initial sops-nix config
This commit is contained in:
parent
72afc2f977
commit
539ca10798
9
.sops.yaml
Normal file
9
.sops.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
keys:
|
||||
- &ataraxia ad382d058c964607b7bbf01b071a8131bf166e80
|
||||
- &suomi-vps d286fd9431753cb455537070235ec7bc757002ca
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *ataraxia
|
||||
- *suomi-vps
|
15
flake.nix
15
flake.nix
@ -76,6 +76,10 @@
|
||||
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
vscode-server = {
|
||||
url = "github:msteen/nixos-vscode-server";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
@ -116,7 +120,7 @@
|
||||
"vaultwarden.patch"
|
||||
"webhooks.patch"
|
||||
];
|
||||
sharedOverlays = [ flake-utils-plus.overlay ];
|
||||
sharedOverlays = [ flake-utils-plus.overlay inputs.sops-nix.overlays.default ];
|
||||
channelsConfig = { allowUnfree = true; android_sdk.accept_license = true; };
|
||||
channels.unstable.input = nixpkgs;
|
||||
channels.unstable.patches = patchesPath [ "zen-kernels.patch" "ydotoold.patch" ] ++ sharedPatches;
|
||||
@ -196,6 +200,15 @@
|
||||
nix-eval-jobs jq
|
||||
];
|
||||
};
|
||||
sops = {
|
||||
name = "sops";
|
||||
sopsPGPKeyDirs = [
|
||||
"${toString ./.}/keys/hosts"
|
||||
"${toString ./.}/keys/users"
|
||||
];
|
||||
sopsCreateGPGHome = true;
|
||||
packages = with pkgs; [ ssh-to-pgp sops sops-import-keys-hook ];
|
||||
};
|
||||
};
|
||||
packages = {
|
||||
Flakes-ISO = nixos-generators.nixosGenerate {
|
||||
|
28
keys/hosts/suomi-vps.asc
Normal file
28
keys/hosts/suomi-vps.asc
Normal file
@ -0,0 +1,28 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
xsFNBAAAAAABEAC1ZvLuhlCgsJpHCdaz5oUf5mhFQ88y9nh5sEcL35cEi7b9lR28
|
||||
oijbMoIppB/q5v3Lf9MChCcKkyXMPvTQIi9uEPXUGDJBu0Layl6nPgwMqf0vZ728
|
||||
h+0nUNe0qCrT6tFRH9Z3EnXS9370V7KZCbqaynVag5aaeB8wmALTNsRVWEfVYKyh
|
||||
kliKcahMfh1kl9PGZG4p4IFuYtUcA9yY8xgKzvfvRiAauzRFh5RqYpaSiJIYqMdr
|
||||
CTuiQqU0LoEM1It2X+NfVLNoU+oNMS0QeS55malqXEILlQKlvziYc1IWhMjqlBlm
|
||||
/e4yw1by87zBiHLIt4ALBfkbFscSXN83GwKT/cCJwrP4G+IeJp9tm8/bSaEuuBrm
|
||||
zPxEWcmdMq/qDh67YcdVybn6glPmY2pI0sNKdzsLbkNLoFFjD94wPHok43722NJ2
|
||||
BtbPWiWrLrda4miknFfFvLvY0hZRDLwfuNVRC5+HYwvwlG4C85fWfueCsmqOHJAN
|
||||
x+xV51hbDYoDoIyXvaL9K/xTontYDGR4oNUpaO+EI3l6npv81ChSqXkMxiuUtR1A
|
||||
0ktWUIzpQRV4dZzxY3Q9sC7djCP1xjUDHlSjmWFxi++WMt8bTFLOHNd3y2uWJQVF
|
||||
imTWysYyZ3gqs+GQ6VUzLKkYRnbVqtdKKrnvDa/pIzlVvJtpn/CZUz15swARAQAB
|
||||
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
|
||||
AQgAFgUCAAAAAAkQI17HvHVwAsoCGw8CGQEAADCtEACX/NfWWjIJjPi1LFPEYQHb
|
||||
BHeOj6BDhQ7bPVs0IR9twNMq3lj3CyWPZ5tIKesQ7ec8fTngdVRF5Jjkb1UgENhn
|
||||
dVGWHtIVVRpvIdup6s8NRx3PRsHUp98Ly3+P+RkwoT+3ZY45xleZeCEgFU852Lfp
|
||||
LViaj0xT2wtiNMGTdAVSkjt0+ZuB89y+91YLFLQvtASPCqg5Myc4184PEdUbfGh1
|
||||
4kZJK/lFIQvXEKpreYCp6/mGj9arEuRno/KRG0pW5HS1fuGNYkKT96WSDE51Ofzb
|
||||
1ihFcuEx7upJbCeUNnLvt1GaWez3hudCruwS8Cdnn6IafHIUBys0EnOXV99SFGQX
|
||||
akvB22gWAAWcBdDlNyTzxPRaQEjgB9OxM9NIgSRLIUDPbdBlSAXFey5Nt/hL0bQE
|
||||
J448uRgCwMmEXBc5butZ26bXKCbfJ4ZyTUPV6hRb0uiKFR1IecxhLVxn715pYrWm
|
||||
MfiKrj3G+rDFKmCBXhqlEFC0TQdZoue+AxxBAzB9MTqRO2GhC35t1Tg1crwKflLd
|
||||
rEBx2bYa1OOMIPfZePAA96X+LaXhkJYlhaPCP4R9oxErrPLBO3Ki7NPpJG0c+272
|
||||
+xnjaBfd1fapmVLYdSQNhT4QfOPm1YDLyHQCJi3oK+7eRX6rLMiLtQbwhWoJ9c3N
|
||||
JrpEiuMuhfru+fFCIiyoQw==
|
||||
=/C2a
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
17
keys/users/ataraxia.asc
Normal file
17
keys/users/ataraxia.asc
Normal file
@ -0,0 +1,17 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
xsBNBAAAAAABCACYSL78uXx0m7SSLSfc5Dz27nDT+0uU/wjkTICrF0jqkcKVRoYw
|
||||
ExteYzjINj8FqcxYGA5BHz72uUM653xCeVua31cU0WnjD+zUNfSaulQRROJMDeiR
|
||||
Lf5LpTnuAhYA5O9TAL47l/2j2CKnWh6jE8qn5Lt6RCXDbv2rGHnm5+6uJYvTMohq
|
||||
XbtfLbBGbBrczPL9WFda2aiv5B6AVSVA1YoPFpRX2gJqJKVgLpHjMTit/Lr3cvom
|
||||
sEC8bFCAVomAjAotym05OVl6kIex4jwoSv2Yxhizhu7TO9NxeunNduI7xD3oCc2X
|
||||
XUQoz6ASY5PFpbq7FkIQz2OLm41inxZlbv0lABEBAAHNKXJvb3QgKEltcG9ydGVk
|
||||
IGZyb20gU1NIKSA8cm9vdEBsb2NhbGhvc3Q+wsBiBBMBCAAWBQIAAAAACRAHGoEx
|
||||
vxZugAIbDwIZAQAAWJ8IADm/PZre00BcoVU2dQZy/H1SMrUVBZdYoBsYBRCm6Fh4
|
||||
s8Wi+bvpI/4BN7FUAsu8WwY32XnNrVvJLBeKZYPTJlHcQyDY18eeOgUX2bsrT6vx
|
||||
0QqDM4XauELtzxixCUADsvHM0EX1TrmA55f9AvCWASFuPARbKLWYtEx1O39DMi26
|
||||
N8eaePKvRHnpNzAYIeVlXP25ZoYRtVffDdFJgWYiiLgHsn9NSBRmon2wZuZG/mdh
|
||||
f1YzYibIFPAm8RVJhDjbsZMiWSFx+86jZEcG1DjJZQ4dJwfUsx4Q9cKHlX16ikPn
|
||||
nlO4mnO8z1TPCczm8W4/lIjBsM/fLRK/er6uruOThkw=
|
||||
=j5e1
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
@ -59,6 +59,7 @@ with config.deviceSpecific; {
|
||||
persist.state.homeDirectories = [
|
||||
"projects"
|
||||
"nixos-config"
|
||||
".config/sops"
|
||||
] ++ lib.optionals (!isServer) [
|
||||
"games"
|
||||
# "persist"
|
||||
|
Loading…
x
Reference in New Issue
Block a user