mirror of
https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git
synced 2024-12-22 16:09:50 +01:00
Add nixPath and sops-nix
This commit is contained in:
parent
4af5fb4bcb
commit
86c49e2ac6
6 changed files with 95 additions and 2 deletions
10
.sops.yaml
Normal file
10
.sops.yaml
Normal file
|
@ -0,0 +1,10 @@
|
|||
keys:
|
||||
- &primary_gpg D3067BE844D3FC49535A47B29396B8BA6FBB14DE
|
||||
- &vps_ssh_pubkey age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
|
||||
creation_rules:
|
||||
- path_regex: secrets/secrets.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *primary_gpg
|
||||
age:
|
||||
- *vps_ssh_pubkey
|
26
flake.lock
26
flake.lock
|
@ -112,7 +112,31 @@
|
|||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-fresh": "nixpkgs-fresh",
|
||||
"nixpkgs-locked": "nixpkgs-locked",
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
"nixpkgs-stable": "nixpkgs-stable",
|
||||
"sops-nix": "sops-nix"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": [
|
||||
"nixpkgs-stable"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705805983,
|
||||
"narHash": "sha256-HluB9w7l75I4kK25uO4y6baY4fcDm2Rho0WI1DN2Hmc=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "ae171b54e76ced88d506245249609f8c87305752",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
@ -26,6 +26,11 @@
|
|||
url = "github:viperML/nh";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.nixpkgs-stable.follows = "nixpkgs-stable";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = inputs@{
|
||||
|
@ -36,6 +41,7 @@
|
|||
# nix-index-database,
|
||||
# nur,
|
||||
home-manager,
|
||||
sops-nix,
|
||||
...
|
||||
}:
|
||||
let
|
||||
|
@ -87,6 +93,7 @@
|
|||
./hosts/laptop/hardware-configuration.nix
|
||||
./hosts/laptop/mounts.nix
|
||||
# nix-index-database.nixosModules.nix-index
|
||||
sops-nix.nixosModules.sops
|
||||
|
||||
# make home-manager as a module of nixos
|
||||
# so that home-manager configuration will be deployed automatically when executing `nixos-rebuild switch`
|
||||
|
|
|
@ -4,6 +4,10 @@
|
|||
|
||||
{ config, pkgs, pkgs-stable, ... }:
|
||||
|
||||
let
|
||||
nixPath = "/etc/nixPath";
|
||||
in
|
||||
|
||||
{
|
||||
# boot.kernelPackages = pkgs.linuxPackages_zen;
|
||||
|
||||
|
@ -274,8 +278,21 @@
|
|||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"L+ ${nixPath} - - - - ${pkgs.path}"
|
||||
];
|
||||
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
# nix.nixPath = []
|
||||
nix.nixPath = [ "nixpkgs=${nixPath}" ];
|
||||
nix.channel.enable = false;
|
||||
|
||||
# Sops
|
||||
sops = {
|
||||
defaultSopsFile = ../../secrets/secrets.yaml;
|
||||
defaultSopsFormat = "yaml";
|
||||
secrets.example_key = {};
|
||||
gnupg.home = "/home/lgm/.gnupg";
|
||||
};
|
||||
|
||||
# OnlyKey
|
||||
hardware.onlykey.enable = true;
|
||||
|
|
|
@ -124,6 +124,7 @@
|
|||
# gawk
|
||||
# zstd
|
||||
gnupg
|
||||
sops
|
||||
|
||||
# nix related
|
||||
nix-output-monitor
|
||||
|
|
34
secrets/secrets.yaml
Normal file
34
secrets/secrets.yaml
Normal file
|
@ -0,0 +1,34 @@
|
|||
example_key: ENC[AES256_GCM,data:r6+IirxYwXxv1IaYgw==,iv:ngakIM2iaUMBgug9+QqQ2h6uPM9Xze/3PM2GRm79JV8=,tag:TwmNkg0WqSMqgh8VU238Xg==,type:str]
|
||||
foo: ENC[AES256_GCM,data:IlVV,iv:uK2Zkxo39WYw5Q9xnmVV/JhSRejQA9sGnYasX3CtSog=,tag:e1tYkCVVmyTpiCPAnQp6ng==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQL1YyalhGRXJnc1cxU0tx
|
||||
NHRnWlBYYmZwV29aWUk1K0hhS3VRKzhEMTE4Ck9rTUQvQ0UvbllBMDEzenJEQURq
|
||||
Sk9Lc1c5NHhYTG1LRGpZWVN3Qk16RGMKLS0tIFBhdEJUOEY4VVQ5UllGUXZWYVhy
|
||||
OGJjR3NkQk1Ucyt5K3YraEZXdVFKODAK057dWbQGPrASAUqhaKmbsyt4DfjelZcI
|
||||
27Y9PpknTb+2W0DshjGzpcM6qZVlys98JRfM/0Hc5ZmYdj1rhfFR0Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-01-21T18:39:47Z"
|
||||
mac: ENC[AES256_GCM,data:7J5iBhY7b8nNrM4tviSk8+ur2ldAa8NNFU2ai7kjuU0puqq3oYX2l/pkjY7/rIue92HoQ8PVaLUnm2j73gCrCiZSJ5Cp4Tbue1mPfG7V+RA6OCOIS5MUsY5dBNtUSaDAoUohuwMTPAXwf7oE+OYENqTJGgWdFFR/IUgHF4uIPKY=,iv:f2uq6sLx7kW/EN2zZzl6RYUg8lQ4JNuhfQXsjTzDeCc=,tag:T2dn3EUISNZFaYm+eX6wDA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-01-21T18:06:27Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DrTkQq20WUVESAQdACf7D7i9i3JL3mhfBBYfj5+YgqsabixPitpX3vU1lsDQw
|
||||
VHzfVAwc/dZZpbKQtOQq3qCV1Cq8UqbHJ/PDXiqgTMWUA6OAw+v82BxTsMR/c0r1
|
||||
1GgBCQIQ3qRPn6jKLT9cCPiyayxqyv+r1meT9A4t1j8e5ul2P6tqUJALSeyvydHA
|
||||
iPKyS7DlVQ7uI4HTO9pd7Kj+JhwckFaxgZNVMqWicsTf0tCMd6+iJ3366bmetNYv
|
||||
osKqKz9/c4ZF/A==
|
||||
=Hv+Y
|
||||
-----END PGP MESSAGE-----
|
||||
fp: D3067BE844D3FC49535A47B29396B8BA6FBB14DE
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
Loading…
Reference in a new issue