv:NtFpL/R9pVRZ6l+45ISMVN8EUhBfJF6pvRss7rfskiI=,tag:a+Ksf3s1pY270j9hg/CB2g==,type:bool] - - ENC[AES256_GCM,data:myM9xqc=,iv:1+KbRG9sd3GPUmm6zH3huqyuohlgAwEFZwgvCgrf4rk=,tag:02365AJm2M6bTBjRjPPGdQ==,type:bool] +#ENC[AES256_GCM,data:tsH+OzO1HuSGhW6FpMS4z/B7MGsy53gL8AlR1OtddpQPM/drvvI=,iv:TFXG6UZ+yiIiI7no2I5ZoCBozm/QsckpR08aoVpWmA8=,tag:/L8bfExsQzgUFUyZVjNE6g==,type:comment] +example-key: ENC[AES256_GCM,data:ZkByq0+sxynwntrdFw==,iv:fiVTsUwR0FHM0Fa4iDImEC7WUt8NiFolNylp9cCt2Gw=,tag:+34+uHKX5dr4EEnb7hFZJg==,type:str] +#ENC[AES256_GCM,data:byD/SyOeoUWOfbQgsr4zh3brXkNP0eX46qwJEAecN6KLokr2k9/loKL5n+vUHAs8WJpa1xwVuRw=,iv:nWv3leL6YaTT3IurT6wcvQCbvBoaWPihRk7VaZrptJA=,tag:p1ltRsWOXWvWy6DJlQdyVw==,type:comment] +#ENC[AES256_GCM,data:h2Y/qaN1lKO20UZJ+LbDofboZmIoX5qP90bkb1u+OlIlDtZwhB+hnB+RQ6CgQdH6rU7X3lyd6SDSYNa+GKILH3c7vDLa1Tfb,iv:x6/4DUzV0lHuCy4IjRqutyyMx4pQq4unF52yITEfmQ4=,tag:9WfRbeAKTsiwmSMb3K7wwg==,type:comment] +myservice: + my_subdir: + my_secret: ENC[AES256_GCM,data:j1ZmV39+ZEnO,iv:sNtUdka8nja0NL9MUC2zGIYzdTmMq17PyRnvtrqd1uc=,tag:/hmbVziFWQR0Ns2H8QTcuA==,type:str] sops: kms: [] gcp_kms: [] @@ -17,14 +14,14 @@ sops: - recipient: age15ztewc67js3aunwx8zvkdukqy8r3qswpqucjsqqnqjy3zecvacyqdxhl4y enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZnpZM3h6TksweEZaR2Jk - M3FhRU1CNnVoSndFbnV0bjltK1RRYU43cWtnCm50QnhNWTBOaWlDQ3VTampZaDF1 - OVhqWUo0NHNpbmxqSjJjMzZ6T0hRR3MKLS0tIHZpMk1aQmEyYlI0bEk3QnFZdk9o - NmViYmd2WjN0K2J4c3BCQXlhVG1nZVEKh3kUzgRH+ImPtc7g7lvYvrHVx5aGxyMJ - 5ogZJzbeGYT6T9Z4QBQJA6ElMYiO4NwdxPjx0qDzR9zLmzw5ByUC3Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDcXVVOWQzWEppMHcyU2ZW + WFdnYkp4UnNzQ0NRQnhSQXVKN3gzbHBZdzNrClBMN1RwVURYVCtlelJ0eXRuMGR0 + K3BuUUwxNmlmUE56YWVqNWs1VjYralEKLS0tIFpvMEsvYjVFelBqRGFNa05wNHZi + ZUMveWUySng1eFNCNEc4aThLbHQ4MXcKP5sQvjLknHpO3Tf1rlg4+5LNqPWzBL4p + w+E3S1SsdzF5niYafdFj/5yc4PLdYR3JM9jxcuc2KzRWTM3oQNZH7Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-13T21:53:51Z" - mac: ENC[AES256_GCM,data:o+k84eY1a8H/QRtZ9DbLn+b8+K0s5ftSy2IXJbTpAuOCaLQK6e6X8sJ892FkUlFCxQ9FLADJTePMNkNMwVXQHeF3/f6fZzum9ERB9BJ0toYIvgY/fGl6qA4C2TbUX6pEsfeUKs+kybiHVA4Rr5OcXxUAxvInV/EaNASK0SfE9DQ=,iv:nsCjp7t8pp9qx4owsfu+L34BZuvKhI164x0BEsJMHQA=,tag:+yuE/MhRN0Z09F6/fEGVfg==,type:str] + lastmodified: "2024-03-15T12:01:43Z" + mac: ENC[AES256_GCM,data:fa1qbbHK87xGuwgfNI6/UlcSGJxA17ccp5s0qfxEiJRvAf0VZ56MNcKIbygIEwFG4D4YIzUh70e4T37iEmbJLTBURjMpoSjDA1AkeSEqBOASeTvqXiAXb8gc2YBA3R+JE/VFwSdi94oNaZXu11QH/XbwackRXOFTMjY2fJq3LFU=,iv:GMQwCR+BA6yCdxh++pRFO08tDybJNV/mu5ifi4zk6f4=,tag:leP7pSqyK491xgOAebPJDg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1