diff --git a/flake.lock b/flake.lock index 994644d..1ed97d0 100644 --- a/flake.lock +++ b/flake.lock @@ -648,10 +648,31 @@ "nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable_2", "plasma-manager": "plasma-manager", + "sops-nix": "sops-nix", "spicetify-nix": "spicetify-nix", "stylix": "stylix" } }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734546875, + "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "spicetify-nix": { "inputs": { "flake-compat": "flake-compat_2", diff --git a/zenith/.sops.yaml b/zenith/.sops.yaml new file mode 100644 index 0000000..a789a1c --- /dev/null +++ b/zenith/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &primary age1xzkhm0m0gzph8akd7zjv4880hrauynk80ldktld0r44pgn48le5q3tfw8l +creation_rules: + - path_regex: secrets/secrets.yaml$ + key_groups: + - age: + - *primary \ No newline at end of file diff --git a/zenith/configuration.nix b/zenith/configuration.nix index 3361f9c..2cb054f 100644 --- a/zenith/configuration.nix +++ b/zenith/configuration.nix @@ -3,6 +3,7 @@ pkgs, pkgs-stable, userSettings, + config, ... }: { imports = [ @@ -10,11 +11,21 @@ ../nixos/system/packages.nix ../nixos/system/system.nix inputs.home-manager.nixosModules.home-manager + inputs.sops-nix.nixosModules.sops ]; nix.settings.experimental-features = ["nix-command" "flakes"]; programs.nix-ld.dev.enable = true; + sops.defaultSopsFile = ./secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/foglar/.config/sops/age/keys.txt"; + + sops.secrets.email = {}; + #sops.secrets.email.owner = config.users.users.foglar.name; + #sops.secrets.email.group = config.users.users.foglar.group; + # Home manager home-manager = { extraSpecialArgs = {inherit inputs pkgs pkgs-stable userSettings;}; @@ -44,7 +55,7 @@ sys = { audio.enable = true; desktop = { - plasma.enable = true; + plasma.enable = false; gnome.enable = false; hyprland.enable = true; steamdeck.enable = true; @@ -81,6 +92,8 @@ programs.kdeconnect.enable = true; programs.wireshark.enable = true; + services.twingate.enable = true; + # Allow unfree packages nixpkgs.config.allowUnfree = true; diff --git a/zenith/secrets/secrets.yaml b/zenith/secrets/secrets.yaml new file mode 100644 index 0000000..1d9dbd9 --- /dev/null +++ b/zenith/secrets/secrets.yaml @@ -0,0 +1,21 @@ +email: ENC[AES256_GCM,data:B0I7UzBKR18oImVpzq3RhV4y8tLhAZWph7R0Rw==,iv:xxgH1jWLC5u+FqhnswqHQCRbdSN1M8/ou7jFChOHROg=,tag:EhiKsfWhKdTg7p6uH5H5MQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1xzkhm0m0gzph8akd7zjv4880hrauynk80ldktld0r44pgn48le5q3tfw8l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwME1uUDlWc2RDTWw0dGly + TEx0dWtxOGlsdGtLVmpMZzRqcUN0d0VNOGxZCkkraGs3cjRIQ3o1MUN4eXZnbXhU + MXROMzYrenkyVS9TTStmZnVGRXF4YVkKLS0tIFhVUnIyMHdtQ2VZQlQrbCtTWHVG + T0cxV21SN0hJaFg3R3hpTjIxa3lJNVEKdIrR5XDHxpCojk2A1pxc4dYtSJRrObbY + JS/nDgu74LugEchiOhuIJ7nh3MS5XBOmmt2GTHrqxZEZFoIykjIGug== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-23T10:12:18Z" + mac: ENC[AES256_GCM,data:qnGM3IBvkly+LdfxU+wKeLUsNrlNJ3SfhobFM9qbPAsh1K3Wv+6S55V2E2rzf33syJ7gm32h++/pJxK7mJHx9BjkPHxcJ3d8g0B8cG364DANbANoG6MMIgnUTPZxV2eLEtEdta0tNIaQkQrEhEUGpc2Mc1nmaU6nxWt9RurR84Y=,iv:hzmiGfnnqm622phgafgnnr9lweE87trcXDDTlqgs4U4=,tag:9csc86pL9rB6hV1uYphWZQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2