Koen/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Started to integrate sops-nix into my configuration

Browse source
This commit is contained in:
KoenDR06 2024-05-24 21:13:39 +02:00
parent 7e9a0ebc23
commit 8628019e91
7 changed files with 136 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &terra age167thunwadsswd0u37tajk85wy4x7sgw6sg3j2aspcax7essmge6qwen0uz
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- *terra

40
flake.lock generated
View file

@ -36,6 +36,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1716061101,
"narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"plasma-manager": { "plasma-manager": {
"inputs": { "inputs": {
"home-manager": [ "home-manager": [
@ -63,7 +79,29 @@
"inputs": { "inputs": {
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"plasma-manager": "plasma-manager" "plasma-manager": "plasma-manager",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1716400300,
"narHash": "sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb+cyGsqOKa4c=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "b549832718b8946e875c016a4785d204fcfc2e53",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
} }
} }
}, },

19
flake.nix
View file

@ -1,19 +1,22 @@
{ {
description = "Your new nix config";
inputs = { inputs = {
# Nixpkgs
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# Home manager home-manager = {
home-manager.url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
};
plasma-manager = { plasma-manager = {
url = "github:pjones/plasma-manager"; url = "github:pjones/plasma-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager"; inputs.home-manager.follows = "home-manager";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {
@ -21,6 +24,7 @@
nixpkgs, nixpkgs,
home-manager, home-manager,
plasma-manager, plasma-manager,
sops-nix,
... ...
} @ inputs: let } @ inputs: let
inherit (self) outputs; inherit (self) outputs;
@ -60,6 +64,7 @@
modules = [ modules = [
./machines/luna/configuration.nix ./machines/luna/configuration.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
sops-nix.nixosModules.sops
{ {
home-manager.sharedModules = [ plasma-manager.homeManagerModules.plasma-manager ]; home-manager.sharedModules = [ plasma-manager.homeManagerModules.plasma-manager ];
} }
@ -70,6 +75,7 @@
modules = [ modules = [
./machines/terra/configuration.nix ./machines/terra/configuration.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
sops-nix.nixosModules.sops
{ {
home-manager.sharedModules = [ plasma-manager.homeManagerModules.plasma-manager ]; home-manager.sharedModules = [ plasma-manager.homeManagerModules.plasma-manager ];
} }
@ -79,6 +85,7 @@
specialArgs = {inherit inputs outputs;}; specialArgs = {inherit inputs outputs;};
modules = [ modules = [
./machines/solis/configuration.nix ./machines/solis/configuration.nix
sops-nix.nixosModules.sops
]; ];
}; };
}; };

1
home-manager/apps.nix
View file

@ -58,6 +58,7 @@
reaper reaper
retext retext
solaar solaar
sops
spotify spotify
thunderbird thunderbird
whatsapp-for-linux whatsapp-for-linux

1
home-manager/server-apps.nix
View file

@ -33,6 +33,7 @@
gnupg gnupg
jdk jdk
python3 python3
sops
tailscale tailscale
tmux tmux
wakeonlan wakeonlan

79
machines/common/configuration.nix
View file

@ -8,6 +8,7 @@
}: { }: {
imports = [ imports = [
../../pkgs/zsh.nix ../../pkgs/zsh.nix
# inputs.sops-nix.nixosModules.sops
]; ];
nixpkgs = { nixpkgs = {
@ -51,35 +52,51 @@
fallbackDns = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ]; fallbackDns = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
}; };
# services.syncthing = { # sops = {
# enable = true; # defaultSopsFile = ../../secrets/secrets.yaml;
# user = "horseman"; # defaultSopsFormat = "yaml";
# dataDir = "/home/horseman"; # age = {
# configDir = "/home/horseman/.config/syncthing"; # sshKeyPaths = [ "/etc/ssh/id_ed25519" ];
# overrideDevices = true; # keyFile = "/home/horseman/.config/sops/age/keys.txt";
# overrideFolders = true; # generateKey = true;
# settings = { # };
# devices = { #
# "luna" = ; # secrets = {
# "terra" = ; # "syncthing/solis".owner = "horseman";
# "solis" = ; # "syncthing/terra".owner = "horseman";
# }; # "syncthing/luna".owner = "horseman";
# folders = { # };
# "Documents" = { # };
# path = "/home/horseman/Documents";
# devices = [ "solis" "terra" "luna" ]; # services.syncthing = {
# }: # enable = true;
# "Programming" = { # user = "horseman";
# path = "/home/horseman/Programming"; # dataDir = "/home/horseman";
# devices = [ "solis" "terra" "luna" ]; # configDir = "/home/horseman/.config/syncthing";
# }; # overrideDevices = true;
# }; # overrideFolders = true;
# gui = { # settings = {
# user = ; # devices = {
# password = ; # "luna" = ;
# }; # "terra" = ;
# }; # "solis" = ;
# }; # };
# folders = {
# "Documents" = {
# path = "/home/horseman/Documents";
# devices = [ "solis" "terra" "luna" ];
# }:
# "Programming" = {
# path = "/home/horseman/Programming";
# devices = [ "solis" "terra" "luna" ];
# };
# };
# gui = {
# user = ;
# password = ;
# };
# };
# };
users.users = { users.users = {
horseman = { horseman = {
@ -91,8 +108,8 @@
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmYI+jn1B69r4GUEeVE1/q+HSNcLzT+qG0nEpIjyO3VCsocLIJqT6cJtPKTh/j9RPySvz1lo2ZFemCeKBfsdHy95JoYqbAcoJ9jacH3X8LixIiGin6ew/h6QJONU1UAuxcEDoEyeHfmNBRdgaahNTWtgvFd1YhB4WQwN9THZ/axGdnWLi/y0y98aqERw98fGOhAzxqZyeGkWK5ByRiiGmfrmU7IsX916z5s9OPFYeIGvI3UPKL5awpQMrD/+VhtQjAy8guWbBKbN+7cVU/JQjhaPAeVC18iON++Ux6pGq1/yA+IFDb/fFofXD70vRYemg7zSVbf2ceBg8iSR2OdcZVPfhIKq7mx62TcYVY7aDlz7fFedl7tVhxRd5Ze7T/kbRQtbqL++3UQaZwnx6HoXGMvdIbKV/KHcmqjQQClzWZyk8oI+VbkF/nfTgShW/X0UQYzBSdsCb4XywzfnLRH4Ops/v7ZOc2zBApl7j1Oj+nW7dJ5/P6FgMw553tNXnEVXqGvdvalmDl/hjR3UVedm18ZKwu+6+1mcHsDGKCi5C79zVksr9IbFNICosA23xfrnKQYmncBzobbY4N39SToI9ulcukOJj26ooAG3RhHqSyOkcM3nTUbHwKb/19J+NAm2iT9ipNGurwwPO4VcJY36237es7MEkmQHfD1ZOo6biafw= horseman@terra" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmYI+jn1B69r4GUEeVE1/q+HSNcLzT+qG0nEpIjyO3VCsocLIJqT6cJtPKTh/j9RPySvz1lo2ZFemCeKBfsdHy95JoYqbAcoJ9jacH3X8LixIiGin6ew/h6QJONU1UAuxcEDoEyeHfmNBRdgaahNTWtgvFd1YhB4WQwN9THZ/axGdnWLi/y0y98aqERw98fGOhAzxqZyeGkWK5ByRiiGmfrmU7IsX916z5s9OPFYeIGvI3UPKL5awpQMrD/+VhtQjAy8guWbBKbN+7cVU/JQjhaPAeVC18iON++Ux6pGq1/yA+IFDb/fFofXD70vRYemg7zSVbf2ceBg8iSR2OdcZVPfhIKq7mx62TcYVY7aDlz7fFedl7tVhxRd5Ze7T/kbRQtbqL++3UQaZwnx6HoXGMvdIbKV/KHcmqjQQClzWZyk8oI+VbkF/nfTgShW/X0UQYzBSdsCb4XywzfnLRH4Ops/v7ZOc2zBApl7j1Oj+nW7dJ5/P6FgMw553tNXnEVXqGvdvalmDl/hjR3UVedm18ZKwu+6+1mcHsDGKCi5C79zVksr9IbFNICosA23xfrnKQYmncBzobbY4N39SToI9ulcukOJj26ooAG3RhHqSyOkcM3nTUbHwKb/19J+NAm2iT9ipNGurwwPO4VcJY36237es7MEkmQHfD1ZOo6biafw= horseman@terra"
]; ];
extraGroups = [ extraGroups = [
"wheel" "wheel"
"networkmanager" "networkmanager"
]; ];
}; };
}; };

27
secrets/secrets.yaml Normal file
View file

@ -0,0 +1,27 @@
syncthing:
#ENC[AES256_GCM,data:LJUC,iv:MlEcsaCuH7W/cj/JQhYAKJVwyQ+Uqk7I4/WFZeBpr04=,tag:hlEgSpdtXx1Twt+SIIckGg==,type:comment]
solis: null
#ENC[AES256_GCM,data:6MOB,iv:7Rmzh5LYM7wD+K6Idi2DLkyKSSm8/rgQtUWf8gPEMzQ=,tag:EmCkhFO7016xszMogrNUpg==,type:comment]
terra: null
#ENC[AES256_GCM,data:1EoT,iv:ytmfI03F4A4qMtk3l7HYGyng/NIWHho+Riq8Fj6vtCE=,tag:U/4qWsZYA+dU4dcJ7lkx5Q==,type:comment]
luna: null
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age167thunwadsswd0u37tajk85wy4x7sgw6sg3j2aspcax7essmge6qwen0uz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2S3hLRWQrSHBQdjNhbDV2
VmwrbUVsc0IwaDZKUndOTEMxN0kwWUtaYzJrCjJtNUdBMkhDVDB0akg2TTlqS1lF
NWJESlorR28rUGZHeEh6dFJYcEFsQnMKLS0tIFY3b0ZDSzM3SGVCZW9xcnJLc296
ckJwQ3EzU2JzdGhnWkNnRExRNlprM28KUHkZe8FvLOAt+UVqvgOxBQdApbEXQ44v
vXW8UtZuq7GjsP5qD2MK6oKs/ZDfe+PhqiWl4ONNHvpn8rmfbQDcRw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-24T19:11:16Z"
mac: ENC[AES256_GCM,data:UAz/pCKzV0HPFfus7tKafOLr1DWIBWWBVNDs6C43m+QdWpUHQ99jgK7yyq8YbAglGIfWB3AIlriQkcem9Wx3ExVh1BPKtCzwnfjFBEhzPws428JIzEOIZzrSk6tho2bvjaaOTQOWOERmbJhiL/e1pXdX+pln+kEtLdeq/9TDRK8=,iv:QtJPxvq9mGCu2Df5m+E+2+XD25so1cyDga/mdjBaH5c=,tag:TGllydw+4XGLIqnZ5QDxdg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1