Julia/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add sops-nix for secret management

Browse source
This commit is contained in:
Julia Lange 2024-04-07 00:33:49 -07:00
parent 5fe7efc5a2
commit ed2a7f94cf
5 changed files with 86 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

11
.sops.yaml Normal file
View file

@ -0,0 +1,11 @@
# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
- &onizuka age1ey3wr2wnkgny3dfgvnyrf0cptwzr7s5x464p2y9ya58lpay8lfrsds3y68
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *onizuka

112
flake.lock generated
View file

@ -8,11 +8,11 @@
]
},
"locked": {
"lastModified": 1710342492,
"narHash": "sha256-vEE+z5Tm0xWRAJo6xBai88kojzfROfHJ1a5dkNWoGRA=",
"lastModified": 1712185015,
"narHash": "sha256-mL3VSJRkyDJbMh/QqUeOhGOsEOTS7Jw9Tqw4fM+VjB4=",
"owner": "ezKEa",
"repo": "aagl-gtk-on-nix",
"rev": "c0943e683baedeb19498562497aec35701b1fe02",
"rev": "1dbb1c233a249e8cbc03907e965bd2a48d880262",
"type": "github"
},
"original": {
@ -39,7 +39,10 @@
},
"hyprcursor": {
"inputs": {
"hyprlang": "hyprlang",
"hyprlang": [
"hyprland",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
@ -50,11 +53,11 @@
]
},
"locked": {
"lastModified": 1710257359,
"narHash": "sha256-43re5pzE/cswFAgw92/ugsB3+d5ufDaCcLtl9ztKfBo=",
"lastModified": 1712339458,
"narHash": "sha256-j8pv3tL2EFLGuvFoO64dHWD8YzNvD77hRb4EEx5ADgE=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "1761f6cefd77f4fcd2039d930c88d6716ddc4974",
"rev": "981b6617822dadc40246a6c70194d02dfc12e4c6",
"type": "github"
},
"original": {
@ -67,18 +70,18 @@
"inputs": {
"hyprcursor": "hyprcursor",
"hyprland-protocols": "hyprland-protocols",
"hyprlang": "hyprlang_2",
"hyprlang": "hyprlang",
"nixpkgs": "nixpkgs",
"systems": "systems_2",
"systems": "systems",
"wlroots": "wlroots",
"xdph": "xdph"
},
"locked": {
"lastModified": 1711070930,
"narHash": "sha256-jKOAO/NlfaTC/OcZkPoT87gsfVqt/+Ye+KcaIv6e2mU=",
"lastModified": 1712457111,
"narHash": "sha256-hTRMWHl49SYfui2W3qCq790MHnX8JTBfYQcxgwjbQ0g=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "9bad62b85f179ad2c95c6e7f734768ef060a604b",
"rev": "f2a848cbcc41f29fb62ee67aef95136ae1a650da",
"type": "github"
},
"original": {
@ -113,29 +116,6 @@
}
},
"hyprlang": {
"inputs": {
"nixpkgs": [
"hyprland",
"hyprcursor",
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1709914708,
"narHash": "sha256-bR4o3mynoTa1Wi4ZTjbnsZ6iqVcPGriXp56bZh5UFTk=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "a685493fdbeec01ca8ccdf1f3655c044a8ce2fe2",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprlang_2": {
"inputs": {
"nixpkgs": [
"hyprland",
@ -147,11 +127,11 @@
]
},
"locked": {
"lastModified": 1709914708,
"narHash": "sha256-bR4o3mynoTa1Wi4ZTjbnsZ6iqVcPGriXp56bZh5UFTk=",
"lastModified": 1711671891,
"narHash": "sha256-C/Wwsy/RLxHP1axFFl+AnwJRWfd8gxDKKoa8nt8Qk3c=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "a685493fdbeec01ca8ccdf1f3655c044a8ce2fe2",
"rev": "c1402612146ba06606ebf64963a02bc1efe11e74",
"type": "github"
},
"original": {
@ -162,11 +142,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1710272261,
"narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
"lastModified": 1712163089,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0ad13a6833440b8e238947e47bea7f11071dc2b2",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"type": "github"
},
"original": {
@ -178,11 +158,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1710951922,
"narHash": "sha256-FOOBJ3DQenLpTNdxMHR2CpGZmYuctb92gF0lpiirZ30=",
"lastModified": 1712310679,
"narHash": "sha256-XgC/a/giEeNkhme/AV1ToipoZ/IVm1MV2ntiK4Tm+pw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f091af045dff8347d66d186a62d42aceff159456",
"rev": "72da83d9515b43550436891f538ff41d68eecc7f",
"type": "github"
},
"original": {
@ -193,11 +173,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1710628718,
"narHash": "sha256-y+l3eH53UlENaYa1lmnCBHusZb1kxBEFd2/c7lDsGpw=",
"lastModified": 1712437997,
"narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6dc11d9859d6a18ab0c5e5829a5b8e4810658de3",
"rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920",
"type": "github"
},
"original": {
@ -209,11 +189,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1710806803,
"narHash": "sha256-qrxvLS888pNJFwJdK+hf1wpRCSQcqA6W5+Ox202NDa0=",
"lastModified": 1712163089,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b06025f1533a1e07b6db3e75151caa155d1c7eb3",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"type": "github"
},
"original": {
@ -224,11 +204,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1710534455,
"narHash": "sha256-huQT4Xs0y4EeFKn2BTBVYgEwJSv8SDlm82uWgMnCMmI=",
"lastModified": 1712420723,
"narHash": "sha256-VnG0Eu394Ga2FCe8Q66m6OEQF8iAqjDYsjmtl+N2omk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9af9c1c87ed3e3ed271934cb896e0cdd33dae212",
"rev": "9e7f26f82acb057498335362905fde6fea4ca50a",
"type": "github"
},
"original": {
@ -253,16 +233,17 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1710644594,
"narHash": "sha256-RquCuzxfy4Nr8DPbdp3D/AsbYep21JgQzG8aMH9jJ4A=",
"lastModified": 1712458908,
"narHash": "sha256-DMgBS+jNHDg8z3g9GkwqL8xTKXCRQ/0FGsAyrniVonc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "83b68a0e8c94b72cdd0a6e547a14ca7eb1c03616",
"rev": "39191e8e6265b106c9a2ba0cfd3a4dafe98a31c6",
"type": "github"
},
"original": {
"id": "sops-nix",
"type": "indirect"
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
@ -280,21 +261,6 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"wlroots": {
"flake": false,
"locked": {

1
flake.nix
View file

@ -7,6 +7,7 @@
url = "github:ezKEa/aagl-gtk-on-nix";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
sops-nix.url = "github:Mic92/sops-nix";
};
outputs = { self, nixpkgs, hyprland, aagl, sops-nix, ... }@inputs:

11
modules/secrets/sops-nix/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ inputs, pkgs, lib, ... }:
let rootPath = ./.; in
{
imports = [ inputs.sops-nix.nixosModules.sops ];
sops = {
defaultSopsFile = rootPath + "secrets.yaml";
defaultSopsFormat = "yaml";
age.keyFile = "/home/pan/.config/sops/age/keys.txt";
};
}

24
secrets.yaml Normal file
View file

@ -0,0 +1,24 @@
services:
spotify:
username: ENC[AES256_GCM,data:xyhcpSN4v9k294Vtxd+6RIicsd/QbWBr3Qk=,iv:fhKAo9sti/CFRQijzvAoWAAfSETVYTjvRsdUeTVj5rU=,tag:jggBE9ZKHiDerI0Fm+n12w==,type:str]
password: ENC[AES256_GCM,data:fmx/1zTF/Xc32tpjnq1pp7jzpIM=,iv:kwAzuhAcw3+v9Ilfh1GrdqmINR0w0F6nkjJJXjABcmI=,tag:Yyutz0EmQQ6n/UYgHLpYWA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ey3wr2wnkgny3dfgvnyrf0cptwzr7s5x464p2y9ya58lpay8lfrsds3y68
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHM1REVU9wTVhxWHo3UW0x
WnNmanFmbXVCVGJwcmdZVzFJaTBxRnJzcEJZClFJdjB1QkpxS1QySVUzbGJySWY5
QURScWI5UTFzN1NVdkVZeG9WUkdnWWcKLS0tIGgrNEFpWi9idTQrZWNrZXMzcFZI
RUljSSs5L1JCampTOXdmY1IzYjNzeFEK2WC5HivIt77z0+yopZnmlUWYJCwn/eI+
V4UIgITsmTjN2c6df5Pc4nb7jWC7XsMq7VL1nG+uo39QQPRW/FaZYQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-06T02:39:34Z"
mac: ENC[AES256_GCM,data:QAFXEXOm0Mi0GOJU4EG8JC9BizTGdbDjYfGlBAe6uhJAcMAO47vRwPADx7bWxSrAZ6kQRy+3OCBjin0YSADRHHmXOPXhqPzpFTeG3T19hLRG79W7R1UoRVm/PhajOimEj4urbZqdHC8mqtU0XngB/zlfRkfbT053J87TsvAlmwI=,iv:HMEhCmnXCEANA4s1L1nmnckHRIjWKxS3D9gbLcNTnmE=,tag:Chbl2JTKVqs8t91BTlX9QQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1