kiri/lux-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit

Browse Source
This commit is contained in:
kiri
2026-03-03 16:30:58 +01:00
parent 5f34d32807
commit 6a49646d5e
34 changed files with 1229 additions and 1044 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
modules/secrets/secrets.yaml
View File

@@ -1,7 +1,7 @@
radicale_pass: ENC[AES256_GCM,data:zdUxtJKNPC8SzajhFKo=,iv:H55GWMiQLJvZx6rAufkk807lZflg0sepxoq6z0XJ/q4=,tag:MoDOuF37PeF7QEpUxBntEg==,type:str]
university_calendar_url: ENC[AES256_GCM,data:y5UtZVC0KJPUz//6S0QsrNeFGQshc88zieQgmlur75VFw9y5CJpnZRpdhLnYva00z5HBkxYQelLqS/I5GrXexWtC7Y7d1dCcQ+IZ0K7GGJ5NrYtjNXfMhzNSlhqjvl5lBGb+S565kel3VsCTyo/YRxdbBN6FA/oQNsx8/AvTgtsPeFkQRDGlGkybFRfWHWuTIDLL,iv:rZK9utRrm/KAkVRUjC3VR09MvDZjpoLx7BgaidzQo3o=,tag:tGWGoQCsS3zZh818OKixPw==,type:str]
ssh_config_orion: ENC[AES256_GCM,data:P2jH5BDIzeHSIwTBcZwTOXKes727xK0Xoj9W64GmEszEPZw8vA==,iv:hSY9mFdC82pBbOjMFuzoR2eufhjY2MGERJ4ODmcogbA=,tag:ejF535LrQwwH66nQG3qLGw==,type:str]
orion_ip: ENC[AES256_GCM,data:RCK6EKOEDaTu1uR2d/8=,iv:5JhIkVQEELB6MoPh49xq+0CrbPjI/6+qfqUHRqCza5s=,tag:+00T4+pWOWRj7R1ft39HAw==,type:str]
radicale-pass: ENC[AES256_GCM,data:3CpCnSibLWeZUJRBMuc=,iv:3J9x4ejcsYXCjRRGP5lOex+9EG8STLsbJ7FWesRpLIk=,tag:Pg1jIlnr2enuTsCvvWRWjg==,type:str]
university-calendar-url: ENC[AES256_GCM,data:oGP1BdF3YxdRRr061LaC4HaaiPXoyZq7ZALqU+cv8wb2GgYT+jgshgx9LRjM3jsIjPXolkG5bCZi46r/rpEk3mWSskQ3YnCXcwM1BN+PPVapdtQgkRSWriAOUXPnRpaZzpMs5WaJTnkOrJJqfAoy+jGIE0Nhul/CRw5tOeRkwPbDxfA/dY9MT80ciHWHscHb1w9R,iv:1JqN80OnrIjOl4LGmk99LsJMmoT3hGjlCet6mYeRb5o=,tag:9GhVQIa1BXAEjdOxswHH/A==,type:str]
ssh-config-orion: ENC[AES256_GCM,data:VEe6VSnrpySOdEJ+Sxcc2K6bL/eh/3PjAUNLBjvG7ceJcVnvdA==,iv:yJEhPQ3rYcCn+V7mzC8bPFjkW2GYDArjDJDI8vC1D70=,tag:n49AfsnZZgPuKO8MtAzVtg==,type:str]
orion-ip: ENC[AES256_GCM,data:S6fpCWnD8dvchvrHlEo=,iv:72+oRxHUEJ7imJ+sWjGbG+TUrSqYL8hbyHl3ChwFYwA=,tag:Rj6msje87+Ve+M6kcZd4Jw==,type:str]
hashed-password-kiri: ENC[AES256_GCM,data:xubN5stH4RPlHYl+Jzcu2BCepz3Hra3TxjiSspktzjgpEWrU79h3NbcPMrYC0MSjsv3oaWio/S7nBV3Tes3WBlI9EC9vq+6tyTVPynUqpB7c9CvvYSmqc9bAHOnIOBb+gP2RR6JB395UoQ==,iv:uN83RNTfCJdBDhFhywV5NbVBp4xcptqzoKVAoAnaiQk=,tag:x9yufiPdSJwBADT6QymExA==,type:str]
sops:
age:
@@ -32,7 +32,7 @@ sops:
YlZ4VGIzaE5kQ3ZSczI2Wk5IU1UvOXcKqkj/OYP37+60Gr2xJmPE9O7HB7LCu4Tp
AvvoMQLkkvVJ30Y03pfEzIMnvJHKREy9zDOScfqUflDk79mcDaDhvg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-16T13:53:22Z"
mac: ENC[AES256_GCM,data:DuGE9Ovae5Y2Qpm5v8OYgFC2/u/Yzprv+ImmX1OVsh5KjGS26HaX1HLbzGu7NZCMfg2ZrJ5BeFNCO3UaZ7tXNoWGKxQZRNYpAH8PjI225l+GWozcva0on6S0UD2MhtKkpFPFUg1uEDSzqwMoXgPbWoB1W0VeAOkfAhKM9j/tggs=,iv:/Hsh9JvdcZMy7v4tLGaBwDlMIf5HBta3GeZC5gDUO9k=,tag:mtwqk41SA9qzIw+cVDSgQg==,type:str]
lastmodified: "2026-03-01T17:21:02Z"
mac: ENC[AES256_GCM,data:O3SPxEu8M7au3NF2jZvqqzj4yK44dH7ccb04n59tZmx5lDQfa6nRTJUrlEnwRPUMYmta1WyYZDSje+Yf9hNLSj9ARKMx9Ot/gfBRISOdDQ5FyeHNEU8aq8/HeRkf2CHJYqbNi8wn27IKrMXOG6TktNUXaqb8v4POo3K0qbJ5Z6s=,iv:Aw4G8VXbr48yWWqVhUa5KQ61y1o6ST8VHRECc9s0f5U=,tag:EP218k82eh7itHYO+iNTwQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.12.1

48
modules/secrets/sops.nix
View File

@@ -1,29 +1,27 @@
{ inputs, den, ... }:
{ inputs, ... }:
let
sopsConfig = {
# TODO: Should this be user owned or root-owned?
# How do we determine the keys location without hardcoding?
# TODO: Take a look at quasigod
age.keyFile = "/home/kiri/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
};
in
{
den.default.includes = [
(
{ host, ... }:
{
nixos =
{ pkgs, ... }:
{
imports = [ inputs.sops-nix.nixosModules.sops ];
# TODO: Do we need both modules?
den.ctx.host.nixos = {
imports = [ inputs.sops-nix.nixosModules.sops ];
sops = sopsConfig;
};
sops = {
age.keyFile = "/home/${(builtins.head (builtins.attrValues host.users)).name}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
secrets = {
hashed-password-kiri.neededForUsers = true;
};
};
den.ctx.user.homeManager =
{ pkgs, ... }:
{
imports = [ inputs.sops-nix.homeManagerModules.sops ];
sops = sopsConfig;
environment.systemPackages = with pkgs; [
sops
age
];
};
}
)
];
home.packages = [ pkgs.sops ];
};
}