ICH HABE SOPS-NIX ANGEMACHT.
That was some headbreaker. A path in nix is not a string, quotes are not good. See sops.defaultSopsFile. This was a very important last puzzle piece. Finally.
This commit is contained in:
parent
6427cf36d8
commit
8106fbb14d
7 changed files with 118 additions and 21 deletions
7
.sops.yaml
Normal file
7
.sops.yaml
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
keys:
|
||||||
|
- &primary age1awjelu4fqh5jyc49p3sujn0wc7zdz9xmj2aajaz7mp5fkwwtj4uqyp8fl8
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: secrets/secrets.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *primary
|
||||||
|
|
@ -80,6 +80,7 @@
|
||||||
xkb.options = "compose:ralt";
|
xkb.options = "compose:ralt";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# sops.defaultSopsFile = "/home/muhh/nix-config/secrets/secrets.yaml";
|
||||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||||
users.users.muhh = {
|
users.users.muhh = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
|
|
||||||
70
flake.lock
70
flake.lock
|
|
@ -138,11 +138,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710499337,
|
"lastModified": 1710714957,
|
||||||
"narHash": "sha256-FsPpFFw59MFU+E1PD6t9K9it17DaV5nU/+mWEkfS2YE=",
|
"narHash": "sha256-eZCxuF58YWgaJMMRrn8oRkwRhxooe5kBS/s2wRVr9PA=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "ca922258e1682b435e632a5ca1910bbbed835345",
|
"rev": "7b3fca5adcf6c709874a8f2e0c364fe9c58db989",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -160,11 +160,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710281778,
|
"lastModified": 1710714957,
|
||||||
"narHash": "sha256-bvWr9vvBrAxb44kHM3H3cY/uQg+4pYP1BM/Nu3e/7V8=",
|
"narHash": "sha256-eZCxuF58YWgaJMMRrn8oRkwRhxooe5kBS/s2wRVr9PA=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "49a266d2ca59df8a03249550e73a54626181b65d",
|
"rev": "7b3fca5adcf6c709874a8f2e0c364fe9c58db989",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -181,11 +181,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710281379,
|
"lastModified": 1710717205,
|
||||||
"narHash": "sha256-uFo9hxt982L3nFJeweW4Gip2esiGrIQlbvEGrNTh4AY=",
|
"narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=",
|
||||||
"owner": "lnl7",
|
"owner": "lnl7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "d9ea313bc4851670dc99c5cc979cb79750e7d670",
|
"rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -196,11 +196,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710272261,
|
"lastModified": 1710631334,
|
||||||
"narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
|
"narHash": "sha256-rL5LSYd85kplL5othxK5lmAtjyMOBg390sGBTb3LRMM=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "0ad13a6833440b8e238947e47bea7f11071dc2b2",
|
"rev": "c75037bbf9093a2acb617804ee46320d6d1fea5a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -209,6 +209,22 @@
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-stable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1710628718,
|
||||||
|
"narHash": "sha256-y+l3eH53UlENaYa1lmnCBHusZb1kxBEFd2/c7lDsGpw=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "6dc11d9859d6a18ab0c5e5829a5b8e4810658de3",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "release-23.11",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixvim": {
|
"nixvim": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"devshell": "devshell",
|
"devshell": "devshell",
|
||||||
|
|
@ -222,11 +238,11 @@
|
||||||
"pre-commit-hooks": "pre-commit-hooks"
|
"pre-commit-hooks": "pre-commit-hooks"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710491356,
|
"lastModified": 1710764166,
|
||||||
"narHash": "sha256-DeMiM/lgf8HqeAcDU26EeMaoU0phB8mY2RVYBtpvZN0=",
|
"narHash": "sha256-sn9+jsAxmSTKX5C31xTDqwGc+IAlz4Q5n+eVE+MRrZk=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "9f7c78852f37126244b43e71e5158cdc3d70ad0a",
|
"rev": "f876a0a2e9abc8945e312e6587b1f78d466de184",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -267,7 +283,29 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixvim": "nixvim"
|
"nixvim": "nixvim",
|
||||||
|
"sops-nix": "sops-nix"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"sops-nix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1710644594,
|
||||||
|
"narHash": "sha256-RquCuzxfy4Nr8DPbdp3D/AsbYep21JgQzG8aMH9jJ4A=",
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"rev": "83b68a0e8c94b72cdd0a6e547a14ca7eb1c03616",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"systems": {
|
"systems": {
|
||||||
|
|
|
||||||
11
flake.nix
11
flake.nix
|
|
@ -12,6 +12,10 @@
|
||||||
url = "github:nix-community/nixvim";
|
url = "github:nix-community/nixvim";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
sops-nix = {
|
||||||
|
url = "github:Mic92/sops-nix";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {
|
outputs = {
|
||||||
|
|
@ -19,6 +23,7 @@
|
||||||
nixpkgs,
|
nixpkgs,
|
||||||
home-manager,
|
home-manager,
|
||||||
nixvim,
|
nixvim,
|
||||||
|
sops-nix,
|
||||||
...
|
...
|
||||||
} @ inputs: let
|
} @ inputs: let
|
||||||
inherit (self) outputs;
|
inherit (self) outputs;
|
||||||
|
|
@ -29,7 +34,10 @@
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
muhhStar = lib.nixosSystem {
|
muhhStar = lib.nixosSystem {
|
||||||
inherit system;
|
inherit system;
|
||||||
modules = [ ./configuration.nix ];
|
modules = [
|
||||||
|
inputs.sops-nix.nixosModules.sops
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
homeConfigurations = {
|
homeConfigurations = {
|
||||||
|
|
@ -43,6 +51,7 @@
|
||||||
};
|
};
|
||||||
modules = [
|
modules = [
|
||||||
inputs.nixvim.homeManagerModules.nixvim
|
inputs.nixvim.homeManagerModules.nixvim
|
||||||
|
inputs.sops-nix.homeManagerModules.sops
|
||||||
./home.nix
|
./home.nix
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
17
home.nix
17
home.nix
|
|
@ -2,6 +2,9 @@
|
||||||
{
|
{
|
||||||
home.username = "muhh";
|
home.username = "muhh";
|
||||||
home.homeDirectory = "/home/muhh";
|
home.homeDirectory = "/home/muhh";
|
||||||
|
home.activation.setupEtc = config.lib.dag.entryAfter [ "writeBoundary" ] ''
|
||||||
|
/run/current-system/sw/bin/systemctl start --user sops-nix
|
||||||
|
'';
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
# # It is sometimes useful to fine-tune packages, for example, by applying
|
# # It is sometimes useful to fine-tune packages, for example, by applying
|
||||||
# # overrides. You can do that directly here, just don't forget the
|
# # overrides. You can do that directly here, just don't forget the
|
||||||
|
|
@ -25,6 +28,7 @@
|
||||||
neovide
|
neovide
|
||||||
(nerdfonts.override { fonts = [ "Iosevka" ]; })
|
(nerdfonts.override { fonts = [ "Iosevka" ]; })
|
||||||
obsidian
|
obsidian
|
||||||
|
powertop
|
||||||
qutebrowser
|
qutebrowser
|
||||||
solargraph
|
solargraph
|
||||||
tmux
|
tmux
|
||||||
|
|
@ -249,6 +253,7 @@
|
||||||
ignorecase = true;
|
ignorecase = true;
|
||||||
number = true;
|
number = true;
|
||||||
relativenumber = true;
|
relativenumber = true;
|
||||||
|
ruler = true;
|
||||||
shiftwidth = 2;
|
shiftwidth = 2;
|
||||||
smartcase = true;
|
smartcase = true;
|
||||||
tabstop = 2;
|
tabstop = 2;
|
||||||
|
|
@ -281,9 +286,7 @@
|
||||||
closeIfLastWindow = true;
|
closeIfLastWindow = true;
|
||||||
};
|
};
|
||||||
nix.enable = true;
|
nix.enable = true;
|
||||||
noice = {
|
noice.enable = true;
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
notify.enable = true;
|
notify.enable = true;
|
||||||
nvim-autopairs.enable = true;
|
nvim-autopairs.enable = true;
|
||||||
nvim-colorizer.enable = true;
|
nvim-colorizer.enable = true;
|
||||||
|
|
@ -358,6 +361,14 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
|
||||||
|
defaultSopsFile = ./secrets/secrets.yaml;
|
||||||
|
secrets = {
|
||||||
|
just_a_test = {};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
wayland.windowManager = {
|
wayland.windowManager = {
|
||||||
sway = {
|
sway = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
21
secrets/secrets.yaml
Normal file
21
secrets/secrets.yaml
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
just_a_test: ENC[AES256_GCM,data:HDhSG6BejOadBaeW,iv:idSJWRevqi4h/gaTREOt5tGfamRcxSUSmaelgyZUmu0=,tag:jo5lugFHpdjGeo/RtN86DA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1awjelu4fqh5jyc49p3sujn0wc7zdz9xmj2aajaz7mp5fkwwtj4uqyp8fl8
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVG1iNURjT0IzcEJzZllI
|
||||||
|
dk5XZWpvN2kzRnJFYVFXbW0wZXJwU0YyV0VzCkxEbVcyOHUzREFyTlh5emZNN0lE
|
||||||
|
bHp1T1JXUCtIZ1pUa3d5ZHNUanBTM1UKLS0tIEF2Q2hTcWZmdU1DNFl4SGVzUXJR
|
||||||
|
aHFLbEp5TjRlSzdvVkpEdU5RZ2RKUlUK1/GYeQir6dDprPMJrKI+4tBJokKc8Azz
|
||||||
|
+pnBPXwXhAHIHXjKv88trcRkmFraOYkAu4lVpdyt/4FtbtvFvouBgw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-03-18T19:19:57Z"
|
||||||
|
mac: ENC[AES256_GCM,data:EusDIuYetHRL0I5b4Oqe7zfHV085/uQkrB4W/mApC+/ypaSKMkXrGBbhfj5tgveTVmXpaItK+WG/ynDptS0nQVsVOh4WCsuyGkltQsy3fLc0BxiIyr7qVBY2JccQO1Ssn83BXGEn3bhiBChFXLz7++/yEQtJrGqkF4lzCskJ8xQ=,iv:sEdyHOOe9tcJP7TG5CGOCw87HUE+d6lLL6Ypnx76yUw=,tag:JK/SPy+nQj3GdSsN6WttBg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
||||||
10
sops.nix
Normal file
10
sops.nix
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
{ inputs, pkgs, ... }: {
|
||||||
|
# imports = [
|
||||||
|
# inputs.sops.homeManagerModules.sops
|
||||||
|
# ];
|
||||||
|
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
sops
|
||||||
|
];
|
||||||
|
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue