diff options
author | sinanmohd <sinan@sinanmohd.com> | 2023-09-03 09:48:03 +0530 |
---|---|---|
committer | sinanmohd <sinan@sinanmohd.com> | 2023-09-03 23:13:02 +0530 |
commit | 28f11cc5c704b6901dc94551fb1504f0091bb69f (patch) | |
tree | 7bf55a4884b6d4eabd987be657434a1c32c50860 | |
parent | c636397e6062b4d9471a4b5f4e9cf7d34a257131 (diff) |
flake/sops-nix: init
-rw-r--r-- | .sops.yaml | 4 | ||||
-rw-r--r-- | flake.lock | 40 | ||||
-rw-r--r-- | flake.nix | 21 | ||||
-rw-r--r-- | hosts/common.nix | 9 | ||||
-rw-r--r-- | hosts/kay/configuration.nix | 1 |
5 files changed, 70 insertions, 5 deletions
diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..f5a3fe1 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,4 @@ +keys: + - &sinan 'age1hngjn65pvc8458z5uxz6qjktp45fp8s8jqxgqklsndkdp0s26gtqdxqazm' +creation_rules: + - age: *sinan @@ -16,9 +16,47 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1693097136, + "narHash": "sha256-fBZSMdBaoZ0INFbyZ5s0DOF7zDNcLsLxgkwdDh3l9Pc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9117c4e9dc117a6cd0319cca40f2349ed333669d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1693404499, + "narHash": "sha256-cx/7yvM/AP+o/3wPJmA9W9F+WHemJk5t+Xcr+Qwkqhg=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" } } }, @@ -1,16 +1,29 @@ { description = "reproducible nixos configuration with flakes"; - inputs.nixpkgs.url = "github:NixOs/nixpkgs/nixos-unstable"; - outputs = { self, nixpkgs }: { + inputs = { + nixpkgs.url = "github:NixOs/nixpkgs/nixos-unstable"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, sops-nix }: { nixosConfigurations = { cez = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = [ ./hosts/cez/configuration.nix ]; + modules = [ + ./hosts/cez/configuration.nix + sops-nix.nixosModules.sops + ]; }; kay = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = [ ./hosts/kay/configuration.nix ]; + modules = [ + ./hosts/kay/configuration.nix + sops-nix.nixosModules.sops + ]; }; }; }; diff --git a/hosts/common.nix b/hosts/common.nix index 56f2953..8cc13d8 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -3,6 +3,7 @@ let user = config.userdata.user; groups = config.userdata.groups; + host = config.networking.hostName; in { imports = [ @@ -61,6 +62,8 @@ in htop curl neovim + age + sops ]; }; system.stateVersion = "23.05"; @@ -72,6 +75,12 @@ in ]; nixpkgs.overlays = (import ../overlays); + # sops + sops = { + defaultSopsFile = "./${host}/secrets.yaml"; + age.keyFile = "/var/secrets/sops-nix/key.txt"; + }; + # programs programs = { adb.enable = true; diff --git a/hosts/kay/configuration.nix b/hosts/kay/configuration.nix index 8ad42c8..74d49e6 100644 --- a/hosts/kay/configuration.nix +++ b/hosts/kay/configuration.nix @@ -6,5 +6,6 @@ ../common.nix ]; + networking.hostName = "kay"; environment.systemPackages = with pkgs; [ tmux ]; } |