System update & Sops

2024-12-23 14:01:30 +01:00 · 2024-12-23 14:01:30 +01:00 · 836627be8e
commit 836627be8e
parent 5bda371af0
4 changed files with 63 additions and 1 deletions
--- a/flake.lock
+++ b/flake.lock
@ -648,10 +648,31 @@
        "nixpkgs": "nixpkgs",
        "nixpkgs-stable": "nixpkgs-stable_2",
        "plasma-manager": "plasma-manager",
+        "sops-nix": "sops-nix",
        "spicetify-nix": "spicetify-nix",
        "stylix": "stylix"
      }
    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1734546875,
+        "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
+      }
+    },
    "spicetify-nix": {
      "inputs": {
        "flake-compat": "flake-compat_2",
--- a/zenith/.sops.yaml
+++ b/zenith/.sops.yaml
@ -0,0 +1,7 @@
+keys:
+  - &primary age1xzkhm0m0gzph8akd7zjv4880hrauynk80ldktld0r44pgn48le5q3tfw8l
+creation_rules:
+  - path_regex: secrets/secrets.yaml$
+    key_groups:
+      - age:
+        - *primary
--- a/zenith/configuration.nix
+++ b/zenith/configuration.nix
@ -3,6 +3,7 @@
  pkgs,
  pkgs-stable,
  userSettings,
+  config,
  ...
 }: {
  imports = [
@ -10,11 +11,21 @@
    ../nixos/system/packages.nix
    ../nixos/system/system.nix
    inputs.home-manager.nixosModules.home-manager
+    inputs.sops-nix.nixosModules.sops
  ];

  nix.settings.experimental-features = ["nix-command" "flakes"];
  programs.nix-ld.dev.enable = true;

+  sops.defaultSopsFile = ./secrets/secrets.yaml;
+  sops.defaultSopsFormat = "yaml";
+
+  sops.age.keyFile = "/home/foglar/.config/sops/age/keys.txt";
+
+  sops.secrets.email = {};
+  #sops.secrets.email.owner = config.users.users.foglar.name;
+  #sops.secrets.email.group = config.users.users.foglar.group;
+
  # Home manager
  home-manager = {
    extraSpecialArgs = {inherit inputs pkgs pkgs-stable userSettings;};
@ -44,7 +55,7 @@
  sys = {
    audio.enable = true;
    desktop = {
-      plasma.enable = true;
+      plasma.enable = false;
      gnome.enable = false;
      hyprland.enable = true;
      steamdeck.enable = true;
@ -81,6 +92,8 @@
  programs.kdeconnect.enable = true;
  programs.wireshark.enable = true;

+  services.twingate.enable = true;
+
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

--- a/zenith/secrets/secrets.yaml
+++ b/zenith/secrets/secrets.yaml
@ -0,0 +1,21 @@
+email: ENC[AES256_GCM,data:B0I7UzBKR18oImVpzq3RhV4y8tLhAZWph7R0Rw==,iv:xxgH1jWLC5u+FqhnswqHQCRbdSN1M8/ou7jFChOHROg=,tag:EhiKsfWhKdTg7p6uH5H5MQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1xzkhm0m0gzph8akd7zjv4880hrauynk80ldktld0r44pgn48le5q3tfw8l
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwME1uUDlWc2RDTWw0dGly
+            TEx0dWtxOGlsdGtLVmpMZzRqcUN0d0VNOGxZCkkraGs3cjRIQ3o1MUN4eXZnbXhU
+            MXROMzYrenkyVS9TTStmZnVGRXF4YVkKLS0tIFhVUnIyMHdtQ2VZQlQrbCtTWHVG
+            T0cxV21SN0hJaFg3R3hpTjIxa3lJNVEKdIrR5XDHxpCojk2A1pxc4dYtSJRrObbY
+            JS/nDgu74LugEchiOhuIJ7nh3MS5XBOmmt2GTHrqxZEZFoIykjIGug==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-12-23T10:12:18Z"
+    mac: ENC[AES256_GCM,data:qnGM3IBvkly+LdfxU+wKeLUsNrlNJ3SfhobFM9qbPAsh1K3Wv+6S55V2E2rzf33syJ7gm32h++/pJxK7mJHx9BjkPHxcJ3d8g0B8cG364DANbANoG6MMIgnUTPZxV2eLEtEdta0tNIaQkQrEhEUGpc2Mc1nmaU6nxWt9RurR84Y=,iv:hzmiGfnnqm622phgafgnnr9lweE87trcXDDTlqgs4U4=,tag:9csc86pL9rB6hV1uYphWZQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.2