ephase/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat: add sops-nix input

Browse source
This commit is contained in:
Yorick Barbanneau 2024-09-25 21:38:31 +02:00
parent 5c153d3b08
commit 01092ee7ef
4 changed files with 68 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.sops.yaml Normal file
View file

@ -0,0 +1,14 @@
# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
- &ephase 26D5035DF6B4BE70F2B51B4C178139E02D2ACF00
- &luci age19kvatn3zpeqh9zy7u8ce0hqe7dyaesxrukewxt8u7pf4cqkj5dfqm5nlwy
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *luci
pgp:
- *ephase

40
flake.lock generated
View file

@ -71,6 +71,22 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1725762081,
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1725115514, "lastModified": 1725115514,
@ -91,7 +107,29 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"nixgl": "nixgl", "nixgl": "nixgl",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nur": "nur" "nur": "nur",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1726524647,
"narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
} }
} }
}, },

10
flake.nix
View file

@ -11,8 +11,12 @@
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { self, nixpkgs, home-manager, nur, nixgl, ... }@inputs: outputs = { self, nixpkgs, home-manager, nur, nixgl, sops-nix, ... }@inputs:
let let
stateVersion = "23.11"; stateVersion = "23.11";
@ -28,7 +32,9 @@ in {
devShells = forAllSystems ({ pkgs }: { devShells = forAllSystems ({ pkgs }: {
default = pkgs.mkShell { default = pkgs.mkShell {
name = "nixfiles"; name = "nixfiles";
buildInputs = [ buildInputs = [
pkgs.sops
pkgs.age
pkgs.shellcheck pkgs.shellcheck
pkgs.shfmt pkgs.shfmt
pkgs.lefthook pkgs.lefthook

8
nixos/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, stateVersion, hostname, username, hostConfig, ... }: { inputs, pkgs, lib, stateVersion, hostname, username, hostConfig, config, ... }:
{ {
imports = [ # Include the results of the hardware scan. imports = [ # Include the results of the hardware scan.
../hosts/${hostname}/hardware-configuration.nix ../hosts/${hostname}/hardware-configuration.nix
@ -43,6 +43,12 @@
inherit hostConfig; inherit hostConfig;
inherit hostname; inherit hostname;
}; };
# NixOS system-wide home-manager configuration
sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
users.${username} = { users.${username} = {
home.stateVersion = stateVersion; home.stateVersion = stateVersion;
programs.home-manager.enable = true; programs.home-manager.enable = true;