diff --git a/nix/.sops.yaml b/nix/.sops.yaml new file mode 100644 index 0000000..57234fa --- /dev/null +++ b/nix/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &dashie 92D29D420B5D95FCA46A12FE778CFA7A623614F3 +creation_rules: + - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - pgp: + - *dashie diff --git a/nix/base/base_packages.nix b/nix/base/base_packages.nix index ebde6aa..99c0efa 100644 --- a/nix/base/base_packages.nix +++ b/nix/base/base_packages.nix @@ -74,5 +74,6 @@ }; }; programs.ssh.startAgent = true; + programs.gnupg.agent.enable = true; } diff --git a/nix/flake.lock b/nix/flake.lock index 42051be..9637b39 100644 --- a/nix/flake.lock +++ b/nix/flake.lock @@ -124,11 +124,11 @@ ] }, "locked": { - "lastModified": 1715380449, - "narHash": "sha256-716+f9Rj3wjSyD1xitCv2FcYbgPz1WIVDj+ZBclH99Y=", + "lastModified": 1715486357, + "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", "owner": "nix-community", "repo": "home-manager", - "rev": "d7682620185f213df384c363288093b486b2883f", + "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", "type": "github" }, "original": { @@ -176,11 +176,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1715448710, - "narHash": "sha256-ntVaQOHnfejEiqHUY07kWrytdXVlXtg1RLv65T9w2/c=", + "lastModified": 1715635266, + "narHash": "sha256-c4l89M8/x4h0VHds7IC1W8yfu27lVN4uoeY57/OmI5Q=", "ref": "refs/heads/main", - "rev": "494b9415a1157279a1e1782ba635fc2ef6a18155", - "revCount": 4668, + "rev": "ba696521930059aa489ac6ffabe28553edaf2fa3", + "revCount": 4683, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -272,11 +272,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1714843107, - "narHash": "sha256-89WxndRGO3CGuWE5XCaHKnsV3IKBRdOWqScp6o8enT4=", + "lastModified": 1715610114, + "narHash": "sha256-ffGEiaL5bVR559adZNHsYBWMefhX8G9oyTrKorbx3h8=", "owner": "hyprwm", "repo": "hyprlock", - "rev": "c87af3aa1f6e6bd06cffaabcc400bd45e26d565a", + "rev": "386a1e6fc290fc33177d0b44cd393e32c5433925", "type": "github" }, "original": { @@ -297,11 +297,11 @@ ] }, "locked": { - "lastModified": 1715287423, - "narHash": "sha256-B7AJIjOyWgVMKhu7DlOnWa0VprdhywUVHuB/j+EwSxM=", + "lastModified": 1715608589, + "narHash": "sha256-vimNaLjLcoNIvBhF37GaB6PRYEvKMamY3UnDE9M5MW8=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "e2fc1c0eb8b392110588f478cce644348ead7271", + "rev": "65c2636484e5cb00583b8a7446c3fb657f568883", "type": "github" }, "original": { @@ -318,11 +318,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1715272723, - "narHash": "sha256-/pHq16sUYKOpwtSDDlnQ3M3lBy9abQq39UNSzadFd8w=", + "lastModified": 1715676519, + "narHash": "sha256-JQywRoP+oPLP+vMH4X8DCmiwE2kp2GC0kdHlejUvRTo=", "owner": "JakeStanger", "repo": "ironbar", - "rev": "386955c1ea07869277b646c203f7b976d83db427", + "rev": "407d58606d6bd45b4ab73322cefb08f460431897", "type": "github" }, "original": { @@ -380,13 +380,29 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs-stable": { "locked": { - "lastModified": 1715087517, - "narHash": "sha256-CLU5Tsg24Ke4+7sH8azHWXKd0CFd4mhLWfhYgUiDBpQ=", + "lastModified": 1715458492, + "narHash": "sha256-q0OFeZqKQaik2U8wwGDsELEkgoZMK7gvfF6tTXkpsqE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b211b392b8486ee79df6cdfb1157ad2133427a29", + "rev": "8e47858badee5594292921c2668c11004c3b0142", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1715534503, + "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", "type": "github" }, "original": { @@ -398,11 +414,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1715266358, - "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", + "lastModified": 1712963716, + "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f1010e0469db743d14519a1efd37e23f8513d714", + "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176", "type": "github" }, "original": { @@ -444,11 +460,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1715266358, - "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", + "lastModified": 1715534503, + "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", "owner": "NixOs", "repo": "nixpkgs", - "rev": "f1010e0469db743d14519a1efd37e23f8513d714", + "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", "type": "github" }, "original": { @@ -474,6 +490,22 @@ "type": "github" } }, + "nixpkgs_8": { + "locked": { + "lastModified": 1715413075, + "narHash": "sha256-FCi3R1MeS5bVp0M0xTheveP6hhcCYfW/aghSTPebYL4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e4e7a43a9db7e22613accfeb1005cca1b2b1ee0d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "Hyprspace": "Hyprspace", @@ -484,7 +516,8 @@ "ironbar": "ironbar", "nix-flatpak": "nix-flatpak", "nixpkgs": "nixpkgs_6", - "rust-overlay": "rust-overlay_2" + "rust-overlay": "rust-overlay_2", + "sops-nix": "sops-nix" } }, "rust-overlay": { @@ -515,8 +548,8 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1715393623, - "narHash": "sha256-nSUFcUqyTQQ/aYFIB05mpCzytcKvfKMy3ZQAe0fP26A=", + "lastModified": 1715652909, + "narHash": "sha256-aCLEDvzL1j51Rf2mCFOqK1mieMO3pAn5ItCIdr5h2LA=", "type": "tarball", "url": "https://github.com/oxalica/rust-overlay/archive/master.tar.gz" }, @@ -525,6 +558,25 @@ "url": "https://github.com/oxalica/rust-overlay/archive/master.tar.gz" } }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_8", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1715482972, + "narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1689347949, diff --git a/nix/flake.nix b/nix/flake.nix index 58f47c2..4735efa 100644 --- a/nix/flake.nix +++ b/nix/flake.nix @@ -14,6 +14,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + sops-nix.url = "github:Mic92/sops-nix"; + hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; hyprlock.url = "github:hyprwm/hyprlock"; diff --git a/nix/hardware/overheating/configuration.nix b/nix/hardware/overheating/configuration.nix index bf150ce..5e5e01f 100644 --- a/nix/hardware/overheating/configuration.nix +++ b/nix/hardware/overheating/configuration.nix @@ -1,5 +1,11 @@ { pkgs, ... }: { + imports = [ + ../../modules/ironbar_config.nix + ../../modules/boot_params.nix + ]; boot.kernelPackages = pkgs.linuxPackages_latest; networking.hostName = "overheating"; + programs.ironbar.monitor = "eDP-1"; + programs.boot.boot_params = []; } diff --git a/nix/programs/common.nix b/nix/programs/common.nix index b4f59d3..e29247c 100644 --- a/nix/programs/common.nix +++ b/nix/programs/common.nix @@ -47,6 +47,7 @@ in neofetch brave greetd.regreet + sops (callPackage ../override/oxinoti.nix { }) @@ -110,4 +111,16 @@ in { FLAKE = "home/dasshie/gits/dotFiles/nix"; }; + + sops = { + gnupg = { + home = "~/.gnupg"; + sshKeyPaths = [ ]; + }; + defaultSopsFile = ../secrets/secrets.yaml; + secrets.hub = { }; + secrets.lab = { }; + secrets.dashie = { }; + }; + systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; } diff --git a/nix/programs/default.nix b/nix/programs/default.nix index 1418c7b..c8c231a 100644 --- a/nix/programs/default.nix +++ b/nix/programs/default.nix @@ -6,6 +6,7 @@ let inputs.anyrun.homeManagerModules.default inputs.ironbar.homeManagerModules.default inputs.nix-flatpak.homeManagerModules.nix-flatpak + inputs.sops-nix.homeManagerModules.sops ]; in { diff --git a/nix/programs/individual_configs/default.nix b/nix/programs/individual_configs/default.nix index 8c7425d..4416c73 100644 --- a/nix/programs/individual_configs/default.nix +++ b/nix/programs/individual_configs/default.nix @@ -4,5 +4,6 @@ ./yazi.nix ./fish.nix ./ncspot.nix + ./ssh.nix ]; } diff --git a/nix/programs/individual_configs/ssh.nix b/nix/programs/individual_configs/ssh.nix new file mode 100644 index 0000000..68bdb00 --- /dev/null +++ b/nix/programs/individual_configs/ssh.nix @@ -0,0 +1,10 @@ +{ config, ... }: { + home.file.".ssh/config".text = '' + Host github.com + IdentityFile ${config.sops.secrets.hub.path} + Host gitlab.com + IdentityFile ${config.sops.secrets.lab.path} + Host dashie.org + IdentityFile ${config.sops.secrets.dashie.path} + ''; +} diff --git a/nix/secrets/secrets.yaml b/nix/secrets/secrets.yaml new file mode 100644 index 0000000..7cdb58d --- /dev/null +++ b/nix/secrets/secrets.yaml @@ -0,0 +1,29 @@ +hub: ENC[AES256_GCM,data:69czN3kqTYCbiwXPPUpaThm7lrpM/43nUcE0Ee3m1AscB0Huqp1LzmgVBVZ6X/NVamNipfRzN4KePmFqkGBT7V6qIewX0L6vYpLBJ7pwdv1xRF+FEkrfikqfdec28AwNCOXIOQZq3oknPpGoAVAQAsQo+SxwPaP4vZKbYpS9EA727E9REd4dVcBRW2GN3ystiX+L/Rz+mizHQfVGb6LHhj6AZWB/SGhcfGJZCfoKgwIFekjiSJhdSQemmtX1x+b7yxUwQqsUBPVtSf73zUCIYVjLwx4bdZ5OF8kITRF8ZIfp+YLN24Lt5Qeatd4FBO5AJTFOgjRjU38z6Xy3CwZMv0hp3IwqfXUd+47wiGSXSs2lygntWodcG96/KUubrChWQQxfE0vNIAu/l2sjwwre32E9mXBYn6uHFD+/kroL531KscdKdnpAACnwsomMSiJIWz3JQa6aljDeUd90VFH2kOf8VtGbqkFL9VfTrtx/dnTMaK2VJmO+bZTge+evIBgtH0Y2DP/GmaempeZIyJydx03uVCFDi+uEfGx10HMty0sUS0k=,iv:1/+m6CmUojTS4d7B76zzrwC3k5M18qkQ6q1458kG1QI=,tag:463IcCP3Tfb4JWS5K7hCjw==,type:str] +lab: ENC[AES256_GCM,data:IbIHYKp7kAP09r2t6bppLZraRIxjEsIXbfIG/R5QTGzy1uVk5LZivzepkJP6kOf3qWt/wZiBb5qLcNyL/+RZMfaV5KvlvtKhCVQ/D5qS3qB/4wKvPTdMiMzc9VTnLzUaDExMAtiYV/tcJGC/xgpkrwizJwy5WEA/d8EKUDs1p//vpv8b6035k1oV/49sw3cJ/eMGgvnuJ3sKMKpkXbUJ4zyyHKPCFoaCGdplCJDn5hZloaqxBjdZctAEgsVvKiq2HyIMNqH3YaKEJZhwMrwQMSioHA1WnBQMc0tnqWAi9rhpm8pY553HaQe0U/lpS1W5IvLj7MVxat3911WK/s95oEVLY7b7dZAzmdMau4IF/ozhxC6i2oSELw+VNqiZ/yJwfqJ7e+89UnxZdi7xMJpikOfE1qzGIPaEHj2caSf+U2sldqsRyqdf+oJK9Sof4djn5diEPkhTyLkqFCGC6QakEbprcbstBcjwu65G4BTTDy/3FJYUt0NZTHy7HDjsn/7b2Sxa1XgWbWOGBwbmMqpsSE6eJC2WmWDWtrjgO7rV6XWwzm8=,iv:uVkMdjENhj2OnHnmCyfpQAdQeXwnvTIdExDxxWVIRKc=,tag:+3lf+T2Gpa4fLC3FhbLa6A==,type:str] +dashie: ENC[AES256_GCM,data:P/+ZEelpLFrcsk8hx7CF999Wlv5OWiybjPVT1ULogCECpBAxYJglisINyJGGBSBLnp4FF45kCpFb/xsuLZGwe/o4LK6Lbf6/uwE2HSXNMMXjkD8lk3zINNXfWls6s9f/XnHsKjwp0gDGhcfMM+mbg8EAyCfkdLUWYapNQc+CIr1ilAvjzDpGhrjYw2j7FEEKiteUxPTg34DY6iKlxkuGuon4Yb2r1d5+KMiHKouomjRkvS3cAgCyTKIVybYEhCQthHJh0j76Z7O5wvfXeOkLFWE68arvOci2MC7ecx6bVUrJQDTyUSpyO9TqJneIh36STZQs9Zk24sSY8jdt59roaJPylfRmbSRnlH0Wg5vzbuu4zM/ffTaiYRZkKBYbX9wmyNh4nW7EJOD9i4lE+65VxWYI4M0EuJXqI4vaIEo2PexAWci9cp0Ui6BmY2G4PoEz0P48p2WXPnQOwSSBYY9HfeAs+oXhB4Bi+I1VUAR/BkzihBvb+d9AWcbZIurMc2h7Vlz58/2E8+QVzljHfN+pakU/FhWCt2VRhhimyF8h3Nacbk0=,iv:kmFBTzx9BNHRGv+FzdwrIvVMORprhilG8tN2C3J4BRY=,tag:jRvRDkvUE14JZZem13/5Vw==,type:str] +hub_pub: ENC[AES256_GCM,data:6vIAQWFMIR+HnERg+A4jKu/MW+e7eLQplmdJyBeuBL9tvxH1idT8C6zvMEyIPhelU6+ZYQghAlvuC4MtktI/Te0f40XvdK3Gq/DmfBrLRUgLdSjUvMeGuuKnpRX0mjCaw77YW5ES4ptZ,iv:PC9hELA0234JCk2rx6FJhMlKKaKO8WrIezJ2Q2nv6EE=,tag:R8oPaH3Sbr23oRX++OP/qg==,type:str] +lab_pub: ENC[AES256_GCM,data:rlHCiqGnoaPiQBaZQRT+bEjfNF7jNO4CGPoCOKJ1o7nv7i2jPy6Bq9OMBHXsMHI9oGfEhyKCDHdpJ65aI07KJC/fMoMoAyiNmalwNOn26jbgj84mfENS3IYbfKxQVXAUCJHE5m1cFsm7,iv:8SLdHLYq2tlfHBjdeDoByEzGuu3TURj4+KJvQfPuaWA=,tag:mmGXlRwQ0UoVIAJE6d1OUQ==,type:str] +dashie_pub: ENC[AES256_GCM,data:k6JIJOKDJcGSW47Z8y0EYxNl/vaPRVbIn35CSA57snEzYnk5GpU+1NfPDniWoAGRkpIwicgN6kpzssRlKOmVudvwMejSLv4VkLRBjrsApVFECwoIBLUNGUSDaMcIwC/BYu4jfjGaozBj,iv:0EZ0rptLdmcuTU1BGOILaaDTrc7aZGJCCxgjUESqi0M=,tag:dlQs/ugBGxnSrNj/bRSJSw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-05-14T18:34:33Z" + mac: ENC[AES256_GCM,data:ZOmH7VOtapecA3wr0p4M8SfC5zKybsXZdI67rE8SHFyeHDq+6In0ekPs4uTun1lBT4ly4ijjK2XWsRdrkTI76P4yKD5o850Mi7RDHTZzzP3AmlIrMgFbKTZkxuY1wnLJvcuHnbzq4e7s5ZJYPRx/lDd5dnYB+Xa5yyv4zCXXwqg=,iv:cqSPKZp/SNYnKU1QT2eOmKPe0oFTgVI6r8UMTYModnk=,tag:bHUhfnlHq8UGG8Z50cCQcw==,type:str] + pgp: + - created_at: "2024-05-14T14:35:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DnA7H9LSNcZ4SAQdAJZzOF6GZ1VTNt2rccso305pkL5AGeeAPV0LtfpZkkVEw + 2GTK/N4MmE0YyjUAP+W3fkGawgzQDRsjSF+AB936DcL3BtfGktChl3agFBfWqprs + 1GgBCQIQ7rj9kooZpsYX93x5TSz2ZN3aeu/dcx3lHYwyqtTxdTMjK44LngfhO0qZ + zc/951nhmt6Vkj0PJY4QRkKiLPoVo/lgG4+1dv9hSJULRuZwvFQfv/7UXzq0tKrl + /xqggA6uP/rogA== + =zJOX + -----END PGP MESSAGE----- + fp: 92D29D420B5D95FCA46A12FE778CFA7A623614F3 + unencrypted_suffix: _unencrypted + version: 3.8.1