Skip to content

Commit

Permalink
configure sops
Browse files Browse the repository at this point in the history
  • Loading branch information
@Diegopyl1209
Diegopyl1209 committed Jan 1, 2025
1 parent 94141d4 commit 90cc3ae
Show file tree
Hide file tree
Showing 10 changed files with 93 additions and 35 deletions.
7 changes: 7 additions & 0 deletions .sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
keys:
- &primary age172shatj4ppesyyzj4a7msmy7sj8zsnendjj27s87sdvcrn704s7s0hnput
creation_rules:
- path_regex: hosts/secrets.yaml$
key_groups:
- age:
- *primary
37 changes: 36 additions & 1 deletion flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@
inputs.nixpkgs.follows = "nixpkgs";
};

sops-nix.url = "github:Mic92/sops-nix";

firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs.nixpkgs.follows = "nixpkgs";
Expand Down
1 change: 1 addition & 0 deletions hosts/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
../pkgs
../options/nixos
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
{
home-manager = {
useGlobalPkgs = true;
Expand Down
30 changes: 30 additions & 0 deletions hosts/secrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
hello: ENC[AES256_GCM,data:3v6OUkV41b+CxLNr1Od9std3LbaYq3294ORcyv3hSbAMgCjYcP6Kd1gsZ9nC1Q==,iv:kKfAC2CNIiuL3eQ0mS4ib2JN2itphw5o2r1oCWeNew4=,tag:P9tcEEEwrpWMJ8iO/HJU4A==,type:str]
example_key: ENC[AES256_GCM,data:x4EJABmj+oS6qy2f6w==,iv:Hna08LCoPZco3zqAeumEsdE1Mr3GlH/46YebwYWvb5M=,tag:XibcaSJoIe3chdOUpHKnqQ==,type:str]
#ENC[AES256_GCM,data:f7SIMFYIp3k7RaOzB1EGOw==,iv:gpjD86Fjw/6zWZdI7nqXGy+975LkDMSYODU3YoDw32k=,tag:WCF0maPrli8vaOouABaxRg==,type:comment]
example_array:
- ENC[AES256_GCM,data:Zt0rYBu746vISHEmc0k=,iv:8xE42uDLyyhyPpacMCYVgR/gU2YJN0zDAnJdXwL4/4g=,tag:lltZI1QINUz9QjdlwsGw0Q==,type:str]
- ENC[AES256_GCM,data:HCF8yR3QgviJAACZaxQ=,iv:LO7bAyM+0kuWo5zRJcjLe4cwM4/cdbfsBOHuYa9FIn0=,tag:OO21rrckBIZ2cQbHebSVZQ==,type:str]
example_number: ENC[AES256_GCM,data:xAi/S8pplI3bfA==,iv:mLiW1DnUfReOoRpEWzxzoguuDGCL2Fo50scuwydDNuw=,tag:RnKaWoBjSJ7u4rfnEvZh2w==,type:float]
example_booleans:
- ENC[AES256_GCM,data:LtHM9Q==,iv:7159+QC6dvKPJFEtyjhbSnLtbAG8Ai5SFnFG58cB650=,tag:kYvgEZNZZV6PcIIGiFPeJQ==,type:bool]
- ENC[AES256_GCM,data:SwBdAkw=,iv:Rc7UwkK3D8LXmclss/rdH77ZRCd7xDKmSw+Un+c3knM=,tag:8li6P1Oa3b/nOZFgzWvb6w==,type:bool]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age172shatj4ppesyyzj4a7msmy7sj8zsnendjj27s87sdvcrn704s7s0hnput
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSERUcFFpQmxWRmhvN3Av
bDloUHgyYVU3dHRtUk1KYkZ6RXZraktwa1ZnCmswemR6RUlIcVg3bnYxd1JXYiti
WUZmL3lsZ1pRTEVzQXhKcXZ3eEo1eEUKLS0tIHZGNitTbFNVcVh4a1J5K3BZU3hw
ek5LbnRIblpqeFlUclEvZE1KUVYxemcKa1pvzqdCNYE/y1rvBHZo9htRN6RhWF6m
4TEWjjIYAEOludYp/xrrqAeBDEQpLmsZLERiYSyaJpi06j984Qfy0w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-01T23:15:42Z"
mac: ENC[AES256_GCM,data:Q4qxhyOzXrz2rZkMTbYa9s+8zIwvVwI6tx93AxhIzlCAEkDgQ1j6kh0rIqK88q6CqLf6cATj3z6RLniind7bDH5YU6OmDklUOjfM4d1cXYo4qAJ3RDbcLh0byQ6knqnMDo7YUpXwrX+Ny5rQ8jW4rsDGderGF/A42Fp2j4dCLvw=,iv:ppEQzh8Eih6gFn20YFTOCUPVubR97gJp+CKkICG6exQ=,tag:4iAfD3eHtIBDkan+47hv5Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2
1 change: 1 addition & 0 deletions modules/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
imports = [
./base.nix
./display-manager.nix
./sops.nix
./nix.nix
./hyprland.nix
./steam.nix
Expand Down
0 modules/server/pihole.nix → modules/server/-pihole.nix
View file
File renamed without changes.
2 changes: 0 additions & 2 deletions modules/server/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,9 @@
imports = [
./transmission.nix
./jellyfin.nix
#./pihole.nix
./pufferpanel.nix
./glance.nix
./headscale.nix
./flatnotes.nix
];
config = lib.mkIf config.server.enable {
virtualisation.docker = {
Expand Down
32 changes: 0 additions & 32 deletions modules/server/flatnotes.nix
View file

This file was deleted.

16 changes: 16 additions & 0 deletions modules/sops.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
username,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [age sops];
sops = {
defaultSopsFile = ../hosts/secrets.yaml;
defaultSopsFormat = "yaml";
age = {
sshKeyPaths = ["/home/${username}/.ssh/id_ed25519"];
keyFile = "/home/${username}/.config/sops/age/keys.txt";
generateKey = true;
};
};
}

0 comments on commit 90cc3ae

Please sign in to comment.