sora/nixconfig
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Releases Activity

[m]Flake sops & format

Browse Source
This commit is contained in:
soraefir 2023-11-24 19:08:21 +01:00
parent b44e6d9e5b
commit 996c82d99f
4 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.sops.yaml
View File

@ -10,32 +10,32 @@ keys:
- &asgard age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg - &asgard age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
creation_rules: creation_rules:
- path_regex: secrets/iriy.ya?ml$ - path_regex: modules/nixos/system/security/sops/iriy.ya?ml$
key_groups: key_groups:
- age: - age:
- *iriy - *iriy
pgp: pgp:
- *sora - *sora
- path_regex: secrets/avalon.ya?ml$ - path_regex: modules/nixos/system/security/sops/avalon.ya?ml$
key_groups: key_groups:
- age: - age:
- *avalon - *avalon
pgp: pgp:
- *sora - *sora
- path_regex: secrets/valinor.ya?ml$ - path_regex: modules/nixos/system/security/sops/valinor.ya?ml$
key_groups: key_groups:
- age: - age:
- *valinor - *valinor
pgp: pgp:
- *sora - *sora
- path_regex: secrets/asgard.ya?ml$ - path_regex: modules/nixos/system/security/sops/asgard.ya?ml$
key_groups: key_groups:
- age: - age:
- *asgard - *asgard
pgp: pgp:
- *sora - *sora
- path_regex: secrets/common.ya?ml$ - path_regex: modules/nixos/system/security/sops/common.yaml$
key_groups: key_groups:
- age: - age:
- *valinor - *valinor

1
flake.nix
View File

@ -33,7 +33,6 @@
let gen = import ./generator.nix { inherit inputs; }; let gen = import ./generator.nix { inherit inputs; };
in { in {
devShells = import ./shells { inherit inputs; }; devShells = import ./shells { inherit inputs; };
nixosConfigurations = { nixosConfigurations = {

7
modules/nixos/system/security/sops/default.nix
View File

@ -1,6 +1,8 @@
{ config, pkgs, ... }: { { config, pkgs, ... }:
let keyFilePath = "/var/lib/sops-nix/age-key.txt";
in {
sops.defaultSopsFile = ./common.yaml; sops.defaultSopsFile = ./common.yaml;
sops.age.keyFile = "/var/lib/sops-nix/age-key.txt"; sops.age.keyFile = keyFilePath;
sops.age.generateKey = true; sops.age.generateKey = true;
sops.secrets.wifi = { }; sops.secrets.wifi = { };
@ -19,5 +21,6 @@
sops.secrets."${config.hostcfg.hostname}_wg_pub" = { }; sops.secrets."${config.hostcfg.hostname}_wg_pub" = { };
environment.systemPackages = with pkgs; [ sops ]; environment.systemPackages = with pkgs; [ sops ];
environment.sessionVariables.OPS_AGE_KEY_FILE = keyFilePath;
} }

20
shells/default.nix
View File

@ -2,14 +2,12 @@
let let
forEachSystem = forEachSystem =
inputs.nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]; inputs.nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
in in forEachSystem (system:
forEachSystem (system: let
let overlays = import ./pkgs/overlay.nix { inherit pkgs; };
overlays = import ./pkgs/overlay.nix { inherit pkgs; }; overrides = { custom = import ./pkgs { inherit pkgs; }; };
overrides = { custom = import ./pkgs { inherit pkgs; }; }; pkgs = import inputs.nixpkgs { inherit system overlays; } // overrides;
pkgs = import inputs.nixpkgs { inherit system overlays; } // overrides; in {
in { default = import ./shells/devsh { inherit pkgs; };
default = import ./shells/devsh { inherit pkgs; }; devsh = import ./shells/devsh { inherit pkgs; };
devsh = import ./shells/devsh { inherit pkgs; }; })
}
)