initial sops-nix config
This commit is contained in:
parent
72afc2f977
commit
539ca10798
9
.sops.yaml
Normal file
9
.sops.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
keys:
|
||||||
|
- &ataraxia ad382d058c964607b7bbf01b071a8131bf166e80
|
||||||
|
- &suomi-vps d286fd9431753cb455537070235ec7bc757002ca
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *ataraxia
|
||||||
|
- *suomi-vps
|
||||||
15
flake.nix
15
flake.nix
@ -76,6 +76,10 @@
|
|||||||
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
|
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
sops-nix = {
|
||||||
|
url = "github:Mic92/sops-nix";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
vscode-server = {
|
vscode-server = {
|
||||||
url = "github:msteen/nixos-vscode-server";
|
url = "github:msteen/nixos-vscode-server";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
@ -116,7 +120,7 @@
|
|||||||
"vaultwarden.patch"
|
"vaultwarden.patch"
|
||||||
"webhooks.patch"
|
"webhooks.patch"
|
||||||
];
|
];
|
||||||
sharedOverlays = [ flake-utils-plus.overlay ];
|
sharedOverlays = [ flake-utils-plus.overlay inputs.sops-nix.overlays.default ];
|
||||||
channelsConfig = { allowUnfree = true; android_sdk.accept_license = true; };
|
channelsConfig = { allowUnfree = true; android_sdk.accept_license = true; };
|
||||||
channels.unstable.input = nixpkgs;
|
channels.unstable.input = nixpkgs;
|
||||||
channels.unstable.patches = patchesPath [ "zen-kernels.patch" "ydotoold.patch" ] ++ sharedPatches;
|
channels.unstable.patches = patchesPath [ "zen-kernels.patch" "ydotoold.patch" ] ++ sharedPatches;
|
||||||
@ -196,6 +200,15 @@
|
|||||||
nix-eval-jobs jq
|
nix-eval-jobs jq
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
sops = {
|
||||||
|
name = "sops";
|
||||||
|
sopsPGPKeyDirs = [
|
||||||
|
"${toString ./.}/keys/hosts"
|
||||||
|
"${toString ./.}/keys/users"
|
||||||
|
];
|
||||||
|
sopsCreateGPGHome = true;
|
||||||
|
packages = with pkgs; [ ssh-to-pgp sops sops-import-keys-hook ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
packages = {
|
packages = {
|
||||||
Flakes-ISO = nixos-generators.nixosGenerate {
|
Flakes-ISO = nixos-generators.nixosGenerate {
|
||||||
|
|||||||
28
keys/hosts/suomi-vps.asc
Normal file
28
keys/hosts/suomi-vps.asc
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
xsFNBAAAAAABEAC1ZvLuhlCgsJpHCdaz5oUf5mhFQ88y9nh5sEcL35cEi7b9lR28
|
||||||
|
oijbMoIppB/q5v3Lf9MChCcKkyXMPvTQIi9uEPXUGDJBu0Layl6nPgwMqf0vZ728
|
||||||
|
h+0nUNe0qCrT6tFRH9Z3EnXS9370V7KZCbqaynVag5aaeB8wmALTNsRVWEfVYKyh
|
||||||
|
kliKcahMfh1kl9PGZG4p4IFuYtUcA9yY8xgKzvfvRiAauzRFh5RqYpaSiJIYqMdr
|
||||||
|
CTuiQqU0LoEM1It2X+NfVLNoU+oNMS0QeS55malqXEILlQKlvziYc1IWhMjqlBlm
|
||||||
|
/e4yw1by87zBiHLIt4ALBfkbFscSXN83GwKT/cCJwrP4G+IeJp9tm8/bSaEuuBrm
|
||||||
|
zPxEWcmdMq/qDh67YcdVybn6glPmY2pI0sNKdzsLbkNLoFFjD94wPHok43722NJ2
|
||||||
|
BtbPWiWrLrda4miknFfFvLvY0hZRDLwfuNVRC5+HYwvwlG4C85fWfueCsmqOHJAN
|
||||||
|
x+xV51hbDYoDoIyXvaL9K/xTontYDGR4oNUpaO+EI3l6npv81ChSqXkMxiuUtR1A
|
||||||
|
0ktWUIzpQRV4dZzxY3Q9sC7djCP1xjUDHlSjmWFxi++WMt8bTFLOHNd3y2uWJQVF
|
||||||
|
imTWysYyZ3gqs+GQ6VUzLKkYRnbVqtdKKrnvDa/pIzlVvJtpn/CZUz15swARAQAB
|
||||||
|
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
|
||||||
|
AQgAFgUCAAAAAAkQI17HvHVwAsoCGw8CGQEAADCtEACX/NfWWjIJjPi1LFPEYQHb
|
||||||
|
BHeOj6BDhQ7bPVs0IR9twNMq3lj3CyWPZ5tIKesQ7ec8fTngdVRF5Jjkb1UgENhn
|
||||||
|
dVGWHtIVVRpvIdup6s8NRx3PRsHUp98Ly3+P+RkwoT+3ZY45xleZeCEgFU852Lfp
|
||||||
|
LViaj0xT2wtiNMGTdAVSkjt0+ZuB89y+91YLFLQvtASPCqg5Myc4184PEdUbfGh1
|
||||||
|
4kZJK/lFIQvXEKpreYCp6/mGj9arEuRno/KRG0pW5HS1fuGNYkKT96WSDE51Ofzb
|
||||||
|
1ihFcuEx7upJbCeUNnLvt1GaWez3hudCruwS8Cdnn6IafHIUBys0EnOXV99SFGQX
|
||||||
|
akvB22gWAAWcBdDlNyTzxPRaQEjgB9OxM9NIgSRLIUDPbdBlSAXFey5Nt/hL0bQE
|
||||||
|
J448uRgCwMmEXBc5butZ26bXKCbfJ4ZyTUPV6hRb0uiKFR1IecxhLVxn715pYrWm
|
||||||
|
MfiKrj3G+rDFKmCBXhqlEFC0TQdZoue+AxxBAzB9MTqRO2GhC35t1Tg1crwKflLd
|
||||||
|
rEBx2bYa1OOMIPfZePAA96X+LaXhkJYlhaPCP4R9oxErrPLBO3Ki7NPpJG0c+272
|
||||||
|
+xnjaBfd1fapmVLYdSQNhT4QfOPm1YDLyHQCJi3oK+7eRX6rLMiLtQbwhWoJ9c3N
|
||||||
|
JrpEiuMuhfru+fFCIiyoQw==
|
||||||
|
=/C2a
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
17
keys/users/ataraxia.asc
Normal file
17
keys/users/ataraxia.asc
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
xsBNBAAAAAABCACYSL78uXx0m7SSLSfc5Dz27nDT+0uU/wjkTICrF0jqkcKVRoYw
|
||||||
|
ExteYzjINj8FqcxYGA5BHz72uUM653xCeVua31cU0WnjD+zUNfSaulQRROJMDeiR
|
||||||
|
Lf5LpTnuAhYA5O9TAL47l/2j2CKnWh6jE8qn5Lt6RCXDbv2rGHnm5+6uJYvTMohq
|
||||||
|
XbtfLbBGbBrczPL9WFda2aiv5B6AVSVA1YoPFpRX2gJqJKVgLpHjMTit/Lr3cvom
|
||||||
|
sEC8bFCAVomAjAotym05OVl6kIex4jwoSv2Yxhizhu7TO9NxeunNduI7xD3oCc2X
|
||||||
|
XUQoz6ASY5PFpbq7FkIQz2OLm41inxZlbv0lABEBAAHNKXJvb3QgKEltcG9ydGVk
|
||||||
|
IGZyb20gU1NIKSA8cm9vdEBsb2NhbGhvc3Q+wsBiBBMBCAAWBQIAAAAACRAHGoEx
|
||||||
|
vxZugAIbDwIZAQAAWJ8IADm/PZre00BcoVU2dQZy/H1SMrUVBZdYoBsYBRCm6Fh4
|
||||||
|
s8Wi+bvpI/4BN7FUAsu8WwY32XnNrVvJLBeKZYPTJlHcQyDY18eeOgUX2bsrT6vx
|
||||||
|
0QqDM4XauELtzxixCUADsvHM0EX1TrmA55f9AvCWASFuPARbKLWYtEx1O39DMi26
|
||||||
|
N8eaePKvRHnpNzAYIeVlXP25ZoYRtVffDdFJgWYiiLgHsn9NSBRmon2wZuZG/mdh
|
||||||
|
f1YzYibIFPAm8RVJhDjbsZMiWSFx+86jZEcG1DjJZQ4dJwfUsx4Q9cKHlX16ikPn
|
||||||
|
nlO4mnO8z1TPCczm8W4/lIjBsM/fLRK/er6uruOThkw=
|
||||||
|
=j5e1
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
@ -59,6 +59,7 @@ with config.deviceSpecific; {
|
|||||||
persist.state.homeDirectories = [
|
persist.state.homeDirectories = [
|
||||||
"projects"
|
"projects"
|
||||||
"nixos-config"
|
"nixos-config"
|
||||||
|
".config/sops"
|
||||||
] ++ lib.optionals (!isServer) [
|
] ++ lib.optionals (!isServer) [
|
||||||
"games"
|
"games"
|
||||||
# "persist"
|
# "persist"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user