mirror of
https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git
synced 2024-11-22 11:17:56 +01:00
Add nixPath and sops-nix
This commit is contained in:
parent
4af5fb4bcb
commit
86c49e2ac6
6 changed files with 95 additions and 2 deletions
10
.sops.yaml
Normal file
10
.sops.yaml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
keys:
|
||||||
|
- &primary_gpg D3067BE844D3FC49535A47B29396B8BA6FBB14DE
|
||||||
|
- &vps_ssh_pubkey age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: secrets/secrets.yaml$
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *primary_gpg
|
||||||
|
age:
|
||||||
|
- *vps_ssh_pubkey
|
26
flake.lock
26
flake.lock
|
@ -112,7 +112,31 @@
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs-fresh": "nixpkgs-fresh",
|
"nixpkgs-fresh": "nixpkgs-fresh",
|
||||||
"nixpkgs-locked": "nixpkgs-locked",
|
"nixpkgs-locked": "nixpkgs-locked",
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable",
|
||||||
|
"sops-nix": "sops-nix"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"sops-nix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"nixpkgs-stable": [
|
||||||
|
"nixpkgs-stable"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1705805983,
|
||||||
|
"narHash": "sha256-HluB9w7l75I4kK25uO4y6baY4fcDm2Rho0WI1DN2Hmc=",
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"rev": "ae171b54e76ced88d506245249609f8c87305752",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"type": "github"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
@ -26,6 +26,11 @@
|
||||||
url = "github:viperML/nh";
|
url = "github:viperML/nh";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
sops-nix = {
|
||||||
|
url = "github:Mic92/sops-nix";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
inputs.nixpkgs-stable.follows = "nixpkgs-stable";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = inputs@{
|
outputs = inputs@{
|
||||||
|
@ -36,6 +41,7 @@
|
||||||
# nix-index-database,
|
# nix-index-database,
|
||||||
# nur,
|
# nur,
|
||||||
home-manager,
|
home-manager,
|
||||||
|
sops-nix,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
|
@ -87,6 +93,7 @@
|
||||||
./hosts/laptop/hardware-configuration.nix
|
./hosts/laptop/hardware-configuration.nix
|
||||||
./hosts/laptop/mounts.nix
|
./hosts/laptop/mounts.nix
|
||||||
# nix-index-database.nixosModules.nix-index
|
# nix-index-database.nixosModules.nix-index
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
|
|
||||||
# make home-manager as a module of nixos
|
# make home-manager as a module of nixos
|
||||||
# so that home-manager configuration will be deployed automatically when executing `nixos-rebuild switch`
|
# so that home-manager configuration will be deployed automatically when executing `nixos-rebuild switch`
|
||||||
|
|
|
@ -4,6 +4,10 @@
|
||||||
|
|
||||||
{ config, pkgs, pkgs-stable, ... }:
|
{ config, pkgs, pkgs-stable, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
nixPath = "/etc/nixPath";
|
||||||
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
# boot.kernelPackages = pkgs.linuxPackages_zen;
|
# boot.kernelPackages = pkgs.linuxPackages_zen;
|
||||||
|
|
||||||
|
@ -274,8 +278,21 @@
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"L+ ${nixPath} - - - - ${pkgs.path}"
|
||||||
|
];
|
||||||
|
|
||||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||||
# nix.nixPath = []
|
nix.nixPath = [ "nixpkgs=${nixPath}" ];
|
||||||
|
nix.channel.enable = false;
|
||||||
|
|
||||||
|
# Sops
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ../../secrets/secrets.yaml;
|
||||||
|
defaultSopsFormat = "yaml";
|
||||||
|
secrets.example_key = {};
|
||||||
|
gnupg.home = "/home/lgm/.gnupg";
|
||||||
|
};
|
||||||
|
|
||||||
# OnlyKey
|
# OnlyKey
|
||||||
hardware.onlykey.enable = true;
|
hardware.onlykey.enable = true;
|
||||||
|
|
|
@ -124,6 +124,7 @@
|
||||||
# gawk
|
# gawk
|
||||||
# zstd
|
# zstd
|
||||||
gnupg
|
gnupg
|
||||||
|
sops
|
||||||
|
|
||||||
# nix related
|
# nix related
|
||||||
nix-output-monitor
|
nix-output-monitor
|
||||||
|
|
34
secrets/secrets.yaml
Normal file
34
secrets/secrets.yaml
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
example_key: ENC[AES256_GCM,data:r6+IirxYwXxv1IaYgw==,iv:ngakIM2iaUMBgug9+QqQ2h6uPM9Xze/3PM2GRm79JV8=,tag:TwmNkg0WqSMqgh8VU238Xg==,type:str]
|
||||||
|
foo: ENC[AES256_GCM,data:IlVV,iv:uK2Zkxo39WYw5Q9xnmVV/JhSRejQA9sGnYasX3CtSog=,tag:e1tYkCVVmyTpiCPAnQp6ng==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQL1YyalhGRXJnc1cxU0tx
|
||||||
|
NHRnWlBYYmZwV29aWUk1K0hhS3VRKzhEMTE4Ck9rTUQvQ0UvbllBMDEzenJEQURq
|
||||||
|
Sk9Lc1c5NHhYTG1LRGpZWVN3Qk16RGMKLS0tIFBhdEJUOEY4VVQ5UllGUXZWYVhy
|
||||||
|
OGJjR3NkQk1Ucyt5K3YraEZXdVFKODAK057dWbQGPrASAUqhaKmbsyt4DfjelZcI
|
||||||
|
27Y9PpknTb+2W0DshjGzpcM6qZVlys98JRfM/0Hc5ZmYdj1rhfFR0Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-01-21T18:39:47Z"
|
||||||
|
mac: ENC[AES256_GCM,data:7J5iBhY7b8nNrM4tviSk8+ur2ldAa8NNFU2ai7kjuU0puqq3oYX2l/pkjY7/rIue92HoQ8PVaLUnm2j73gCrCiZSJ5Cp4Tbue1mPfG7V+RA6OCOIS5MUsY5dBNtUSaDAoUohuwMTPAXwf7oE+OYENqTJGgWdFFR/IUgHF4uIPKY=,iv:f2uq6sLx7kW/EN2zZzl6RYUg8lQ4JNuhfQXsjTzDeCc=,tag:T2dn3EUISNZFaYm+eX6wDA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-01-21T18:06:27Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DrTkQq20WUVESAQdACf7D7i9i3JL3mhfBBYfj5+YgqsabixPitpX3vU1lsDQw
|
||||||
|
VHzfVAwc/dZZpbKQtOQq3qCV1Cq8UqbHJ/PDXiqgTMWUA6OAw+v82BxTsMR/c0r1
|
||||||
|
1GgBCQIQ3qRPn6jKLT9cCPiyayxqyv+r1meT9A4t1j8e5ul2P6tqUJALSeyvydHA
|
||||||
|
iPKyS7DlVQ7uI4HTO9pd7Kj+JhwckFaxgZNVMqWicsTf0tCMd6+iJ3366bmetNYv
|
||||||
|
osKqKz9/c4ZF/A==
|
||||||
|
=Hv+Y
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: D3067BE844D3FC49535A47B29396B8BA6FBB14DE
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
Loading…
Reference in a new issue