foglar/nixos-config
foglar/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sops, security

Browse Source
This commit is contained in:
foglar 2024-12-23 21:09:16 +01:00
parent 2540cb9dd5
commit 938a72ce9e
3 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
flake.nix
View File

@ -40,6 +40,11 @@
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {
@ -92,6 +97,7 @@
inputs.stylix.nixosModules.stylix inputs.stylix.nixosModules.stylix
inputs.nix-ld.nixosModules.nix-ld inputs.nix-ld.nixosModules.nix-ld
inputs.sops-nix.nixosModules.sops
]; ];
}; };
leanix = nixpkgs.lib.nixosSystem { leanix = nixpkgs.lib.nixosSystem {

12
zenith/configuration.nix
View File

@ -22,9 +22,9 @@
sops.age.keyFile = "/home/foglar/.config/sops/age/keys.txt"; sops.age.keyFile = "/home/foglar/.config/sops/age/keys.txt";
sops.secrets.email = {}; sops.secrets."zenith/password-hash" = {
#sops.secrets.email.owner = config.users.users.foglar.name; neededForUsers = true;
#sops.secrets.email.group = config.users.users.foglar.group; };
# Home manager # Home manager
home-manager = { home-manager = {
@ -33,7 +33,10 @@
users = { users = {
${userSettings.username} = import ./home.nix; ${userSettings.username} = import ./home.nix;
}; };
sharedModules = [inputs.plasma-manager.homeManagerModules.plasma-manager]; sharedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}; };
# User configuration # User configuration
@ -41,6 +44,7 @@
isNormalUser = true; isNormalUser = true;
description = "${userSettings.username}"; description = "${userSettings.username}";
extraGroups = ["wheel"]; extraGroups = ["wheel"];
hashedPasswordFile = "${config.sops.secrets."zenith/password-hash".path}";
}; };
# Bootloader # Bootloader

9
zenith/secrets/secrets.yaml
View File

@ -1,4 +1,7 @@
email: ENC[AES256_GCM,data:B0I7UzBKR18oImVpzq3RhV4y8tLhAZWph7R0Rw==,iv:xxgH1jWLC5u+FqhnswqHQCRbdSN1M8/ou7jFChOHROg=,tag:EhiKsfWhKdTg7p6uH5H5MQ==,type:str] zenith:
password-hash: ENC[AES256_GCM,data:J0OpGQHKugEvDMJJsLApO4JFmAM4e01WODyonrwUinND/MpzxAjbozlMrDQqb8Lghay3RTOCrslizYIYOkNwUU+MhyFlTAbF7Q==,iv:J4PXhVAUcv1QSycdvQL2jb/IcayyXVdfiJDHiNUalXk=,tag:bm4N8mq/6QUdzwOcy6WVaw==,type:str]
leanix:
password-hash: ENC[AES256_GCM,data:C5oGejwFkhhYvaDunG0AF9PcCKTQQA//uqi1LaWwEwOphepROoP9d1r1vD8k2cgcrikVSX4NQUBca6fQrqZTXMuxZKBxslE2Fw==,iv:oM2pWAifpCEpTRiGKbbG/QdQ0m8YaoyESzD3rIZkvmc=,tag:W+w3Bbtr8rBfp6SjYwcW0Q==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -14,8 +17,8 @@ sops:
T0cxV21SN0hJaFg3R3hpTjIxa3lJNVEKdIrR5XDHxpCojk2A1pxc4dYtSJRrObbY T0cxV21SN0hJaFg3R3hpTjIxa3lJNVEKdIrR5XDHxpCojk2A1pxc4dYtSJRrObbY
JS/nDgu74LugEchiOhuIJ7nh3MS5XBOmmt2GTHrqxZEZFoIykjIGug== JS/nDgu74LugEchiOhuIJ7nh3MS5XBOmmt2GTHrqxZEZFoIykjIGug==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-23T10:12:18Z" lastmodified: "2024-12-23T18:49:40Z"
mac: ENC[AES256_GCM,data:qnGM3IBvkly+LdfxU+wKeLUsNrlNJ3SfhobFM9qbPAsh1K3Wv+6S55V2E2rzf33syJ7gm32h++/pJxK7mJHx9BjkPHxcJ3d8g0B8cG364DANbANoG6MMIgnUTPZxV2eLEtEdta0tNIaQkQrEhEUGpc2Mc1nmaU6nxWt9RurR84Y=,iv:hzmiGfnnqm622phgafgnnr9lweE87trcXDDTlqgs4U4=,tag:9csc86pL9rB6hV1uYphWZQ==,type:str] mac: ENC[AES256_GCM,data:fWWZ3+RnGkQYP1R7q47JyB6NXHKG+D+y+qaB7i+uGfHsIf6VCkerO/ITCk4WSkvsXJDpB9mZWp2ciYypcDAHuBOlZzLscf/et9xDoDhXdM7MgRsX3fA9oeK9Q8D83cUptELlfXKU0Kvs02fAjbDrbwx5rdUtcUxfPNjW2X5lJ3o=,iv:5UwqRhZnj+u29O+x+KjxZJ9x1hcKuuZlnFYbgFnjkTs=,tag:w/z8u8PYkcW7etYg7y6y8w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.9.2