summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2023-09-03 09:48:03 +0530
committersinanmohd <sinan@sinanmohd.com>2023-09-03 23:13:02 +0530
commit28f11cc5c704b6901dc94551fb1504f0091bb69f (patch)
tree7bf55a4884b6d4eabd987be657434a1c32c50860
parentc636397e6062b4d9471a4b5f4e9cf7d34a257131 (diff)
flake/sops-nix: init
-rw-r--r--.sops.yaml4
-rw-r--r--flake.lock40
-rw-r--r--flake.nix21
-rw-r--r--hosts/common.nix9
-rw-r--r--hosts/kay/configuration.nix1
5 files changed, 70 insertions, 5 deletions
diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..f5a3fe1
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,4 @@
+keys:
+ - &sinan 'age1hngjn65pvc8458z5uxz6qjktp45fp8s8jqxgqklsndkdp0s26gtqdxqazm'
+creation_rules:
+ - age: *sinan
diff --git a/flake.lock b/flake.lock
index e6cde03..cfeb024 100644
--- a/flake.lock
+++ b/flake.lock
@@ -16,9 +16,47 @@
"type": "github"
}
},
+ "nixpkgs-stable": {
+ "locked": {
+ "lastModified": 1693097136,
+ "narHash": "sha256-fBZSMdBaoZ0INFbyZ5s0DOF7zDNcLsLxgkwdDh3l9Pc=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "9117c4e9dc117a6cd0319cca40f2349ed333669d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "release-23.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
"root": {
"inputs": {
- "nixpkgs": "nixpkgs"
+ "nixpkgs": "nixpkgs",
+ "sops-nix": "sops-nix"
+ }
+ },
+ "sops-nix": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "nixpkgs-stable": "nixpkgs-stable"
+ },
+ "locked": {
+ "lastModified": 1693404499,
+ "narHash": "sha256-cx/7yvM/AP+o/3wPJmA9W9F+WHemJk5t+Xcr+Qwkqhg=",
+ "owner": "Mic92",
+ "repo": "sops-nix",
+ "rev": "d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "Mic92",
+ "repo": "sops-nix",
+ "type": "github"
}
}
},
diff --git a/flake.nix b/flake.nix
index 93713c0..3c47785 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,16 +1,29 @@
{
description = "reproducible nixos configuration with flakes";
- inputs.nixpkgs.url = "github:NixOs/nixpkgs/nixos-unstable";
- outputs = { self, nixpkgs }: {
+ inputs = {
+ nixpkgs.url = "github:NixOs/nixpkgs/nixos-unstable";
+ sops-nix = {
+ url = "github:Mic92/sops-nix";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+ };
+
+ outputs = { self, nixpkgs, sops-nix }: {
nixosConfigurations = {
cez = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
- modules = [ ./hosts/cez/configuration.nix ];
+ modules = [
+ ./hosts/cez/configuration.nix
+ sops-nix.nixosModules.sops
+ ];
};
kay = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
- modules = [ ./hosts/kay/configuration.nix ];
+ modules = [
+ ./hosts/kay/configuration.nix
+ sops-nix.nixosModules.sops
+ ];
};
};
};
diff --git a/hosts/common.nix b/hosts/common.nix
index 56f2953..8cc13d8 100644
--- a/hosts/common.nix
+++ b/hosts/common.nix
@@ -3,6 +3,7 @@
let
user = config.userdata.user;
groups = config.userdata.groups;
+ host = config.networking.hostName;
in
{
imports = [
@@ -61,6 +62,8 @@ in
htop
curl
neovim
+ age
+ sops
];
};
system.stateVersion = "23.05";
@@ -72,6 +75,12 @@ in
];
nixpkgs.overlays = (import ../overlays);
+ # sops
+ sops = {
+ defaultSopsFile = "./${host}/secrets.yaml";
+ age.keyFile = "/var/secrets/sops-nix/key.txt";
+ };
+
# programs
programs = {
adb.enable = true;
diff --git a/hosts/kay/configuration.nix b/hosts/kay/configuration.nix
index 8ad42c8..74d49e6 100644
--- a/hosts/kay/configuration.nix
+++ b/hosts/kay/configuration.nix
@@ -6,5 +6,6 @@
../common.nix
];
+ networking.hostName = "kay";
environment.systemPackages = with pkgs; [ tmux ];
}