Xetibo/DashNix
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

programs: add sops

Browse source
This commit is contained in:
DashieTM 2024-05-14 20:38:33 +02:00
parent ac51db1c7e
commit fcf4fc3064
10 changed files with 151 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

7
nix/.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &dashie 92D29D420B5D95FCA46A12FE778CFA7A623614F3
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *dashie

1
nix/base/base_packages.nix
View file

@ -74,5 +74,6 @@
};
};
programs.ssh.startAgent = true;
programs.gnupg.agent.enable = true;
}

110
nix/flake.lock generated
View file

@ -124,11 +124,11 @@
]
},
"locked": {
"lastModified": 1715380449,
"narHash": "sha256-716+f9Rj3wjSyD1xitCv2FcYbgPz1WIVDj+ZBclH99Y=",
"lastModified": 1715486357,
"narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d7682620185f213df384c363288093b486b2883f",
"rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1",
"type": "github"
},
"original": {
@ -176,11 +176,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1715448710,
"narHash": "sha256-ntVaQOHnfejEiqHUY07kWrytdXVlXtg1RLv65T9w2/c=",
"lastModified": 1715635266,
"narHash": "sha256-c4l89M8/x4h0VHds7IC1W8yfu27lVN4uoeY57/OmI5Q=",
"ref": "refs/heads/main",
"rev": "494b9415a1157279a1e1782ba635fc2ef6a18155",
"revCount": 4668,
"rev": "ba696521930059aa489ac6ffabe28553edaf2fa3",
"revCount": 4683,
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
@ -272,11 +272,11 @@
"systems": "systems_3"
},
"locked": {
"lastModified": 1714843107,
"narHash": "sha256-89WxndRGO3CGuWE5XCaHKnsV3IKBRdOWqScp6o8enT4=",
"lastModified": 1715610114,
"narHash": "sha256-ffGEiaL5bVR559adZNHsYBWMefhX8G9oyTrKorbx3h8=",
"owner": "hyprwm",
"repo": "hyprlock",
"rev": "c87af3aa1f6e6bd06cffaabcc400bd45e26d565a",
"rev": "386a1e6fc290fc33177d0b44cd393e32c5433925",
"type": "github"
},
"original": {
@ -297,11 +297,11 @@
]
},
"locked": {
"lastModified": 1715287423,
"narHash": "sha256-B7AJIjOyWgVMKhu7DlOnWa0VprdhywUVHuB/j+EwSxM=",
"lastModified": 1715608589,
"narHash": "sha256-vimNaLjLcoNIvBhF37GaB6PRYEvKMamY3UnDE9M5MW8=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "e2fc1c0eb8b392110588f478cce644348ead7271",
"rev": "65c2636484e5cb00583b8a7446c3fb657f568883",
"type": "github"
},
"original": {
@ -318,11 +318,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1715272723,
"narHash": "sha256-/pHq16sUYKOpwtSDDlnQ3M3lBy9abQq39UNSzadFd8w=",
"lastModified": 1715676519,
"narHash": "sha256-JQywRoP+oPLP+vMH4X8DCmiwE2kp2GC0kdHlejUvRTo=",
"owner": "JakeStanger",
"repo": "ironbar",
"rev": "386955c1ea07869277b646c203f7b976d83db427",
"rev": "407d58606d6bd45b4ab73322cefb08f460431897",
"type": "github"
},
"original": {
@ -380,13 +380,29 @@
"type": "github"
}
},
"nixpkgs_2": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1715087517,
"narHash": "sha256-CLU5Tsg24Ke4+7sH8azHWXKd0CFd4mhLWfhYgUiDBpQ=",
"lastModified": 1715458492,
"narHash": "sha256-q0OFeZqKQaik2U8wwGDsELEkgoZMK7gvfF6tTXkpsqE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b211b392b8486ee79df6cdfb1157ad2133427a29",
"rev": "8e47858badee5594292921c2668c11004c3b0142",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1715534503,
"narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
"type": "github"
},
"original": {
@ -398,11 +414,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1715266358,
"narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=",
"lastModified": 1712963716,
"narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f1010e0469db743d14519a1efd37e23f8513d714",
"rev": "cfd6b5fc90b15709b780a5a1619695a88505a176",
"type": "github"
},
"original": {
@ -444,11 +460,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1715266358,
"narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=",
"lastModified": 1715534503,
"narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
"owner": "NixOs",
"repo": "nixpkgs",
"rev": "f1010e0469db743d14519a1efd37e23f8513d714",
"rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
"type": "github"
},
"original": {
@ -474,6 +490,22 @@
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1715413075,
"narHash": "sha256-FCi3R1MeS5bVp0M0xTheveP6hhcCYfW/aghSTPebYL4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e4e7a43a9db7e22613accfeb1005cca1b2b1ee0d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"Hyprspace": "Hyprspace",
@ -484,7 +516,8 @@
"ironbar": "ironbar",
"nix-flatpak": "nix-flatpak",
"nixpkgs": "nixpkgs_6",
"rust-overlay": "rust-overlay_2"
"rust-overlay": "rust-overlay_2",
"sops-nix": "sops-nix"
}
},
"rust-overlay": {
@ -515,8 +548,8 @@
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1715393623,
"narHash": "sha256-nSUFcUqyTQQ/aYFIB05mpCzytcKvfKMy3ZQAe0fP26A=",
"lastModified": 1715652909,
"narHash": "sha256-aCLEDvzL1j51Rf2mCFOqK1mieMO3pAn5ItCIdr5h2LA=",
"type": "tarball",
"url": "https://github.com/oxalica/rust-overlay/archive/master.tar.gz"
},
@ -525,6 +558,25 @@
"url": "https://github.com/oxalica/rust-overlay/archive/master.tar.gz"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1715482972,
"narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1689347949,

2
nix/flake.nix
View file

@ -14,6 +14,8 @@
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix.url = "github:Mic92/sops-nix";
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
hyprlock.url = "github:hyprwm/hyprlock";

6
nix/hardware/overheating/configuration.nix
View file

@ -1,5 +1,11 @@
{ pkgs, ... }:
{
imports = [
../../modules/ironbar_config.nix
../../modules/boot_params.nix
];
boot.kernelPackages = pkgs.linuxPackages_latest;
networking.hostName = "overheating";
programs.ironbar.monitor = "eDP-1";
programs.boot.boot_params = [];
}

13
nix/programs/common.nix
View file

@ -47,6 +47,7 @@ in
neofetch
brave
greetd.regreet
sops
(callPackage
../override/oxinoti.nix
{ })
@ -110,4 +111,16 @@ in
{
FLAKE = "home/dasshie/gits/dotFiles/nix";
};
sops = {
gnupg = {
home = "~/.gnupg";
sshKeyPaths = [ ];
};
defaultSopsFile = ../secrets/secrets.yaml;
secrets.hub = { };
secrets.lab = { };
secrets.dashie = { };
};
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
}

1
nix/programs/default.nix
View file

@ -6,6 +6,7 @@ let
inputs.anyrun.homeManagerModules.default
inputs.ironbar.homeManagerModules.default
inputs.nix-flatpak.homeManagerModules.nix-flatpak
inputs.sops-nix.homeManagerModules.sops
];
in
{

1
nix/programs/individual_configs/default.nix
View file

@ -4,5 +4,6 @@
./yazi.nix
./fish.nix
./ncspot.nix
./ssh.nix
];
}

10
nix/programs/individual_configs/ssh.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, ... }: {
home.file.".ssh/config".text = ''
Host github.com
IdentityFile ${config.sops.secrets.hub.path}
Host gitlab.com
IdentityFile ${config.sops.secrets.lab.path}
Host dashie.org
IdentityFile ${config.sops.secrets.dashie.path}
'';
}

29
nix/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,29 @@
hub: ENC[AES256_GCM,data:69czN3kqTYCbiwXPPUpaThm7lrpM/43nUcE0Ee3m1AscB0Huqp1LzmgVBVZ6X/NVamNipfRzN4KePmFqkGBT7V6qIewX0L6vYpLBJ7pwdv1xRF+FEkrfikqfdec28AwNCOXIOQZq3oknPpGoAVAQAsQo+SxwPaP4vZKbYpS9EA727E9REd4dVcBRW2GN3ystiX+L/Rz+mizHQfVGb6LHhj6AZWB/SGhcfGJZCfoKgwIFekjiSJhdSQemmtX1x+b7yxUwQqsUBPVtSf73zUCIYVjLwx4bdZ5OF8kITRF8ZIfp+YLN24Lt5Qeatd4FBO5AJTFOgjRjU38z6Xy3CwZMv0hp3IwqfXUd+47wiGSXSs2lygntWodcG96/KUubrChWQQxfE0vNIAu/l2sjwwre32E9mXBYn6uHFD+/kroL531KscdKdnpAACnwsomMSiJIWz3JQa6aljDeUd90VFH2kOf8VtGbqkFL9VfTrtx/dnTMaK2VJmO+bZTge+evIBgtH0Y2DP/GmaempeZIyJydx03uVCFDi+uEfGx10HMty0sUS0k=,iv:1/+m6CmUojTS4d7B76zzrwC3k5M18qkQ6q1458kG1QI=,tag:463IcCP3Tfb4JWS5K7hCjw==,type:str]
lab: ENC[AES256_GCM,data:IbIHYKp7kAP09r2t6bppLZraRIxjEsIXbfIG/R5QTGzy1uVk5LZivzepkJP6kOf3qWt/wZiBb5qLcNyL/+RZMfaV5KvlvtKhCVQ/D5qS3qB/4wKvPTdMiMzc9VTnLzUaDExMAtiYV/tcJGC/xgpkrwizJwy5WEA/d8EKUDs1p//vpv8b6035k1oV/49sw3cJ/eMGgvnuJ3sKMKpkXbUJ4zyyHKPCFoaCGdplCJDn5hZloaqxBjdZctAEgsVvKiq2HyIMNqH3YaKEJZhwMrwQMSioHA1WnBQMc0tnqWAi9rhpm8pY553HaQe0U/lpS1W5IvLj7MVxat3911WK/s95oEVLY7b7dZAzmdMau4IF/ozhxC6i2oSELw+VNqiZ/yJwfqJ7e+89UnxZdi7xMJpikOfE1qzGIPaEHj2caSf+U2sldqsRyqdf+oJK9Sof4djn5diEPkhTyLkqFCGC6QakEbprcbstBcjwu65G4BTTDy/3FJYUt0NZTHy7HDjsn/7b2Sxa1XgWbWOGBwbmMqpsSE6eJC2WmWDWtrjgO7rV6XWwzm8=,iv:uVkMdjENhj2OnHnmCyfpQAdQeXwnvTIdExDxxWVIRKc=,tag:+3lf+T2Gpa4fLC3FhbLa6A==,type:str]
dashie: ENC[AES256_GCM,data:P/+ZEelpLFrcsk8hx7CF999Wlv5OWiybjPVT1ULogCECpBAxYJglisINyJGGBSBLnp4FF45kCpFb/xsuLZGwe/o4LK6Lbf6/uwE2HSXNMMXjkD8lk3zINNXfWls6s9f/XnHsKjwp0gDGhcfMM+mbg8EAyCfkdLUWYapNQc+CIr1ilAvjzDpGhrjYw2j7FEEKiteUxPTg34DY6iKlxkuGuon4Yb2r1d5+KMiHKouomjRkvS3cAgCyTKIVybYEhCQthHJh0j76Z7O5wvfXeOkLFWE68arvOci2MC7ecx6bVUrJQDTyUSpyO9TqJneIh36STZQs9Zk24sSY8jdt59roaJPylfRmbSRnlH0Wg5vzbuu4zM/ffTaiYRZkKBYbX9wmyNh4nW7EJOD9i4lE+65VxWYI4M0EuJXqI4vaIEo2PexAWci9cp0Ui6BmY2G4PoEz0P48p2WXPnQOwSSBYY9HfeAs+oXhB4Bi+I1VUAR/BkzihBvb+d9AWcbZIurMc2h7Vlz58/2E8+QVzljHfN+pakU/FhWCt2VRhhimyF8h3Nacbk0=,iv:kmFBTzx9BNHRGv+FzdwrIvVMORprhilG8tN2C3J4BRY=,tag:jRvRDkvUE14JZZem13/5Vw==,type:str]
hub_pub: ENC[AES256_GCM,data:6vIAQWFMIR+HnERg+A4jKu/MW+e7eLQplmdJyBeuBL9tvxH1idT8C6zvMEyIPhelU6+ZYQghAlvuC4MtktI/Te0f40XvdK3Gq/DmfBrLRUgLdSjUvMeGuuKnpRX0mjCaw77YW5ES4ptZ,iv:PC9hELA0234JCk2rx6FJhMlKKaKO8WrIezJ2Q2nv6EE=,tag:R8oPaH3Sbr23oRX++OP/qg==,type:str]
lab_pub: ENC[AES256_GCM,data:rlHCiqGnoaPiQBaZQRT+bEjfNF7jNO4CGPoCOKJ1o7nv7i2jPy6Bq9OMBHXsMHI9oGfEhyKCDHdpJ65aI07KJC/fMoMoAyiNmalwNOn26jbgj84mfENS3IYbfKxQVXAUCJHE5m1cFsm7,iv:8SLdHLYq2tlfHBjdeDoByEzGuu3TURj4+KJvQfPuaWA=,tag:mmGXlRwQ0UoVIAJE6d1OUQ==,type:str]
dashie_pub: ENC[AES256_GCM,data:k6JIJOKDJcGSW47Z8y0EYxNl/vaPRVbIn35CSA57snEzYnk5GpU+1NfPDniWoAGRkpIwicgN6kpzssRlKOmVudvwMejSLv4VkLRBjrsApVFECwoIBLUNGUSDaMcIwC/BYu4jfjGaozBj,iv:0EZ0rptLdmcuTU1BGOILaaDTrc7aZGJCCxgjUESqi0M=,tag:dlQs/ugBGxnSrNj/bRSJSw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-05-14T18:34:33Z"
mac: ENC[AES256_GCM,data:ZOmH7VOtapecA3wr0p4M8SfC5zKybsXZdI67rE8SHFyeHDq+6In0ekPs4uTun1lBT4ly4ijjK2XWsRdrkTI76P4yKD5o850Mi7RDHTZzzP3AmlIrMgFbKTZkxuY1wnLJvcuHnbzq4e7s5ZJYPRx/lDd5dnYB+Xa5yyv4zCXXwqg=,iv:cqSPKZp/SNYnKU1QT2eOmKPe0oFTgVI6r8UMTYModnk=,tag:bHUhfnlHq8UGG8Z50cCQcw==,type:str]
pgp:
- created_at: "2024-05-14T14:35:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DnA7H9LSNcZ4SAQdAJZzOF6GZ1VTNt2rccso305pkL5AGeeAPV0LtfpZkkVEw
2GTK/N4MmE0YyjUAP+W3fkGawgzQDRsjSF+AB936DcL3BtfGktChl3agFBfWqprs
1GgBCQIQ7rj9kooZpsYX93x5TSz2ZN3aeu/dcx3lHYwyqtTxdTMjK44LngfhO0qZ
zc/951nhmt6Vkj0PJY4QRkKiLPoVo/lgG4+1dv9hSJULRuZwvFQfv/7UXzq0tKrl
/xqggA6uP/rogA==
=zJOX
-----END PGP MESSAGE-----
fp: 92D29D420B5D95FCA46A12FE778CFA7A623614F3
unencrypted_suffix: _unencrypted
version: 3.8.1