lgmrszd/nix-cfg
1
0
Fork 0
mirror of https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git synced 2024-11-22 11:17:56 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add nixPath and sops-nix

Browse source
This commit is contained in:
Lgmrszd 2024-01-21 21:53:13 +03:00
parent 4af5fb4bcb
commit 86c49e2ac6
No known key found for this signature in database
GPG key ID: 9396B8BA6FBB14DE
6 changed files with 95 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.sops.yaml Normal file
View file

@ -0,0 +1,10 @@
keys:
- &primary_gpg D3067BE844D3FC49535A47B29396B8BA6FBB14DE
- &vps_ssh_pubkey age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- pgp:
- *primary_gpg
age:
- *vps_ssh_pubkey

26
flake.lock
View file

@ -112,7 +112,31 @@
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-fresh": "nixpkgs-fresh", "nixpkgs-fresh": "nixpkgs-fresh",
"nixpkgs-locked": "nixpkgs-locked", "nixpkgs-locked": "nixpkgs-locked",
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1705805983,
"narHash": "sha256-HluB9w7l75I4kK25uO4y6baY4fcDm2Rho0WI1DN2Hmc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "ae171b54e76ced88d506245249609f8c87305752",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
} }
} }
}, },

7
flake.nix
View file

@ -26,6 +26,11 @@
url = "github:viperML/nh"; url = "github:viperML/nh";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs-stable.follows = "nixpkgs-stable";
};
}; };
outputs = inputs@{ outputs = inputs@{
@ -36,6 +41,7 @@
# nix-index-database, # nix-index-database,
# nur, # nur,
home-manager, home-manager,
sops-nix,
... ...
}: }:
let let
@ -87,6 +93,7 @@
./hosts/laptop/hardware-configuration.nix ./hosts/laptop/hardware-configuration.nix
./hosts/laptop/mounts.nix ./hosts/laptop/mounts.nix
# nix-index-database.nixosModules.nix-index # nix-index-database.nixosModules.nix-index
sops-nix.nixosModules.sops
# make home-manager as a module of nixos # make home-manager as a module of nixos
# so that home-manager configuration will be deployed automatically when executing `nixos-rebuild switch` # so that home-manager configuration will be deployed automatically when executing `nixos-rebuild switch`

19
hosts/laptop/configuration.nix
View file

@ -4,6 +4,10 @@
{ config, pkgs, pkgs-stable, ... }: { config, pkgs, pkgs-stable, ... }:
let
nixPath = "/etc/nixPath";
in
{ {
# boot.kernelPackages = pkgs.linuxPackages_zen; # boot.kernelPackages = pkgs.linuxPackages_zen;
@ -274,8 +278,21 @@
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
systemd.tmpfiles.rules = [
"L+ ${nixPath} - - - - ${pkgs.path}"
];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
# nix.nixPath = [] nix.nixPath = [ "nixpkgs=${nixPath}" ];
nix.channel.enable = false;
# Sops
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
secrets.example_key = {};
gnupg.home = "/home/lgm/.gnupg";
};
# OnlyKey # OnlyKey
hardware.onlykey.enable = true; hardware.onlykey.enable = true;

1
hosts/laptop/home.nix
View file

@ -124,6 +124,7 @@
# gawk # gawk
# zstd # zstd
gnupg gnupg
sops
# nix related # nix related
nix-output-monitor nix-output-monitor

34
secrets/secrets.yaml Normal file
View file

@ -0,0 +1,34 @@
example_key: ENC[AES256_GCM,data:r6+IirxYwXxv1IaYgw==,iv:ngakIM2iaUMBgug9+QqQ2h6uPM9Xze/3PM2GRm79JV8=,tag:TwmNkg0WqSMqgh8VU238Xg==,type:str]
foo: ENC[AES256_GCM,data:IlVV,iv:uK2Zkxo39WYw5Q9xnmVV/JhSRejQA9sGnYasX3CtSog=,tag:e1tYkCVVmyTpiCPAnQp6ng==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQL1YyalhGRXJnc1cxU0tx
NHRnWlBYYmZwV29aWUk1K0hhS3VRKzhEMTE4Ck9rTUQvQ0UvbllBMDEzenJEQURq
Sk9Lc1c5NHhYTG1LRGpZWVN3Qk16RGMKLS0tIFBhdEJUOEY4VVQ5UllGUXZWYVhy
OGJjR3NkQk1Ucyt5K3YraEZXdVFKODAK057dWbQGPrASAUqhaKmbsyt4DfjelZcI
27Y9PpknTb+2W0DshjGzpcM6qZVlys98JRfM/0Hc5ZmYdj1rhfFR0Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-21T18:39:47Z"
mac: ENC[AES256_GCM,data:7J5iBhY7b8nNrM4tviSk8+ur2ldAa8NNFU2ai7kjuU0puqq3oYX2l/pkjY7/rIue92HoQ8PVaLUnm2j73gCrCiZSJ5Cp4Tbue1mPfG7V+RA6OCOIS5MUsY5dBNtUSaDAoUohuwMTPAXwf7oE+OYENqTJGgWdFFR/IUgHF4uIPKY=,iv:f2uq6sLx7kW/EN2zZzl6RYUg8lQ4JNuhfQXsjTzDeCc=,tag:T2dn3EUISNZFaYm+eX6wDA==,type:str]
pgp:
- created_at: "2024-01-21T18:06:27Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DrTkQq20WUVESAQdACf7D7i9i3JL3mhfBBYfj5+YgqsabixPitpX3vU1lsDQw
VHzfVAwc/dZZpbKQtOQq3qCV1Cq8UqbHJ/PDXiqgTMWUA6OAw+v82BxTsMR/c0r1
1GgBCQIQ3qRPn6jKLT9cCPiyayxqyv+r1meT9A4t1j8e5ul2P6tqUJALSeyvydHA
iPKyS7DlVQ7uI4HTO9pd7Kj+JhwckFaxgZNVMqWicsTf0tCMd6+iJ3366bmetNYv
osKqKz9/c4ZF/A==
=Hv+Y
-----END PGP MESSAGE-----
fp: D3067BE844D3FC49535A47B29396B8BA6FBB14DE
unencrypted_suffix: _unencrypted
version: 3.8.1