From a1b70baa7847bc09120a8939557a93226590686f Mon Sep 17 00:00:00 2001 From: DashieTM Date: Sun, 25 Aug 2024 14:35:32 +0200 Subject: [PATCH] Move secrets to individual configs --- example/flake.nix | 2 +- home/default.nix | 4 ++-- lib/default.nix | 8 ++++---- modules/programs/sops.nix | 4 ++-- secrets/secrets.yaml | 39 --------------------------------------- 5 files changed, 9 insertions(+), 48 deletions(-) delete mode 100644 secrets/secrets.yaml diff --git a/example/flake.nix b/example/flake.nix index 559ec50..056aef8 100644 --- a/example/flake.nix +++ b/example/flake.nix @@ -24,7 +24,7 @@ outputs = { ... }@inputs: { nixosConfigurations = - (inputs.dashNix.dashNixLib.build_systems [ "example" ] ./hosts/.); + (inputs.dashNix.dashNixLib.build_systems [ "example" ] ./.); }; nixConfig = { diff --git a/home/default.nix b/home/default.nix index 4f7804a..4e6e38e 100644 --- a/home/default.nix +++ b/home/default.nix @@ -1,4 +1,4 @@ -{ inputs, pkgs, config, lib, mod, additionalHomeConfig, ... }: +{ inputs, pkgs, config, lib, mod, additionalHomeConfig, root, ... }: let base_imports = [ inputs.anyrun.homeManagerModules.default @@ -27,7 +27,7 @@ in { home-manager = { useGlobalPkgs = true; useUserPackages = true; - extraSpecialArgs = { inherit inputs; }; + extraSpecialArgs = { inherit inputs root; }; users.${config.conf.username} = { imports = [ ./common.nix ./xdg.nix ./themes ./sync.nix ] ++ base_imports diff --git a/lib/default.nix b/lib/default.nix index 82420fd..30b920c 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -5,11 +5,11 @@ in { builtins.listToAttrs (map (name: { name = name; value = let - mod = root + /${name}/configuration.nix; - additionalNixosConfig = root + /${name}/hardware.nix; - additionalHomeConfig = root + /${name}/home.nix; + mod = root + /hosts/${name}/configuration.nix; + additionalNixosConfig = root + /hosts/${name}/hardware.nix; + additionalHomeConfig = root + /hosts/${name}/home.nix; in inputs.nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs pkgs mod additionalHomeConfig; }; + specialArgs = { inherit inputs pkgs mod additionalHomeConfig root; }; modules = [ inputs.home-manager.nixosModules.home-manager inputs.stylix.nixosModules.stylix diff --git a/modules/programs/sops.nix b/modules/programs/sops.nix index c93559c..6a8907b 100644 --- a/modules/programs/sops.nix +++ b/modules/programs/sops.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, config, options, ... }: { +{ lib, pkgs, config, options, root, ... }: { options.mods.sops = { enable = lib.mkOption { default = true; @@ -15,7 +15,7 @@ home = "~/.gnupg"; sshKeyPaths = [ ]; }; - defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFile = root + /secrets/secrets.yaml; secrets = { hub = { }; lab = { }; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml deleted file mode 100644 index b86312f..0000000 --- a/secrets/secrets.yaml +++ /dev/null @@ -1,39 +0,0 @@ -hub: ENC[AES256_GCM,data:69czN3kqTYCbiwXPPUpaThm7lrpM/43nUcE0Ee3m1AscB0Huqp1LzmgVBVZ6X/NVamNipfRzN4KePmFqkGBT7V6qIewX0L6vYpLBJ7pwdv1xRF+FEkrfikqfdec28AwNCOXIOQZq3oknPpGoAVAQAsQo+SxwPaP4vZKbYpS9EA727E9REd4dVcBRW2GN3ystiX+L/Rz+mizHQfVGb6LHhj6AZWB/SGhcfGJZCfoKgwIFekjiSJhdSQemmtX1x+b7yxUwQqsUBPVtSf73zUCIYVjLwx4bdZ5OF8kITRF8ZIfp+YLN24Lt5Qeatd4FBO5AJTFOgjRjU38z6Xy3CwZMv0hp3IwqfXUd+47wiGSXSs2lygntWodcG96/KUubrChWQQxfE0vNIAu/l2sjwwre32E9mXBYn6uHFD+/kroL531KscdKdnpAACnwsomMSiJIWz3JQa6aljDeUd90VFH2kOf8VtGbqkFL9VfTrtx/dnTMaK2VJmO+bZTge+evIBgtH0Y2DP/GmaempeZIyJydx03uVCFDi+uEfGx10HMty0sUS0k=,iv:1/+m6CmUojTS4d7B76zzrwC3k5M18qkQ6q1458kG1QI=,tag:463IcCP3Tfb4JWS5K7hCjw==,type:str] -lab: ENC[AES256_GCM,data:IbIHYKp7kAP09r2t6bppLZraRIxjEsIXbfIG/R5QTGzy1uVk5LZivzepkJP6kOf3qWt/wZiBb5qLcNyL/+RZMfaV5KvlvtKhCVQ/D5qS3qB/4wKvPTdMiMzc9VTnLzUaDExMAtiYV/tcJGC/xgpkrwizJwy5WEA/d8EKUDs1p//vpv8b6035k1oV/49sw3cJ/eMGgvnuJ3sKMKpkXbUJ4zyyHKPCFoaCGdplCJDn5hZloaqxBjdZctAEgsVvKiq2HyIMNqH3YaKEJZhwMrwQMSioHA1WnBQMc0tnqWAi9rhpm8pY553HaQe0U/lpS1W5IvLj7MVxat3911WK/s95oEVLY7b7dZAzmdMau4IF/ozhxC6i2oSELw+VNqiZ/yJwfqJ7e+89UnxZdi7xMJpikOfE1qzGIPaEHj2caSf+U2sldqsRyqdf+oJK9Sof4djn5diEPkhTyLkqFCGC6QakEbprcbstBcjwu65G4BTTDy/3FJYUt0NZTHy7HDjsn/7b2Sxa1XgWbWOGBwbmMqpsSE6eJC2WmWDWtrjgO7rV6XWwzm8=,iv:uVkMdjENhj2OnHnmCyfpQAdQeXwnvTIdExDxxWVIRKc=,tag:+3lf+T2Gpa4fLC3FhbLa6A==,type:str] -dashie: ENC[AES256_GCM,data:P/+ZEelpLFrcsk8hx7CF999Wlv5OWiybjPVT1ULogCECpBAxYJglisINyJGGBSBLnp4FF45kCpFb/xsuLZGwe/o4LK6Lbf6/uwE2HSXNMMXjkD8lk3zINNXfWls6s9f/XnHsKjwp0gDGhcfMM+mbg8EAyCfkdLUWYapNQc+CIr1ilAvjzDpGhrjYw2j7FEEKiteUxPTg34DY6iKlxkuGuon4Yb2r1d5+KMiHKouomjRkvS3cAgCyTKIVybYEhCQthHJh0j76Z7O5wvfXeOkLFWE68arvOci2MC7ecx6bVUrJQDTyUSpyO9TqJneIh36STZQs9Zk24sSY8jdt59roaJPylfRmbSRnlH0Wg5vzbuu4zM/ffTaiYRZkKBYbX9wmyNh4nW7EJOD9i4lE+65VxWYI4M0EuJXqI4vaIEo2PexAWci9cp0Ui6BmY2G4PoEz0P48p2WXPnQOwSSBYY9HfeAs+oXhB4Bi+I1VUAR/BkzihBvb+d9AWcbZIurMc2h7Vlz58/2E8+QVzljHfN+pakU/FhWCt2VRhhimyF8h3Nacbk0=,iv:kmFBTzx9BNHRGv+FzdwrIvVMORprhilG8tN2C3J4BRY=,tag:jRvRDkvUE14JZZem13/5Vw==,type:str] -hub_pub: ENC[AES256_GCM,data:6vIAQWFMIR+HnERg+A4jKu/MW+e7eLQplmdJyBeuBL9tvxH1idT8C6zvMEyIPhelU6+ZYQghAlvuC4MtktI/Te0f40XvdK3Gq/DmfBrLRUgLdSjUvMeGuuKnpRX0mjCaw77YW5ES4ptZ,iv:PC9hELA0234JCk2rx6FJhMlKKaKO8WrIezJ2Q2nv6EE=,tag:R8oPaH3Sbr23oRX++OP/qg==,type:str] -lab_pub: ENC[AES256_GCM,data:rlHCiqGnoaPiQBaZQRT+bEjfNF7jNO4CGPoCOKJ1o7nv7i2jPy6Bq9OMBHXsMHI9oGfEhyKCDHdpJ65aI07KJC/fMoMoAyiNmalwNOn26jbgj84mfENS3IYbfKxQVXAUCJHE5m1cFsm7,iv:8SLdHLYq2tlfHBjdeDoByEzGuu3TURj4+KJvQfPuaWA=,tag:mmGXlRwQ0UoVIAJE6d1OUQ==,type:str] -dashie_pub: ENC[AES256_GCM,data:k6JIJOKDJcGSW47Z8y0EYxNl/vaPRVbIn35CSA57snEzYnk5GpU+1NfPDniWoAGRkpIwicgN6kpzssRlKOmVudvwMejSLv4VkLRBjrsApVFECwoIBLUNGUSDaMcIwC/BYu4jfjGaozBj,iv:0EZ0rptLdmcuTU1BGOILaaDTrc7aZGJCCxgjUESqi0M=,tag:dlQs/ugBGxnSrNj/bRSJSw==,type:str] -server_pub: ENC[AES256_GCM,data:87nTYzA8CykOPjfZS2As8+JB/ysJvHXFYbPIBA8Nus8Y3nI3Tl2F/f7mUVFBT+4mmOFTTwxghEnkpgTg/vzUm6W4wb19rIcv11eM7HYaGl5oI44a44rBJn2+PKlfIgXVgaY=,iv:O7I7kkZ44McXzCt3wH1cM3MJCShxu2O+0U0+Y6rwePo=,tag:q5D5AGMmFyiNhQNR8dRB+g==,type:str] -nextcloud: ENC[AES256_GCM,data:hjpS1WKsQJ6U2XX3GAbVP93VBAE8hKUdBRD9nI5Yiw==,iv:QaJNScNaxLLArzHLutIWdgN4m+9F0+Ym0FOcL53ygeQ=,tag:PamHgZJ+rsb3Dno2kEZRpQ==,type:str] -nextcloud_server: ENC[AES256_GCM,data:ohp0y08skd/NL7KhPE6pfezghY7UVL+aYT0=,iv:Rc5cnej+721aNrJGkE6/nTtwYC6Jg54da5bKu6mH1zY=,tag:EfiGA1DT87hGtNdMFZVBVA==,type:str] -nextcloud_admin: ENC[AES256_GCM,data:yRpnyoQ+rSiwaQoTp3I=,iv:Ii8ge7nkmtX1bVq4vdwEaLc3QFSrt0fbyHao7IDgtf0=,tag:T5YbThFN6B9fdBU/jhqdmQ==,type:str] -forgejo_server: ENC[AES256_GCM,data:4RLdo5pRQ17QlbpFFciFDrRocPj1J9W0hh4=,iv:AaTjk/ysWGubHSwzigyBWs7CGAOHnrbK7B+gUGFXETw=,tag:5rXwLSSSthq7nVIw5mIhLw==,type:str] -matrix_server: ENC[AES256_GCM,data:fH+5kX6VyNUXzAmNkLEGf8KmhIWuTGsG3r0=,iv:B2ltogyJaT1zcyZfHdrtB4HfnLZuWMbC7LwCT+IIPlU=,tag:jlOjBdypkrdc8MGp1fqSBQ==,type:str] -mautrix_signal_server: ENC[AES256_GCM,data:xBHtTtf725wvSltd7EgP3u/GszsaKR1D/ng=,iv:KZorceuZJulvBYyOSKaFv0UxAgMzIuXnBSDmqeqZT80=,tag:k4Dqvq7n39q6rgfB9hB8/g==,type:str] -mautrix_whatsapp_server: ENC[AES256_GCM,data:Ap5NZ9+kkusMTJlmiH2vxj2fkp1RZPSOM5s=,iv:/F3sP/7bw0uIualG8E+Mtxp60xW8OlHBBZCui887oaA=,tag:CawIZEpmbmxRYhq2fb1vDw==,type:str] -mautrix_discord_server: ENC[AES256_GCM,data:8MU3URa52h0sDabl+6bYZ0z0ib/S8KzYb3k=,iv:uSqT0MsK1qcphyd+5xZZ8aDqxQhZX8mKBP+2tHHG04I=,tag:mdepj3ombSru96es+lFIQQ==,type:str] -access: ENC[AES256_GCM,data:BHB8v/uVqj5Hn2J6OUHloxdbrc9EVq6mCz9n4rFKUPK5H6ajP9L+zWtxkPLgr6sljEL3fPdlYQUlRaSJTAeygQnuXzM=,iv:mFv4AGSG0ok658VK5HcRBcQpLLK7NM9QJj4FMCJMj4Q=,tag:G4SIkT4TfoR/lW+kZmygiA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2024-08-04T14:17:56Z" - mac: ENC[AES256_GCM,data:cDusfY0990Q60IrprG8SEYwpGkrvfxIBt6qS/e5ikKqCTYpp9ei1BiecLPQ6U+6rgoRLWACGsq3idJI7cApVxqAfQcZXFjaxO5TxGKP8VyO//nhoPouT1iRfue1oref8D4P7cE/T2GzNFbDP0aUHXP0bBGo76TGLTzhkJ3Gzm7g=,iv:Va+WbAY4amrOUp+6pFtt8vf4jXxRF19oI3pD6I3dEuw=,tag:EfDeBf3S0ReetiWywLUiAQ==,type:str] - pgp: - - created_at: "2024-05-14T14:35:02Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hF4DnA7H9LSNcZ4SAQdAJZzOF6GZ1VTNt2rccso305pkL5AGeeAPV0LtfpZkkVEw - 2GTK/N4MmE0YyjUAP+W3fkGawgzQDRsjSF+AB936DcL3BtfGktChl3agFBfWqprs - 1GgBCQIQ7rj9kooZpsYX93x5TSz2ZN3aeu/dcx3lHYwyqtTxdTMjK44LngfhO0qZ - zc/951nhmt6Vkj0PJY4QRkKiLPoVo/lgG4+1dv9hSJULRuZwvFQfv/7UXzq0tKrl - /xqggA6uP/rogA== - =zJOX - -----END PGP MESSAGE----- - fp: 92D29D420B5D95FCA46A12FE778CFA7A623614F3 - unencrypted_suffix: _unencrypted - version: 3.9.0