Richie/dotfiles
1
0
Fork 0
mirror of https://github.com/RichieCahill/dotfiles.git synced 2026-04-17 04:58:19 -04:00
Code Issues Packages Projects Releases Wiki Activity

basic sops setup

Browse Source
This commit is contained in:
Richie Cahill
2025-01-05 20:10:30 -05:00
parent cdf26994a3
commit 15234fa2bb
5 changed files with 119 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -162,4 +162,3 @@ cython_debug/
#.idea/ #.idea/
test.* test.*
secrets.*

19
.sops.yaml Normal file
View File

@@ -0,0 +1,19 @@
keys:
- &admin_richie age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
- &system_bob age1q47vup0tjhulkg7d6xwmdsgrw64h4ax3la3evzqpxyy4adsmk9fs56qz3y
- &system_jeeves age13lmqgc3jvkyah5e3vcwmj4s5wsc2akctcga0lpc0x8v8du3fxprqp4ldkv
- &system_muninn age1yxx8uwxkugvncseatftkxttnmy8888wxemtygdkzhfzj5fzzfvgsuj3hn2
- &system_router age1xzxryqq63x65yuza9lmmkud7crjjxpnkdew070yhx6xn7xe4tdws5twxsv
- &system_rhapsody age1ufnewppysaq2wwcl4ugngjz8pfzc5a35yg7luq0qmuqvctajcycs5lf6k4
creation_rules:
- path_regex: users/richie/secrets\.yaml$
key_groups:
- age:
- *admin_richie
- *system_bob
- *system_jeeves
- *system_muninn
- *system_router
- *system_rhapsody

21
flake.lock generated
View File

@@ -254,6 +254,7 @@
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-master": "nixpkgs-master", "nixpkgs-master": "nixpkgs-master",
"nixpkgs-stable": "nixpkgs-stable_2", "nixpkgs-stable": "nixpkgs-stable_2",
"sops-nix": "sops-nix",
"system_tools": "system_tools", "system_tools": "system_tools",
"systems": "systems_3" "systems": "systems_3"
} }
@@ -279,6 +280,26 @@
"type": "github" "type": "github"
} }
}, },
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736064798,
"narHash": "sha256-xJRN0FmX9QJ6+w8eIIIxzBU1AyQcLKJ1M/Gp6lnSD20=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "5dc08f9cc77f03b43aacffdfbc8316807773c930",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"system_tools": { "system_tools": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",

26
flake.nix
View File

@@ -42,6 +42,11 @@
url = "github:lilyinstarlight/nixos-cosmic"; url = "github:lilyinstarlight/nixos-cosmic";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {
@@ -50,6 +55,7 @@
home-manager, home-manager,
systems, systems,
nixos-cosmic, nixos-cosmic,
sops-nix,
... ...
} @ inputs: let } @ inputs: let
inherit (self) outputs; inherit (self) outputs;
@@ -71,19 +77,31 @@
nixosConfigurations = { nixosConfigurations = {
bob = lib.nixosSystem { bob = lib.nixosSystem {
modules = [./systems/bob]; modules = [
./systems/bob
sops-nix.nixosModules.sops
];
specialArgs = {inherit inputs outputs;}; specialArgs = {inherit inputs outputs;};
}; };
jeeves = lib.nixosSystem { jeeves = lib.nixosSystem {
modules = [./systems/jeeves]; modules = [
./systems/jeeves
sops-nix.nixosModules.sops
];
specialArgs = {inherit inputs outputs;}; specialArgs = {inherit inputs outputs;};
}; };
rhapsody-in-green = lib.nixosSystem { rhapsody-in-green = lib.nixosSystem {
modules = [./systems/rhapsody-in-green]; modules = [
./systems/rhapsody-in-green
sops-nix.nixosModules.sops
];
specialArgs = {inherit inputs outputs;}; specialArgs = {inherit inputs outputs;};
}; };
muninn = lib.nixosSystem { muninn = lib.nixosSystem {
modules = [./systems/muninn]; modules = [
./systems/muninn
sops-nix.nixosModules.sops
];
specialArgs = {inherit inputs outputs;}; specialArgs = {inherit inputs outputs;};
}; };
}; };

57
users/richie/secrets.yaml Normal file
View File

@@ -0,0 +1,57 @@
my_secret: ENC[AES256_GCM,data:90kRHkDdhuBhskNGeA==,iv:2LTCXQyPJoddxbgCDX+sA8YPEZjS+2V9ZVKYu0dD1WE=,tag:d7wDFBnBwcCuhX+w8gOvaA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTE5lQ001N3dBTTluU3Bq
TWNwWG5SVURnMFJ3Z21UemlNVHI0dDVMVTB3CjVtK1VBZXFQQlZUckRGM3QyQnhs
eVdhc2c2dHQ1MXFWMmlpS2JpZTBGZWcKLS0tIEluL0ZKZWJXVGtlbUJCcEFTYWtB
ZU5rSHUyR0doWUQyMjJWaUZ0NzNPYncKXnx2/Kg+NGO1ApyVjd2CeWXphgg4zZSL
D79j5NhPrk6Bhr3IcwD6hc0OPZ74pw6mg14yzBFglrw82WZdDnAHxw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1q47vup0tjhulkg7d6xwmdsgrw64h4ax3la3evzqpxyy4adsmk9fs56qz3y
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WFhiMURJSkdOUVhoNGxo
R3NWdVJvSUZKMFduM29wTkJDNGszOHdRRTBvCmUxQkhrV1dyV2tJMmcwZHNjOXcv
NUdIeDl3R0o2d2M1R3AzV3k1SkZhc00KLS0tIGhEVEtvVGtBdEcrK3ZMVUhuYklv
WXMyUkZZVmRERENOSldCcDB4OHQ4NVEK81zddZggn7+TzANzjMkjbpnCOHtX4TcA
2F/Uin4RVD8ECdcoLLeTddo8ILIC4dQ9bD1TA3Wu23v0qsP6KkhczA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13lmqgc3jvkyah5e3vcwmj4s5wsc2akctcga0lpc0x8v8du3fxprqp4ldkv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQelZhczRxNHJPdFNPd2R1
VkFTUFJ2N3FLN1VvU1BqN0JqV2VyVVFUUzJnCndQWjYrS2lYbzRROFg3VGtMb3BP
NDlYYkhuRGZCdjVncHlXV3ZHcHZ1U0EKLS0tIEM4MUVkaDU4QlphWm5VM1RjbWR2
R0Y0d3lJNlMvZVEvTnNwbC91YmNoMU0KErYP7q4xGVCyF4GGGEkaydMjFQ8759ER
o9+vtEjJme9AQosa3T4uuATIebxBzqpheRHmvxyNwdt9pZtWvaROng==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yxx8uwxkugvncseatftkxttnmy8888wxemtygdkzhfzj5fzzfvgsuj3hn2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSWFkeHI2UHdZN1RhSlV3
dlNtWGlkWW95WjdhZTl1VzBvT0V4VytNOVN3Cmd6ZTEvNmJEMUt6bVRKM1hlUE1n
ZlA5TVNpWm9PUWpXOG9JMUhtRk5aUnMKLS0tIDJBd1RWQ3RmSzJPNjZ5ZTdMZFlZ
UHhwbURCdHdFOGppZXVJcGFvMWNWTVkK90smB4htJ4aN52zFVpGUYwkledxpGdUr
so6rQ3FfXsE7ik/+f89hPXZJUZLxpO+ENIWitMvH1ZNFmjz3uT+NYA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xzxryqq63x65yuza9lmmkud7crjjxpnkdew070yhx6xn7xe4tdws5twxsv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadlVCTGRWY0trNnViTm1u
NVFBUW1GbVVxOUtpRUt1dElPNFU3clhLUngwCldWa1UzUms0QlJFRngzQitPek9O
c3Z3S2FpRXMrYWU1bFdrUDlzdUwxSW8KLS0tIHg0M1NWWXRTY0swUmw3MXpQQ21o
Q2IyU01yUjVYWFUzVEsyR1dyYlVVTWMK7+3zPVmkQ1lpFmD7f+rpDHVCtmBrZ/sH
5D8FEbUfqu4l7LDCrtJ8LBBSvntwkcVKQlBu3fwBIDqhgOy9fGjZWA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-05T20:53:12Z"
mac: ENC[AES256_GCM,data:FbzvVgRSBBQ39ppKY7CmPghmkwgvSH8tW3aEC2VD90Xb7YypthnCYTos6Igmv/LkF77F4gkpoF3IT2KqkXJbAZ478ZD412sSkKtOl/A3dWtVkdMSgO8Lv/jvyC6/HtF3MEFHtUM8eG+2brQOUIwWg9fcT+4iaxfEBvJV8duW/XE=,iv:WRWaBWRrB8AthHbtHlNVfcrL0N31g3Z5uAYbeEN1jm4=,tag:qQW69HfEKNmPkeZw4nncwg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2