chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

start of secrets

Browse source
This commit is contained in:
Chris Kruining 2025-03-09 18:50:02 +01:00
parent 48a38e8e49
commit 407160b012
5 changed files with 80 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

10
default.nix
View file

@ -11,6 +11,7 @@ in
inputs.nixvim.nixosModules.nixvim inputs.nixvim.nixosModules.nixvim
inputs.stylix.nixosModules.stylix inputs.stylix.nixosModules.stylix
inputs.nix-minecraft.nixosModules.minecraft-servers inputs.nix-minecraft.nixosModules.minecraft-servers
inputs.sops-nix.nixosModules.sops
(mkAliasOptionModule ["hm"] ["home-manager" "users" config.user.name]) (mkAliasOptionModule ["hm"] ["home-manager" "users" config.user.name])
(mkAliasOptionModule ["home"] ["hm" "home"]) (mkAliasOptionModule ["home"] ["hm" "home"])
(mkAliasOptionModule ["create" "configFile"] ["hm" "xdg" "configFile"]) (mkAliasOptionModule ["create" "configFile"] ["hm" "xdg" "configFile"])
@ -28,7 +29,14 @@ in
environment.variables = { environment.variables = {
SNEEUWVLOK = config.sneeuwvlok.dir; SNEEUWVLOK = config.sneeuwvlok.dir;
NIXPKGS_ALLOW_UNFREE = "1"; NIXPKGS_ALLOW_UNFREE = "1";
}; };
sops = {
defaultSopsFile = ./secrets/secrets.yml;
defaultSopsFormat = "yml";
age.keyFile = "/home/";
};
system = { system = {
stateVersion = "23.11"; stateVersion = "23.11";

41
flake.lock generated
View file

@ -625,6 +625,22 @@
} }
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": {
"lastModified": 1731763621,
"narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1740367490, "lastModified": 1740367490,
"narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=", "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
@ -640,7 +656,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1727348695, "lastModified": 1727348695,
"narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=", "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=",
@ -758,6 +774,7 @@
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim", "nixvim": "nixvim",
"plasma-manager": "plasma-manager", "plasma-manager": "plasma-manager",
"sops-nix": "sops-nix",
"stylix": "stylix", "stylix": "stylix",
"zen-browser": "zen-browser" "zen-browser": "zen-browser"
} }
@ -779,6 +796,24 @@
"type": "github" "type": "github"
} }
}, },
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1741043164,
"narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3f2412536eeece783f0d0ad3861417f347219f4d",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"stylix": { "stylix": {
"inputs": { "inputs": {
"base16": "base16", "base16": "base16",
@ -791,7 +826,7 @@
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_6",
"nur": "nur", "nur": "nur",
"systems": "systems_4", "systems": "systems_4",
"tinted-foot": "tinted-foot", "tinted-foot": "tinted-foot",
@ -980,7 +1015,7 @@
}, },
"zen-browser": { "zen-browser": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1727721329, "lastModified": 1727721329,

2
flake.nix
View file

@ -34,6 +34,8 @@
nix-minecraft.url = "github:Infinidoge/nix-minecraft"; nix-minecraft.url = "github:Infinidoge/nix-minecraft";
flux.url = "github:IogaMaster/flux"; flux.url = "github:IogaMaster/flux";
sops-nix.url = "github:Mic92/sops-nix";
}; };
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, ... }: outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, ... }:

8
modules/options.nix
View file

@ -15,10 +15,6 @@ in
{ {
user = mkOpt attrs {}; user = mkOpt attrs {};
environment.systemPackages = [
pkgs.sops
];
sneeuwvlok = { sneeuwvlok = {
dir = mkOpt path (findFirst pathExists (toString ../.) [ dir = mkOpt path (findFirst pathExists (toString ../.) [
"${config.user.home}/Github/.files" "${config.user.home}/Github/.files"
@ -31,6 +27,10 @@ in
}; };
config = { config = {
environment.systemPackages = [
pkgs.sops
];
user = let user = let
user = builtins.getEnv "USER"; user = builtins.getEnv "USER";
name = name =

27
secrets/secrets.yml Normal file
View file

@ -0,0 +1,27 @@
#ENC[AES256_GCM,data:jozDiJTPaF427kVL4MDV8VOVhft52sOS9YIfj0n8WUJmQzVoiNY=,iv:8kyaDw0l82KZfYKkfKDj0wvcIkY6zas5e8puubEr1mA=,tag:LvuVGvU195BihU8TbPN1xg==,type:comment]
example_key: ENC[AES256_GCM,data:9jefDfjJLP8Ha135Lg==,iv:9SUpjO1t65gA3LiwYN6nMj7icwInxTCQz7JsNEfQ2XA=,tag:Y8BBSLwUQem8wSXAlvnEXg==,type:str]
#ENC[AES256_GCM,data:IU1T4k/+44s8qFnjnreDMihjQRmMd5qSTtfA/ung5/1f1JmBXGP7EwYJBFF9BSBkBqBfv24A9Ok=,iv:tHzL3pW/qsNdWGT3c+ni0uTlkBMWOu/SsraymCuAkqs=,tag:nWZgWdPNiKQ0j/t9Z/5l5g==,type:comment]
#ENC[AES256_GCM,data:BhUTbsJB5voz4m1w8u1Y/MI8kR5lpRW8RpZO65IyGg232uNSoBLXB2QSl1GseyTC8bZHPiCF2gnttPD+76kqVlfzhhDu4EKU,iv:Ic8ZpR2QBBGhF2++S/TR/DRutkTghpMiby+yvNy0CSE=,tag:Z1JEtowycGDNWuznlkId8A==,type:comment]
example:
my_subdir:
my_secret: ENC[AES256_GCM,data:hccfc6uU4tGT,iv:HYjmo9kAVCcXSpDKWGku3vaJVvZHzYB3l079xXw5OEQ=,tag:c2b8BSqlL1LTcDf1nSPfVA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeHZXWkZ2andYSytmYWpR
ckttNVJZaWxDK2ZwME1iY2wrWFNwR0hzWUNFCjVSaWpmTHkzdHpPNjhueTQ5ZUEz
YW1BcnIwU1hsb2lodk1QcHJvTUdrVVUKLS0tIFNpWlBqb2pOWDVLV0FvU1FUODJB
dTg0QXZuSkJXV3ZRSUlKcktDNElia28KKZ62gTVpeiz1CfK7awURrPZ7zAYx9vfR
Ajxk0cw1gleE6EU2iIlLOWtmyZbcNk1X32a+otXijlH8fDGtoxA97Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-09T11:37:49Z"
mac: ENC[AES256_GCM,data:ZEqJc6slPb3YMR9kn/jFImjkQQIT3KyUK3qE3JMty+IAAr9GT8r+rHOwku4TOwL6YzON6L5vkUQFFKnOz9GiJuGkStc6AbML4SfOlRDsaFU4kwO+27UvDBYRqi6iHtJ2pu/uD4wELVhdbElxHvFlCjtgqBWaWmlXw3ATjkiZnik=,iv:zJNM/TqNfBO/mr8ZK/I/FfXwknyn9YpJ0eo4EpHSJvQ=,tag:G4FLx/Hwknq5hYEb8SWQLg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4