flake/sops-nix: init

5 files changed, 70 insertions, 5 deletions

diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..f5a3fe1
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,4 @@
+keys:
+  - &sinan 'age1hngjn65pvc8458z5uxz6qjktp45fp8s8jqxgqklsndkdp0s26gtqdxqazm'
+creation_rules:
+  - age: *sinan
diff --git a/flake.lock b/flake.lock
index e6cde03..cfeb024 100644
--- a/flake.lock
+++ b/flake.lock
@@ -16,9 +16,47 @@
         "type": "github"
       }
     },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1693097136,
+        "narHash": "sha256-fBZSMdBaoZ0INFbyZ5s0DOF7zDNcLsLxgkwdDh3l9Pc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9117c4e9dc117a6cd0319cca40f2349ed333669d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1693404499,
+        "narHash": "sha256-cx/7yvM/AP+o/3wPJmA9W9F+WHemJk5t+Xcr+Qwkqhg=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
       }
     }
   },
diff --git a/flake.nix b/flake.nix
index 93713c0..3c47785 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,16 +1,29 @@
 {
   description = "reproducible nixos configuration with flakes";
-  inputs.nixpkgs.url = "github:NixOs/nixpkgs/nixos-unstable";
 
-  outputs = { self, nixpkgs }: {
+  inputs = {
+    nixpkgs.url = "github:NixOs/nixpkgs/nixos-unstable";
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = { self, nixpkgs, sops-nix }: {
     nixosConfigurations = {
       cez = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
-        modules = [ ./hosts/cez/configuration.nix ];
+        modules = [
+          ./hosts/cez/configuration.nix
+          sops-nix.nixosModules.sops
+        ];
       };
       kay = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
-        modules = [ ./hosts/kay/configuration.nix ];
+        modules = [
+          ./hosts/kay/configuration.nix
+          sops-nix.nixosModules.sops
+        ];
       };
     };
   };
diff --git a/hosts/common.nix b/hosts/common.nix
index 56f2953..8cc13d8 100644
--- a/hosts/common.nix
+++ b/hosts/common.nix
@@ -3,6 +3,7 @@
 let
   user = config.userdata.user;
   groups = config.userdata.groups;
+  host = config.networking.hostName;
 in
 {
   imports = [
@@ -61,6 +62,8 @@ in
       htop
       curl
       neovim
+      age
+      sops
     ];
   };
   system.stateVersion = "23.05";
@@ -72,6 +75,12 @@ in
   ];
   nixpkgs.overlays = (import ../overlays);
 
+  # sops
+  sops = {
+    defaultSopsFile = "./${host}/secrets.yaml";
+    age.keyFile = "/var/secrets/sops-nix/key.txt";
+  };
+
   # programs
   programs = {
     adb.enable = true;
diff --git a/hosts/kay/configuration.nix b/hosts/kay/configuration.nix
index 8ad42c8..74d49e6 100644
--- a/hosts/kay/configuration.nix
+++ b/hosts/kay/configuration.nix
@@ -6,5 +6,6 @@
     ../common.nix
   ];
 
+  networking.hostName = "kay";
   environment.systemPackages = with pkgs; [ tmux ];
 }