From 28f11cc5c704b6901dc94551fb1504f0091bb69f Mon Sep 17 00:00:00 2001 From: sinanmohd Date: Sun, 3 Sep 2023 09:48:03 +0530 Subject: flake/sops-nix: init --- .sops.yaml | 4 ++++ flake.lock | 40 +++++++++++++++++++++++++++++++++++++++- flake.nix | 21 +++++++++++++++++---- hosts/common.nix | 9 +++++++++ hosts/kay/configuration.nix | 1 + 5 files changed, 70 insertions(+), 5 deletions(-) create mode 100644 .sops.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..f5a3fe1 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,4 @@ +keys: + - &sinan 'age1hngjn65pvc8458z5uxz6qjktp45fp8s8jqxgqklsndkdp0s26gtqdxqazm' +creation_rules: + - age: *sinan diff --git a/flake.lock b/flake.lock index e6cde03..cfeb024 100644 --- a/flake.lock +++ b/flake.lock @@ -16,9 +16,47 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1693097136, + "narHash": "sha256-fBZSMdBaoZ0INFbyZ5s0DOF7zDNcLsLxgkwdDh3l9Pc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9117c4e9dc117a6cd0319cca40f2349ed333669d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1693404499, + "narHash": "sha256-cx/7yvM/AP+o/3wPJmA9W9F+WHemJk5t+Xcr+Qwkqhg=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index 93713c0..3c47785 100644 --- a/flake.nix +++ b/flake.nix @@ -1,16 +1,29 @@ { description = "reproducible nixos configuration with flakes"; - inputs.nixpkgs.url = "github:NixOs/nixpkgs/nixos-unstable"; - outputs = { self, nixpkgs }: { + inputs = { + nixpkgs.url = "github:NixOs/nixpkgs/nixos-unstable"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, sops-nix }: { nixosConfigurations = { cez = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = [ ./hosts/cez/configuration.nix ]; + modules = [ + ./hosts/cez/configuration.nix + sops-nix.nixosModules.sops + ]; }; kay = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = [ ./hosts/kay/configuration.nix ]; + modules = [ + ./hosts/kay/configuration.nix + sops-nix.nixosModules.sops + ]; }; }; }; diff --git a/hosts/common.nix b/hosts/common.nix index 56f2953..8cc13d8 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -3,6 +3,7 @@ let user = config.userdata.user; groups = config.userdata.groups; + host = config.networking.hostName; in { imports = [ @@ -61,6 +62,8 @@ in htop curl neovim + age + sops ]; }; system.stateVersion = "23.05"; @@ -72,6 +75,12 @@ in ]; nixpkgs.overlays = (import ../overlays); + # sops + sops = { + defaultSopsFile = "./${host}/secrets.yaml"; + age.keyFile = "/var/secrets/sops-nix/key.txt"; + }; + # programs programs = { adb.enable = true; diff --git a/hosts/kay/configuration.nix b/hosts/kay/configuration.nix index 8ad42c8..74d49e6 100644 --- a/hosts/kay/configuration.nix +++ b/hosts/kay/configuration.nix @@ -6,5 +6,6 @@ ../common.nix ]; + networking.hostName = "kay"; environment.systemPackages = with pkgs; [ tmux ]; } -- cgit v1.2.3