kiri/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add sops

Browse Source
This commit is contained in:
kiri
2025-11-29 16:54:14 +01:00
parent 98737c1550
commit 6aac1fb788
4 changed files with 67 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
flake.lock generated
View File

@@ -913,6 +913,22 @@
} }
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": {
"lastModified": 1763618868,
"narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1762977756, "lastModified": 1762977756,
"narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
@@ -928,7 +944,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_8": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1762111121, "lastModified": 1762111121,
"narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
@@ -1028,6 +1044,7 @@
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_5",
"nvf": "nvf", "nvf": "nvf",
"sops-nix": "sops-nix",
"spicetify-nix": "spicetify-nix", "spicetify-nix": "spicetify-nix",
"stylix": "stylix", "stylix": "stylix",
"vicinae": "vicinae", "vicinae": "vicinae",
@@ -1035,6 +1052,24 @@
"zentire-website": "zentire-website" "zentire-website": "zentire-website"
} }
}, },
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1764021963,
"narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"spicetify-nix": { "spicetify-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -1065,7 +1100,7 @@
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_8",
"nur": "nur", "nur": "nur",
"systems": "systems_7", "systems": "systems_7",
"tinted-foot": "tinted-foot", "tinted-foot": "tinted-foot",
@@ -1306,7 +1341,7 @@
}, },
"vicinae": { "vicinae": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_8", "nixpkgs": "nixpkgs_9",
"systems": "systems_8" "systems": "systems_8"
}, },
"locked": { "locked": {

2
flake.nix
View File

@@ -12,7 +12,7 @@
hyprpanel.url = "github:Jas-SinghFSU/HyprPanel"; hyprpanel.url = "github:Jas-SinghFSU/HyprPanel";
stylix.url = "github:danth/stylix"; stylix.url = "github:danth/stylix";
#apple-fonts.url = "github:Lyndeno/apple-fonts.nix"; #apple-fonts.url = "github:Lyndeno/apple-fonts.nix";
# sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
nixarr.url = "github:rasmus-kirk/nixarr"; nixarr.url = "github:rasmus-kirk/nixarr";
vicinae.url = "github:vicinaehq/vicinae"; vicinae.url = "github:vicinaehq/vicinae";
nvf.url = "github:notashelf/nvf"; nvf.url = "github:notashelf/nvf";

36
hosts/polaris/secrets/default.nix
View File

@@ -1,42 +1,34 @@
# Those are my secrets, encrypted with sops
# You shouldn't import this file, unless you edit it
{ {
config,
pkgs, pkgs,
inputs, inputs,
... ...
}: { }:
imports = [inputs.sops-nix.homeManagerModules.sops]; {
imports = [ inputs.sops-nix.homeManagerModules.sops ];
sops = { sops = {
age.keyFile = "/home/hadi/.config/sops/age/keys.txt"; age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {
sshconfig = {path = "/home/hadi/.ssh/config";}; radicale_pass = { };
github-key = {path = "/home/hadi/.ssh/github";}; university_calendar_url = { };
gitlab-key = {path = "/home/hadi/.ssh/gitlab";}; # sshconfig = { path = "${config.home.homeDirectory}/.ssh/config"; };
jack-key = {path = "/home/hadi/.ssh/jack";};
signing-key = {path = "/home/hadi/.ssh/key";};
signing-pub-key = {path = "/home/hadi/.ssh/key.pub";};
pia = {path = "/home/hadi/.config/pia/pia.ovpn";};
}; };
}; };
home.file.".config/nixos/.sops.yaml".text = '' home.file.".config/nixos/.sops.yaml".text = ''
keys: keys:
- &primary age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334 - &primary age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl
creation_rules: creation_rules:
- path_regex: hosts/laptop/secrets/secrets.yaml$ - path_regex: hosts/polaris/secrets/secrets.yaml$
key_groups:
- age:
- *primary
- path_regex: hosts/server/secrets/secrets.yaml$
key_groups: key_groups:
- age: - age:
- *primary - *primary
''; '';
systemd.user.services.mbsync.Unit.After = ["sops-nix.service"]; home.packages = with pkgs; [
home.packages = with pkgs; [sops age]; sops
age
wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"]; ];
} }

27
hosts/polaris/secrets/secrets.yaml
View File

@@ -1,22 +1,17 @@
pia: ENC[AES256_GCM,data:0bnhHeVqKSLHVimd78a94ShHlO3+LUoZ4oiKD3cnBYkaZsw=,iv:S+/IChlFlqdI+PyFF+Ti4AJUkch2MS0qKiqHL1Q3RMk=,tag:+v2kV70ou84eIc01dKnAhA==,type:str] radicale_pass: ENC[AES256_GCM,data:zdUxtJKNPC8SzajhFKo=,iv:H55GWMiQLJvZx6rAufkk807lZflg0sepxoq6z0XJ/q4=,tag:MoDOuF37PeF7QEpUxBntEg==,type:str]
sshconfig: ENC[AES256_GCM,data:1EY0vnJ6NHb/GODYkiOKVR6i0UoojFPileQW1/ZokxDswGnz6P0eicS72wkMjwsw9tY5l0OM0NNbTIyYkqgE+q0HJw8IkRHvmvBq4AX/6o+2++YJuDTMpCcDkMAp4BNtrzqpBkKaqXJgMbxTpEPRNTnSpg96sinluCtuASEZaI8Ej+QKq/pEeELIGnkYkUr9d8/M8ZavzZ59oQmUsOxOCtYBsCi5BHMpATfVg+WqyXv3uptMB2PoTwsJiJ9IiQTJHWgkpe+WpIIsi4Dc49YpX3O2pHytimfuuy8D5DESKTOtcqg8qIL/xcR8iJl8ISJAA9IZg8eJ1FYdEpfTruwfiPYo6Ce5zH4W/BVm3iQ8B3Tuzi+gvRBwffcRpYkdAS4c7tk7cgF3U7sr1L7yLL6OmuBXaNSnALyHO2W5b3tefGY0YmwGUfh6M5FMI8/5SfxcMfSOAZKxhcckRL1CpFMzmKkAdY/PRCghmEWobU1KswBPiYWQ6vfubbdN1Yx1mng4z6zmkXmiqrc5IQfOBpbY71VnUoXh384Et9PM3cti4K6SmZFYX1uZStP7KXLhw4ZnVZ0J0fIks4RZ11A3NWtE1yak9z7QXj7k/PtdfrsNtIphVZ7LsZEvOvdgIlUToYNcyvagYsRRlreQPqhLSc7ninjIbRaL4a/s6kIdrr3qovPNSlE3R3HRGTBOjTEF9Bmp+oGb5L9HvBBu6NmNwHQ76gySAXbMnRa34JuXtzpEIZ5yo4AI5i2eDPeM2Dx6jUSl7OJm3wT6cVMF/2rLj0zHzp8B1bYOsf7VaMzHCYEhXMu7REMmmfDKwtb9zsuf/r1zlPXJcukDCrtJ3Z/mFl03,iv:0hS7g9gVVntWVSRSPCgZ3rjGcMf2RzQPjMpgSz0GlxE=,tag:mnDakNZiG28H4jmnZH00eg==,type:str] university_calendar_url: ENC[AES256_GCM,data:y5UtZVC0KJPUz//6S0QsrNeFGQshc88zieQgmlur75VFw9y5CJpnZRpdhLnYva00z5HBkxYQelLqS/I5GrXexWtC7Y7d1dCcQ+IZ0K7GGJ5NrYtjNXfMhzNSlhqjvl5lBGb+S565kel3VsCTyo/YRxdbBN6FA/oQNsx8/AvTgtsPeFkQRDGlGkybFRfWHWuTIDLL,iv:rZK9utRrm/KAkVRUjC3VR09MvDZjpoLx7BgaidzQo3o=,tag:tGWGoQCsS3zZh818OKixPw==,type:str]
github-key: ENC[AES256_GCM,data:xUgFMlBo8e+3eXqNscxbby1dWug3SgUagDiNUe/IGVbU6cczkaJ3uOaB0OuRBQ8AYhOLkzXj0pIKjUrElHwmYrhURtS1aF4SFEGJsjhhobNA//j3E2/5/nLVjfco+lRzyHdwmsNhEUCqEhsXrrodJMb39H4b5oip3z0rjc729YveiWUKQxXVZVPurp3nq9yNnix9R4CA6XYFRW6T6MNqgPD5qhbcDlhxLb/SN+uI5h+5eZIS24VDWlKaTaCLL5KLhZmfuA37SquOQ+edi9Yg8MnfrZkMrp/3qmAjP2rSQLMOc4QdQCLQBQSf0/snpydgLwY+FoJmMSztwtkqUdIZWOfDUJbJxegEOrAR68jLTNbp+GYiDn3thtOZDiK5p/M1amjCT+A9qeFMed5WS+aZHNTRbR9UcfiP6+48MGZFt1mr7q+/CoL04/DTp0w6tUf6/SZD31NvTJDqngkhpc0ZH9Dh5+2JcnBWpq25AM36kZTn1hIQCLNTr/oGWZXSLA2tksAhQCaUcFj4IIh6Bl96,iv:GEJsAs5NriwENYTV/VShgJF6iMmrtTwNiXOvfXyEP8E=,tag:nfZgsFqaet075GjQAoVZxQ==,type:str]
gitlab-key: ENC[AES256_GCM,data:6271Tg7LIJsXAw7Co32vva+iUWv+eRAfVfXaGkoirHxiPTAgZfq8yDpGJwti2D/aFnLvbURcUgp3B5zy1aURu9puXi6QMu3orJOE2Zx0dX3lyeHyIhOZ1hAWsQxwBDkJYODuMZbIKHNrF26Mkk6smFF9SrGoADZGxY7XSou/iopw6yrLvQAXP6lN55PQvoP5/ek/QzKNwjJAbAjp7FjjtPqPUbUdj7bfIfr9avs6gpRYnRzb2H3auyhb5qvyuRWnKu4+FeZUofC7HnfRU1eSI8UzG49Rg4f2b1Xqr0JtsjvEmuRx7lbptINXEAjW7zaSZ2B9NgotWPIzkNZRNZkuTEaOulBf5iH3wJ9GM1FcbUu2gpCt6y+CMIk5QkVvETYtKuALLbcPx9/sc90doiH1411LeKQCs5l88BBILG9KPkKmXiGGUVNxzFtjbRYQIUEmmyl95kPPEdCkkzGzHXNfE3F9HRu4MCGKPK2yZPZtCXd3Jp1b21wKSIRNYqLqxru+J8eLSljd3czO0SuTG/Vx,iv:E+y3aVLaiStlPLTQBqyfJuEXtAQyOvDUYS+XfuOHuA0=,tag:6d1IAsGcmcpgL1pE9dDcbw==,type:str]
jack-key: ENC[AES256_GCM,data:VfCl3wH0MMBc8QDyjLDFeSvzSEsf7uGpfJvRjFrmjW+bPRUXBpZhJV8a9VQIAz7z7zZXvzARMfCeI0ydyC57CW81GH5/H5pneJ4b+xreINjVfdLbL1nC1thelo/O64jda/L+xVKhgE+QQi8/zt4JmXGghkP+74nYcTTaMpmcbgWw354J1ybXqyCEY+88nsJ1d2s+M7M2bplx4fGb7sLUs6sqdsad3sENzhH/0HQCFXreHTtgsLbIs8ccmdRgFNKM8/wD0OoW76rOQsJoA9JY4yOTQNVoX5M8+Olj6+wVlt6QBrWrYRuEztGnHrHvzxiHXtmEkMwVNfoPpEflQyRYRa0rVp/66REOkMckGx6/LbxKFgrxnifRlsK3kWd28v2bRGVQOghUluYUtVkaJ+eh6o6ik0NQKx8/H6BznBSDE6MjDwbLv434LHBfDtAqhWN1eMbOlunFivsl5Hb/6rl9kydHlcCS6FY8cUHoKQ90gDaUuDrvUifwmdO5hU0GH5tgvGi1ReK9ndcpQsrHptG6,iv:oC1xU5Tu3The105VYRmxIw4kEwDoqe8T/EH6mmqpqwQ=,tag:Pu8c536u6W7ALrqjRsvXDw==,type:str]
signing-key: ENC[AES256_GCM,data:NvLqmt7NzrWkbQQqFfosmSMvEv8C8+MDDpxSoDo3zZ3MR6WXr9B+6CnUc6rtevM230wgE17VC9XlmcQxX+PjJsWq6gZteK5THTIcrR5zPJVNlVCEyeLKoFj/6m7qBgyyoN3OjCNjgMkhsm009jwBgNk0qJMAYebOGo8eoP/al+4ytm7dhna+iX5WZabAg0J4z4JMDQonqQl3SaDnCEdHvk9m7ZEP2vUFscPkbLj4ewgFq+bUCHOOQb2uqRJoEgcR/NetRFcQfzcU6lp7JxobaICaO3zdmomUm7oabIUTrc3Kom3Wjw8ryqfqC1/SC0SHr5XGk2ygk0WnlQ4kNshqriL2dwbWAzy1Z/cTX9+aB/KNtC0U6zWG1bpnL3dgSgvhRiocIis/eNg1HWsLWVicmdebL/lXHztxFMdTuX/gWgQBotggTmx+OFGZfP9ZGlF3635mDxM/fEOCtTyA195dMicCUsjEpBegNtXsp+oOtxyRI0jSW47MBcXFP09f5ywELTPyz4eOUHO8sQ6UfJ6X,iv:KNQUlMPaiR4x1Fw+HZe/EOmh/gfsrqlefpq23uflz/8=,tag:illu42HKunQXnijjsUIvnQ==,type:str]
signing-pub-key: ENC[AES256_GCM,data:XuokZmCsnaNQ0rvVa3k81T4vtxw//r63xp1yHDLaNAMwA2r2bh6addl9WoAmm76g1rweqZrAAIw1PXDb90ubPaBP1iEHSkGZpwUpy/tOTePRdHMW2WtVvidpHQ==,iv:auB/bA89cJK6DnQi1BK2uldXRPyJfo+r7nl5qOLefUk=,tag:/I3kB6El1yesBMGOjJ+oHA==,type:str]
sops: sops:
age: age:
- recipient: age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334 - recipient: age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHVWN4YjZqczB3Q21WL1lz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRc08xMTMrTFZzSE8vQUx4
ckROWkhRditHblVHVEpOS0E0aGVqdW14M0ZvCkNzRXlCOWFBWmQwTGpTYVdFRlpq Y3RjelNXcmZ0Z0lSQkpVMjV2Yk4yc0pmb2s0ClZyTENuL0xpazAxazFUbEkxZmRD
bFdOR2pSTEZpUVpvUHo2NklrQm5EU1kKLS0tIFZ5ZWhYcHg1Z0hTOTZIdHR1QUxv TmhMSCtncWZ6NHhkVmRGV0lxVUkyYW8KLS0tIDR2dktlVy9UVVcvQ1IyaFUvRFZE
cmVxVC8rVDlWMUdZaGw3bmdOaWZGS1EKYahBlc8XpB5UdKZQkvxbLcKQ/xkFJjWo OFY3bU9JczZyV1dBS3FjWWVLQy9vWG8K9ESUWng+aRzt3Wu9WOYXQIu8ZMsBBYJX
FSfQWnjhe/a7BJtJEcKZkjOQU0mYqlSu+uT2RA9diCQeRUJPRF+nAw== PBnnSspDusmg1pWrFksA4c6UOEwG0E/l7t6VLssPkWAzJvz3qzBhZg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-27T13:28:57Z" lastmodified: "2025-11-29T15:19:14Z"
mac: ENC[AES256_GCM,data:XMPDLGHwTYIxgEz9Stj7j+lWgAOpzkEsnoRdWVVs4798m1sQRIyUuvEiCgbHoAktajrAAzXq3GZ4HJ1dfE1fDWGh+B7WwRoJKxtP6qI8Ub4h7lSiDsxJhr8ieqm5bzmHZkn8VJkrqBrSSXesirLprRLR5yZOVLAgco0lg9boM1Y=,iv:pYA5oz8cldKw1Ai7k2LCQBipE2keZa49L3SHcL+eDp0=,tag:4kVsC95SSPCCSZDf6qDeqA==,type:str] mac: ENC[AES256_GCM,data:iG5K86rqwzVHhMTsiwKdM3ibaz72SujNOmPmZ1WMFx0pFABsToQN6yKzWPHOKx+gXkIyembV/Y90rpra6HEtsok2doLIfoUMfznHoQqcnV2s07hKnh0V+X0WzRJstNe+EScyoFnr1WxezCBaat8WK79u9LhiYXExlm7w5XDMXfM=,iv:X+aabOZXJ4Iu+hs+O/ZNiD+6we7nV2MjQCpvx2vya9k=,tag:zxxxHa53VMSCxXn+c59M4w==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.11.0