fw/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added sops support

Browse source
This commit is contained in:
FredzyW 2024-04-24 14:52:47 +02:00
parent 52dfd1fbdf
commit 2e06ef806d
8 changed files with 114 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
.sops.yaml Normal file
View file

@ -0,0 +1,11 @@
keys:
- &admin_fred age1krwc99ct25lst4543jrcfdkfhufha7j6237a2r4zhf425d5e54wqcl20jr
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *admin_fred
- path_regex: secrets/fred/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *admin_fred

4
config/home.nix
View file

@ -67,6 +67,8 @@
steam-run steam-run
appimage-run appimage-run
bluez-tools bluez-tools
sops
age
#Terminal #Terminal
git git
@ -87,6 +89,7 @@
btop btop
poppler_utils poppler_utils
pandoc pandoc
ncspot
#Desktop #Desktop
aerc aerc
@ -108,6 +111,7 @@
audacity audacity
pdfarranger pdfarranger
byzanz byzanz
freecad
#Dev #Dev
python3 python3

54
flake.lock generated
View file

@ -92,6 +92,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1713638189,
"narHash": "sha256-q7APLfB6FmmSMI1Su5ihW9IwntBsk2hWNXh8XtSdSIk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "74574c38577914733b4f7a775dd77d24245081dd",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1712439257, "lastModified": 1712439257,
@ -124,12 +140,48 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": {
"locked": {
"lastModified": 1713596654,
"narHash": "sha256-LJbHQQ5aX1LVth2ST+Kkse/DRzgxlVhTL1rxthvyhZc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd16bb6d3bcca96039b11aa52038fafeb6e4f4be",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-gaming": "nix-gaming", "nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable" "nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1713892811,
"narHash": "sha256-uIGmA2xq41vVFETCF1WW4fFWFT2tqBln+aXnWrvjGRE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "f1b0adc27265274e3b0c9b872a8f476a098679bd",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
} }
} }
}, },

7
flake.nix
View file

@ -10,6 +10,7 @@
home-manager.url = "github:nix-community/home-manager/release-23.11"; home-manager.url = "github:nix-community/home-manager/release-23.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
nix-gaming.url = "github:fufexan/nix-gaming"; nix-gaming.url = "github:fufexan/nix-gaming";
sops-nix.url = "github:Mic92/sops-nix";
# TODO: Add any other flake you might need # TODO: Add any other flake you might need
# hardware.url = "github:nixos/nixos-hardware"; # hardware.url = "github:nixos/nixos-hardware";
@ -20,6 +21,7 @@
nixpkgs, nixpkgs,
home-manager, home-manager,
nixpkgs-unstable, nixpkgs-unstable,
sops-nix,
... ...
} @ inputs: let } @ inputs: let
inherit (self) outputs; inherit (self) outputs;
@ -39,7 +41,10 @@
inherit inputs outputs; inherit inputs outputs;
myhostname = "laptop"; myhostname = "laptop";
}; };
modules = [./maskiner/laptop/configuration.nix]; modules = [
./maskiner/laptop/configuration.nix
sops-nix.nixosModules.sops
];
}; };
desktop = nixpkgs.lib.nixosSystem { desktop = nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {

8
maskiner/laptop/configuration.nix
View file

@ -16,9 +16,15 @@
]; ];
networking.hostName = myhostname; networking.hostName = myhostname;
sops.defaultSopsFile = ../../secrets/fred.yaml;
# This will automatically import SSH keys as age keys
sops.age.sshKeyPaths = [ "~/.ssh/id_ed" ];
# This is using an age key that is expected to already be in the filesystem
sops.age.keyFile = "~/.config/sops/age/keys.txt";
sops.secrets.spotify_password = {};
services.xserver.dpi = 140; services.xserver.dpi = 140;
services.spotifyd.settings.password = "${config.sops.secrets.spotify_password}";
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

2
moduler/common/kitty.nix
View file

@ -7,7 +7,9 @@
size = 18; size = 18;
} else { } else {
name = "FiraCode Nerd Font"; name = "FiraCode Nerd Font";
# size = 18;
size = 24; size = 24;
# size = 30;
}; };
shellIntegration = { shellIntegration = {
enableZshIntegration = true; enableZshIntegration = true;

3
moduler/common/spotifyd.nix
View file

@ -1,9 +1,10 @@
{ pkgs, lib, myhostname, ... }: { pkgs, lib, myhostname, sops, ... }:
{ {
services.spotifyd = { services.spotifyd = {
enable = true; enable = true;
settings = { settings = {
username = "fredzyw"; username = "fredzyw";
password = sops.secrets.spotify_password;
device_name = myhostname; device_name = myhostname;
}; };
}; };

29
secrets/fred.yaml Normal file
View file

@ -0,0 +1,29 @@
spotify_password: ENC[AES256_GCM,data:pEi7c7mGnLqOHcHTL9EXhb4WeQ==,iv:CJMdvwzlN+50szCLpwsGu0IKTFlBhnP/cwDzegmfeEU=,tag:qgwF8asIpVZMhU7hPnCwHg==,type:str]
#ENC[AES256_GCM,data:XbMoHRMRayasO8J+53f53A==,iv:psX/yl2AC/ciK1Bll0OundYdznCvvBs1/sXRfyKCOfs=,tag:w6uv0l1atSVO1gAUY+DTsw==,type:comment]
example_array:
- ENC[AES256_GCM,data:VPMtdtIvst0Kh3mj5+I=,iv:MVaHOOXV7DVOgW+K3o2ZCN4q/qp5OQA3L2ncDwCUJRU=,tag:bRuhaHhkn5RL0An2QER8pA==,type:str]
- ENC[AES256_GCM,data:fABtevCFNDu5+tjLprU=,iv:80ar+fNbfdEFTqDMSPFpq2wLMj9AF+6+58gHYKGDEHo=,tag:syQshcDSoNC5l+AtKbs/lQ==,type:str]
example_number: ENC[AES256_GCM,data:UPyoHsoNNqWn2Q==,iv:diubzEl3GLDcSulGW5Iof/75VxFppuL9w5SlnokA0xA=,tag:awKZHcA3MDP7Y6+HRVkprA==,type:float]
example_booleans:
- ENC[AES256_GCM,data:U0wuUQ==,iv:VHzxjYVAdocWmnYBz4XlUfx+xNtfTwY+rYSg3izGpL8=,tag:EbbnkVkXCBlWRgJvkRT80A==,type:bool]
- ENC[AES256_GCM,data:UeaTW2k=,iv:zzjMtznD5QNt0dM5c5V9okXNgdCGS/JYdEoEinPSrtU=,tag:Y6IpzWov+vb074QpTmgB4A==,type:bool]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1krwc99ct25lst4543jrcfdkfhufha7j6237a2r4zhf425d5e54wqcl20jr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaFMweGJLQ0lyelhLNGMx
R3NaRGdjM3NNTUZzaVUxQmdKMUlPUnNRcm1zCnJxSWhmV2tJTzNjbW1ORC9zOVEw
cWtYalZTSzRDK1h2dTdoT0VTRCtKbG8KLS0tIEpHaUErRVlzUi9XL2pjZldNTEFQ
OTFhZVQ1bjA3bG81c1lKcHV0TzZabnMKzhPfi6kJnBB3EMXOvc7u3w4YNglKu1yH
6dF41Pvh5MBVxOcw8zEQeqyvKNADzGU+WA36wMCppKCqETuBUqfLGw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-24T12:37:14Z"
mac: ENC[AES256_GCM,data:XWohlQpWst/O1+gb6SYRoljEZ3EuMOnyqHRzIaSHDuwh47DN/VT7UhwzUxTh2DyHn4hEY4WS5bFLNBaYZ7xTAIW0ANT4VkMntC31RgcvZdIKh3iQd1IxUPq5RkuUEvdvnw3JTUARAh3PT4p7/49jaHnSTc7XZLAzA+x0lhzGVBI=,iv:cvqprPHCq0xRt32k6aI97BJ6fZqWjTpK25r5beMplO8=,tag:YFKzTDUaVGb8fwnxoUDUOQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1