Commit 3b07e9e
Changed files (7)
outputs
x86_64-linux
src
secrets
base
outputs/x86_64-linux/src/kevin.nix
@@ -15,6 +15,7 @@
base-modules = {
nixos-modules = map mylib.relativeToRoot [
# common
+ "secrets/nixos.nix"
"modules/nixos/desktop.nix"
# host specific
"hosts/chaser-${name}"
secrets/base/default.nix
@@ -0,0 +1,4 @@
+{sops, ...}: {
+ sops.secrets = {
+ };
+}
secrets/nixos.nix
@@ -0,0 +1,11 @@
+{sops-nix, ...}: {
+ imports = [
+ sops-nix.nixosModules.sops
+ ./base
+ ];
+
+ sops.age = {
+ sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+ generateKey = true;
+ };
+}
.gitattributes
@@ -0,0 +1,1 @@
+/secrets/**/secrets.yaml diff=sopsdiffer
\ No newline at end of file
.sops.yaml
@@ -0,0 +1,10 @@
+keys:
+ - &admin_hpcesia 56AC2ED35E51AFE66EAAA569878BD0F02991BAAE
+ - &chaser_kevin age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
+creation_rules:
+ - path_regex: ^secrets/base/secrets\.yaml$
+ key_groups:
+ - pgp:
+ - *admin_hpcesia
+ age:
+ - *chaser_kevin
flake.lock
@@ -67,11 +67,11 @@
]
},
"locked": {
- "lastModified": 1748487945,
- "narHash": "sha256-e9zc/rHdoH9i+sFFhhQiKoF6IuD+T2rB/nUyPaO7CCg=",
+ "lastModified": 1748665073,
+ "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "0d13ea58d565d3c1c1468ddae1f623316dc395d9",
+ "rev": "282e1e029cb6ab4811114fc85110613d72771dea",
"type": "github"
},
"original": {
@@ -83,11 +83,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1747900541,
- "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=",
+ "lastModified": 1748942041,
+ "narHash": "sha256-HEu2gTct7nY0tAPRgBtqYepallryBKR1U8B4v2zEEqA=",
"owner": "NixOS",
"repo": "nixos-hardware",
- "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06",
+ "rev": "fc7c4714125cfaa19b048e8aaf86b9c53e04d853",
"type": "github"
},
"original": {
@@ -115,11 +115,11 @@
},
"nixpkgs-stable": {
"locked": {
- "lastModified": 1748437600,
- "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=",
+ "lastModified": 1748889542,
+ "narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "7282cb574e0607e65224d33be8241eae7cfe0979",
+ "rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922",
"type": "github"
},
"original": {
@@ -131,11 +131,11 @@
},
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1748370509,
- "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=",
+ "lastModified": 1748693115,
+ "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "4faa5f5321320e49a78ae7848582f684d64783e9",
+ "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
"type": "github"
},
"original": {
@@ -147,11 +147,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1748437600,
- "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=",
+ "lastModified": 1748889542,
+ "narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "7282cb574e0607e65224d33be8241eae7cfe0979",
+ "rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922",
"type": "github"
},
"original": {
@@ -170,11 +170,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
- "lastModified": 1748623660,
- "narHash": "sha256-v9ft0B0QvlwF/bQH/bGC8ukXanyPm/bMvH/nW0oI/hg=",
+ "lastModified": 1748952752,
+ "narHash": "sha256-eDKZZx00ZAi3xtZvydfq3ensTszV+quasJwHU/d/Vlc=",
"owner": "nix-community",
"repo": "NUR",
- "rev": "243a9eae2fa0d61be6d68c947abb295d9ba32391",
+ "rev": "0a89c1e3638dfc61c94e1e87f4ebfe0952c9cace",
"type": "github"
},
"original": {
@@ -216,7 +216,28 @@
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur",
- "plasma-manager": "plasma-manager"
+ "plasma-manager": "plasma-manager",
+ "sops-nix": "sops-nix"
+ }
+ },
+ "sops-nix": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1747603214,
+ "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
+ "owner": "Mic92",
+ "repo": "sops-nix",
+ "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
+ "type": "github"
+ },
+ "original": {
+ "owner": "Mic92",
+ "repo": "sops-nix",
+ "type": "github"
}
},
"treefmt-nix": {
flake.nix
@@ -32,5 +32,10 @@
};
catppuccin.url = "github:catppuccin/nix";
+
+ sops-nix = {
+ url = "github:Mic92/sops-nix";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
};
}