Setup nix-sops
This commit is contained in:
parent
658e232c79
commit
2b2eb73a27
|
@ -0,0 +1,10 @@
|
|||
# Yaml anchor for key
|
||||
keys:
|
||||
- &nathan age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
|
||||
- &levitation age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *nathan
|
||||
- *levitation
|
37
flake.lock
37
flake.lock
|
@ -98,13 +98,30 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1638097282,
|
||||
"narHash": "sha256-EXCzj9b8X/lqDPJapxZThIOKL5ASbpsJZ+8L1LnY1ig=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "78cb77b29d37a9663e05b61abb4fa09465da4b70",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"emacs": "emacs",
|
||||
"fenix": "fenix",
|
||||
"mozilla": "mozilla",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable"
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"sops-nix": "sops-nix"
|
||||
}
|
||||
},
|
||||
"rust-analyzer-src": {
|
||||
|
@ -123,6 +140,24 @@
|
|||
"repo": "rust-analyzer",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1643003126,
|
||||
"narHash": "sha256-JO5WrnP6+5qN3isdmm9VmjzvCM64UElgGnql7vEGjKU=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "c86068ac9a317f235be24a468206f874ba00f8d0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
|
11
flake.nix
11
flake.nix
|
@ -14,15 +14,17 @@
|
|||
url = "github:mozilla/nixpkgs-mozilla";
|
||||
flake = false;
|
||||
};
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, fenix, emacs, mozilla }:
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, fenix, emacs, mozilla, sops-nix }:
|
||||
let
|
||||
coreModules = [
|
||||
./modules/user.nix
|
||||
./modules/common.nix
|
||||
./modules/ssh.nix
|
||||
./applications/utils-core.nix
|
||||
sops-nix.nixosModules.sops
|
||||
({ pkgs, ... }: {
|
||||
## Setup binary caches
|
||||
# First install cachix, so we can discover new ones
|
||||
|
@ -37,6 +39,13 @@
|
|||
];
|
||||
};
|
||||
})
|
||||
## Setup sops
|
||||
({ pkgs, config, ... }: {
|
||||
sops.defaultSopsFile = ./secrets/nathan.yaml;
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
sops.secrets.lastfm-username.owner = "nathan";
|
||||
sops.secrets.lastfm-password.owner = "nathan";
|
||||
})
|
||||
];
|
||||
desktopModules = coreModules ++ [
|
||||
./modules/audio.nix
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
lastfm-username: ENC[AES256_GCM,data:mVx3ycAJj6hS9lO+DQ==,iv:9JSXwl+X5eKIoJFjOt7LntlK6iQcy/Fm1ViG/J3I1d8=,tag:f8Q2F0Op/YCPq0qYeJzcFg==,type:str]
|
||||
lastfm-password: ENC[AES256_GCM,data:4jOnCDKn4fSD5mCIgoZqxOJP7E9TKP3r,iv:olko3/QHnNPoNpEMUeGL77qxphYLGhHSnn+ru5ANd2U=,tag:XAKVjDpS1Vc0NWKaS4OtHQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWV2hlQW1PV1hnTTZSWWtt
|
||||
cmsxTTBvMHJLREtqZWFON1RQU0M5bVhDN1ZrClh0S2d0L0dDU1pkV25TRW5HWnNl
|
||||
Rm9iV0QxS3ozLytRWjVqQ3pkR0lsc2cKLS0tIFJZcGlZWkM4dEI4cmJYOFhrNXZT
|
||||
Um50R0dvK0E3M21qSDBaRkwrOXRvTHMKfDJZYDxrhS5QJzVbkdDI6JgqGI/C10e1
|
||||
lW4ZDC6HVOao5KPCPQbPcxcQE3JT15FKfKEDqxGvdD3zLVT0BA5fTg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBidjBqaWRvOXI1SzZuRm1D
|
||||
YW1WVUNJS3VHRlU3NXpDYi9pd3ordWJGSUFNCkNZNXFaMHFSV0VLVEdnWDdPejZL
|
||||
RUZqNHBRMkEyMnZwcWVBeDY2ZzlJSVUKLS0tIDBEQ05TRDhVUjVsU2tTbHNMcmNW
|
||||
cU0yNmUwZkRLQXFjQTRUT3EwUWFRcjgKw/mW2oZs32C25oxLBaHy1B8m1ADL/37X
|
||||
0azQK3sxKUFesTM/p2zJ1ZLVm9uvCnKWA/eg1uJlJ0PmQ5YvBpuvpQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-02-03T11:57:24Z"
|
||||
mac: ENC[AES256_GCM,data:V7C2AJwresf/td55Z7aww2Grjp9Om90u3v8ScusjfKnjxgVQUcY1oFdByt2TIAI2DYBrVXQOKoN6LGacGfC+K8/DrpsbVdP4g2Fcl/FZOQvyWuoW9SQVIbzrBi5fAZ9ztHodSbeg5OnhTgrPnEV6v6Rgr78e/LMiUniV/harltY=,iv:v2Nle+yZdNMEwfvH8IgXB7TyHuXIZOvufQ2L7DuRKK8=,tag:Ui74J+d4jRjTn157gHdADw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.1
|
Loading…
Reference in New Issue