delta/dotfiles
1
0
Fork 0
mirror of https://github.com/deltathetawastaken/dotfiles.git synced 2025-12-06 07:16:37 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

sops-nix working, finally

Browse source
This commit is contained in:
Your Name 2024-03-15 15:08:22 +03:00
parent 2b88942d0c
commit b2e65fbc13
5 changed files with 28 additions and 117 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -2,7 +2,7 @@
keys: keys:
- &dlaptop age15ztewc67js3aunwx8zvkdukqy8r3qswpqucjsqqnqjy3zecvacyqdxhl4y - &dlaptop age15ztewc67js3aunwx8zvkdukqy8r3qswpqucjsqqnqjy3zecvacyqdxhl4y
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini|bin)$ - path_regex: secrets/[^/]+\.(yml|yaml|json|env|ini|bin)$
key_groups: key_groups:
- age: - age:
- *dlaptop - *dlaptop

93
flake.lock
View file

@ -154,24 +154,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -193,26 +175,6 @@
"type": "github" "type": "github"
} }
}, },
"home-manager-unstable": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1709204054,
"narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f3367769a93b226c467551315e9e270c3f78b15",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": { "home-manager_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -381,22 +343,6 @@
} }
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": {
"lastModified": 1709128929,
"narHash": "sha256-GWrv9a+AgGhG4/eI/CyVVIIygia7cEy68Huv3P8oyaw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c8e74c2f83fe12b4e5a8bd1abbc090575b0f7611",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1708807242, "lastModified": 1708807242,
"narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=", "narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=",
@ -418,12 +364,10 @@
"anyrun": "anyrun", "anyrun": "anyrun",
"firefox": "firefox", "firefox": "firefox",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"home-manager-unstable": "home-manager-unstable",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"telegram-desktop-patched": "telegram-desktop-patched",
"telegram-desktop-patched-unstable": "telegram-desktop-patched-unstable" "telegram-desktop-patched-unstable": "telegram-desktop-patched-unstable"
} }
}, },
@ -491,46 +435,11 @@
"type": "github" "type": "github"
} }
}, },
"systems_4": { "telegram-desktop-patched-unstable": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"telegram-desktop-patched": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
}, },
"locked": {
"lastModified": 1708738847,
"narHash": "sha256-FqoFulqt0FqqHWxbMHeMAUzSm57VxZae+VVzZdUu+ZA=",
"owner": "shwewo",
"repo": "telegram-desktop-patched",
"rev": "c47ff4b4b9ebdf94317d193c9ee2e40767f98475",
"type": "github"
},
"original": {
"owner": "shwewo",
"ref": "release-23.11",
"repo": "telegram-desktop-patched",
"type": "github"
}
},
"telegram-desktop-patched-unstable": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_5"
},
"locked": { "locked": {
"lastModified": 1708964026, "lastModified": 1708964026,
"narHash": "sha256-WCbIER+gJo+3sUtgM0vuWd/sYzVkAxgCOzmItnLkt9I=", "narHash": "sha256-WCbIER+gJo+3sUtgM0vuWd/sYzVkAxgCOzmItnLkt9I=",

9
flake.nix
View file

@ -5,13 +5,10 @@
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager/release-23.11"; home-manager.url = "github:nix-community/home-manager/release-23.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
home-manager-unstable.url = "github:nix-community/home-manager";
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
firefox.url = "github:nix-community/flake-firefox-nightly"; firefox.url = "github:nix-community/flake-firefox-nightly";
firefox.inputs.nixpkgs.follows = "nixpkgs"; firefox.inputs.nixpkgs.follows = "nixpkgs";
anyrun.url = "github:Kirottu/anyrun"; anyrun.url = "github:Kirottu/anyrun";
anyrun.inputs.nixpkgs.follows = "nixpkgs-unstable"; anyrun.inputs.nixpkgs.follows = "nixpkgs-unstable";
telegram-desktop-patched.url = "github:shwewo/telegram-desktop-patched/release-23.11";
telegram-desktop-patched-unstable.url = "github:shwewo/telegram-desktop-patched"; telegram-desktop-patched-unstable.url = "github:shwewo/telegram-desktop-patched";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
agenix.inputs.darwin.follows = ""; agenix.inputs.darwin.follows = "";
@ -23,7 +20,7 @@
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
}; };
outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixpkgs-unstable, home-manager, home-manager-unstable, firefox, anyrun, agenix, sops-nix, ... }: { outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixpkgs-unstable, home-manager, firefox, anyrun, agenix, sops-nix, ... }: {
nixosConfigurations.dlaptop = nixpkgs-unstable.lib.nixosSystem { nixosConfigurations.dlaptop = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
@ -42,7 +39,7 @@
./hosts/dlaptop/configuration.nix ./hosts/dlaptop/configuration.nix
./hosts/dlaptop/hardware-configuration.nix ./hosts/dlaptop/hardware-configuration.nix
./hosts/dlaptop/age.nix ./hosts/dlaptop/age.nix
home-manager-unstable.nixosModules.home-manager home-manager.nixosModules.home-manager
agenix.nixosModules.default agenix.nixosModules.default
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
{ {
@ -99,7 +96,7 @@
./hosts/generic.nix ./hosts/generic.nix
./hosts/huanan/configuration.nix ./hosts/huanan/configuration.nix
./hosts/huanan/hardware-configuration.nix ./hosts/huanan/hardware-configuration.nix
home-manager-unstable.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;

10
hosts/dlaptop/configuration.nix
View file

@ -22,7 +22,14 @@
# }; # };
sops = { sops = {
age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519.pub" ]; defaultSopsFile = ../../secrets/example.yaml;
#defaultSopsFile = ../../.sops.yaml;
#age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519" ];
age.keyFile = "/home/delta/.config/sops/age/keys.txt";
defaultSopsFormat = "yaml";
secrets.example-key = {};
secrets."myservice/my_subdir/my_secret" = {};
}; };
@ -305,6 +312,7 @@
inputs.telegram-desktop-patched-unstable.packages.${pkgs.system}.default inputs.telegram-desktop-patched-unstable.packages.${pkgs.system}.default
inputs.agenix.packages.x86_64-linux.default inputs.agenix.packages.x86_64-linux.default
# inputs.ragenix.packages.x86_64-linux.default # inputs.ragenix.packages.x86_64-linux.default
sops
]; ];
users.users.socks = { users.users.socks = {

31
secrets/example.yaml
View file

@ -1,13 +1,10 @@
hello: ENC[AES256_GCM,data:F982o/L8SSA8Nmdysb+lnn3UqcIsMoaL9XCUQLUbWHl3fJxPKCpKuOkwE8Ll5no=,iv:BRAWLYw0Apqcw54zTVRaQvsGvl/Vwhvr4qowHa+6i3k=,tag:U79Z2FQSU5QRYu9wcon9ew==,type:str] #ENC[AES256_GCM,data:tsH+OzO1HuSGhW6FpMS4z/B7MGsy53gL8AlR1OtddpQPM/drvvI=,iv:TFXG6UZ+yiIiI7no2I5ZoCBozm/QsckpR08aoVpWmA8=,tag:/L8bfExsQzgUFUyZVjNE6g==,type:comment]
example_key: ENC[AES256_GCM,data:fIfs7s3YFnu173V7wg==,iv:TTNVEdjxx/PqmMD7jf917r80c/4yZRwcwC06c3+nIVQ=,tag:6Q45ZbZonuR2SeZQOjbIJQ==,type:str] example-key: ENC[AES256_GCM,data:ZkByq0+sxynwntrdFw==,iv:fiVTsUwR0FHM0Fa4iDImEC7WUt8NiFolNylp9cCt2Gw=,tag:+34+uHKX5dr4EEnb7hFZJg==,type:str]
#ENC[AES256_GCM,data:t0YOQe7K6Cb5R67CJSB5ig==,iv:y4R8T74RNVn5R2CGCmQqrMn3iJBr39zDuMEH5TP9Pks=,tag:UNI1U7ru6pEHOTBv/z6Paw==,type:comment] #ENC[AES256_GCM,data:byD/SyOeoUWOfbQgsr4zh3brXkNP0eX46qwJEAecN6KLokr2k9/loKL5n+vUHAs8WJpa1xwVuRw=,iv:nWv3leL6YaTT3IurT6wcvQCbvBoaWPihRk7VaZrptJA=,tag:p1ltRsWOXWvWy6DJlQdyVw==,type:comment]
example_array: #ENC[AES256_GCM,data:h2Y/qaN1lKO20UZJ+LbDofboZmIoX5qP90bkb1u+OlIlDtZwhB+hnB+RQ6CgQdH6rU7X3lyd6SDSYNa+GKILH3c7vDLa1Tfb,iv:x6/4DUzV0lHuCy4IjRqutyyMx4pQq4unF52yITEfmQ4=,tag:9WfRbeAKTsiwmSMb3K7wwg==,type:comment]
- ENC[AES256_GCM,data:Ty75UCVboLfXiS6cFVc=,iv:2PLRd11O5gnLRQjJf9c8lw3+zFipsoBsZvF87ZqL3Bo=,tag:ewDPFQ/1XvAgJG1PrQ7waw==,type:str] myservice:
- ENC[AES256_GCM,data:MQaT5bYSaBfRbd66860=,iv:NiBBE1xrktOzHgjtxOrk3wV+6k8DwUBxIWPGxnY/QFE=,tag:M4NcBIx4owKJo5C+3JgHiQ==,type:str] my_subdir:
example_number: ENC[AES256_GCM,data:g+qLV9A/I0x+Yw==,iv:ME3zRKj0hc8p4MhtBgxYgIcEFjhC8WrKW/T/Q4DNkUE=,tag:g5chJsqwrd7KUwO0QdS0bw==,type:float] my_secret: ENC[AES256_GCM,data:j1ZmV39+ZEnO,iv:sNtUdka8nja0NL9MUC2zGIYzdTmMq17PyRnvtrqd1uc=,tag:/hmbVziFWQR0Ns2H8QTcuA==,type:str]
example_booleans:
- ENC[AES256_GCM,data:7Xp+PA==,iv:NtFpL/R9pVRZ6l+45ISMVN8EUhBfJF6pvRss7rfskiI=,tag:a+Ksf3s1pY270j9hg/CB2g==,type:bool]
- ENC[AES256_GCM,data:myM9xqc=,iv:1+KbRG9sd3GPUmm6zH3huqyuohlgAwEFZwgvCgrf4rk=,tag:02365AJm2M6bTBjRjPPGdQ==,type:bool]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -17,14 +14,14 @@ sops:
- recipient: age15ztewc67js3aunwx8zvkdukqy8r3qswpqucjsqqnqjy3zecvacyqdxhl4y - recipient: age15ztewc67js3aunwx8zvkdukqy8r3qswpqucjsqqnqjy3zecvacyqdxhl4y
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZnpZM3h6TksweEZaR2Jk YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDcXVVOWQzWEppMHcyU2ZW
M3FhRU1CNnVoSndFbnV0bjltK1RRYU43cWtnCm50QnhNWTBOaWlDQ3VTampZaDF1 WFdnYkp4UnNzQ0NRQnhSQXVKN3gzbHBZdzNrClBMN1RwVURYVCtlelJ0eXRuMGR0
OVhqWUo0NHNpbmxqSjJjMzZ6T0hRR3MKLS0tIHZpMk1aQmEyYlI0bEk3QnFZdk9o K3BuUUwxNmlmUE56YWVqNWs1VjYralEKLS0tIFpvMEsvYjVFelBqRGFNa05wNHZi
NmViYmd2WjN0K2J4c3BCQXlhVG1nZVEKh3kUzgRH+ImPtc7g7lvYvrHVx5aGxyMJ ZUMveWUySng1eFNCNEc4aThLbHQ4MXcKP5sQvjLknHpO3Tf1rlg4+5LNqPWzBL4p
5ogZJzbeGYT6T9Z4QBQJA6ElMYiO4NwdxPjx0qDzR9zLmzw5ByUC3Q== w+E3S1SsdzF5niYafdFj/5yc4PLdYR3JM9jxcuc2KzRWTM3oQNZH7Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-13T21:53:51Z" lastmodified: "2024-03-15T12:01:43Z"
mac: ENC[AES256_GCM,data:o+k84eY1a8H/QRtZ9DbLn+b8+K0s5ftSy2IXJbTpAuOCaLQK6e6X8sJ892FkUlFCxQ9FLADJTePMNkNMwVXQHeF3/f6fZzum9ERB9BJ0toYIvgY/fGl6qA4C2TbUX6pEsfeUKs+kybiHVA4Rr5OcXxUAxvInV/EaNASK0SfE9DQ=,iv:nsCjp7t8pp9qx4owsfu+L34BZuvKhI164x0BEsJMHQA=,tag:+yuE/MhRN0Z09F6/fEGVfg==,type:str] mac: ENC[AES256_GCM,data:fa1qbbHK87xGuwgfNI6/UlcSGJxA17ccp5s0qfxEiJRvAf0VZ56MNcKIbygIEwFG4D4YIzUh70e4T37iEmbJLTBURjMpoSjDA1AkeSEqBOASeTvqXiAXb8gc2YBA3R+JE/VFwSdi94oNaZXu11QH/XbwackRXOFTMjY2fJq3LFU=,iv:GMQwCR+BA6yCdxh++pRFO08tDybJNV/mu5ifi4zk6f4=,tag:leP7pSqyK491xgOAebPJDg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1