Merge branch 'main' of ssh://git.kb-one.de:9522/kb01/aux-config
Some checks failed
/ Build NixOS Iso (push) Failing after 1s
Some checks failed
/ Build NixOS Iso (push) Failing after 1s
This commit is contained in:
commit
48b751e0ad
4 changed files with 61 additions and 1 deletions
10
.sops.yaml
Normal file
10
.sops.yaml
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
keys:
|
||||||
|
- &kbwork_yerukall CEFAA4772EBDE0F5CFD1D1B3ED7E4FF32820BDE8
|
||||||
|
- &kbwork_yerukall2 age1lyv48cuxvnwp4ykugw57zjl728pn2tvss6486n9avgvw6uqj3ydqddkrmu
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: systems/x86_64-linux/yerukall/secrets/secrets.yaml$
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *kbwork_yerukall
|
||||||
|
age:
|
||||||
|
- *kbwork_yerukall2
|
||||||
|
|
@ -15,6 +15,8 @@
|
||||||
url = "github:nix-community/home-manager";
|
url = "github:nix-community/home-manager";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
|
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = inputs:
|
outputs = inputs:
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
# Edit this configuration file to define what should be installed on
|
# Edit this configuration file to define what should be installed on
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, inputs,... }:
|
||||||
let
|
let
|
||||||
lock-false = {
|
lock-false = {
|
||||||
Value = false;
|
Value = false;
|
||||||
|
|
@ -19,11 +19,19 @@ in {
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
./hardware.nix
|
./hardware.nix
|
||||||
|
inputs.sops-nix.nixosModules.sops
|
||||||
# inputs.home-manager.nixosModules.home-manager
|
# inputs.home-manager.nixosModules.home-manager
|
||||||
];
|
];
|
||||||
|
|
||||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||||
|
|
||||||
|
# Configure Secret Management
|
||||||
|
sops.defaultSopsFile = ./secrets/secrets.yaml;
|
||||||
|
sops.defaultSopsFormat = "yaml";
|
||||||
|
sops.age.keyFile = "/home/kb-work/.config/sops/age/keys.txt";
|
||||||
|
sops.secrets.example-key = {};
|
||||||
|
sops.secrets."myservice/my_subdir/my_secret" = {};
|
||||||
|
|
||||||
# Bootloader.
|
# Bootloader.
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
@ -130,6 +138,7 @@ in {
|
||||||
tidal-hifi
|
tidal-hifi
|
||||||
gimp
|
gimp
|
||||||
libreoffice
|
libreoffice
|
||||||
|
sops # Secret Management
|
||||||
];
|
];
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
||||||
39
systems/x86_64-linux/yerukall/secrets/secrets.yaml
Normal file
39
systems/x86_64-linux/yerukall/secrets/secrets.yaml
Normal file
|
|
@ -0,0 +1,39 @@
|
||||||
|
#ENC[AES256_GCM,data:Y/4T3/21rAYxhZZpSm1ViwpAuce0j09yIoyQJrywm58g4LNPVoc=,iv:p67M9lRr4P/ZkR+y2Qag8fOQrz6g4hRV+RQttzcpqyA=,tag:UvLX6HBB7R8mmYf2p40qVg==,type:comment]
|
||||||
|
example-key: ENC[AES256_GCM,data:QNGwQqL+MF5FouF1sw==,iv:v8Wife1Szo2/hckzjnvgEWeO4W7Z3o5T3b6qDBa9ybc=,tag:udthCeK2XO32a7KStPEacQ==,type:str]
|
||||||
|
#ENC[AES256_GCM,data:THHKylFfOJAphDzozezoC8MMq9rAgZNQkzjRS8loFs/M9CeWKretPnzHB0ICyIMoV5EZyZ2A0Aw=,iv:zksZsPPUmPRvjKnbJ1hIz5kNF59yLi1AD8qpjnpowj0=,tag:6wN9qZv/Joh0KszXuRO/HA==,type:comment]
|
||||||
|
#ENC[AES256_GCM,data:lnNvxw+ZJ/Oxx49IQJ9v4WOb+9nHVnlDw4dUg2eLVh0SC3FmY0OcIYQbkMi04QJAUeGS90Pk+PEge+DBk36kpeRIjWGnN2Oj,iv:5WA7Fv4h0WFs3bIxxY+Jd5iWGq93NErxshSELYAmKcQ=,tag:pK49KZ0LzOXHnaqEDejkVQ==,type:comment]
|
||||||
|
myservice:
|
||||||
|
my_subdir:
|
||||||
|
my_secret: ENC[AES256_GCM,data:djPluXw5DIaX,iv:8ETxthGUW9aHp497FYcFOya0clZI0GDmf8BUyf65Dz0=,tag:62zulMRBSE1cHezfOAPcCA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1lyv48cuxvnwp4ykugw57zjl728pn2tvss6486n9avgvw6uqj3ydqddkrmu
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZFJJUXVNVHJ2eGFUUEUr
|
||||||
|
T09TNUs1TXhJcForZlpLMTQxSFZiVktwOG13Cm1XbkRvYWs4TWxobi9zamRyc0U5
|
||||||
|
RFJsaFhlYzM0WUN1a2dBM24yUVAyUGMKLS0tIC92dGF6UlExWG1sd2JGREtPb2R3
|
||||||
|
V21VMmZwSE9RcnRIWW5qVUVjUytDNk0Kfsx4yHMU37LnShUQuTSqB05RZNc1e+tB
|
||||||
|
I/sCep5KH02W4IBUONXVKbHE5Fp3nl0RVMBE+oQQojOCdEERebBplA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-09-06T14:49:25Z"
|
||||||
|
mac: ENC[AES256_GCM,data:741EU6IW91+D6O22q/fC2QGC7PU/qxSkdML4KBbYohS2tOx9dl7miyooNnSw2nEjE4yd4qxU+OU8ZNxST/dlnOaGa5otYfwByq0FQ7PLa4pSzVSTMvDBHf55JHOL9zbWuWoiPu2WEa+sQ6bU7Rte/4EtXhJBvHhgys0hc0kHIyQ=,iv:QNpw1v8m+AUqdhYq1LdJSUSDeVN9PM/qyEqibyVxCa4=,tag:tysIywxYhCv51eVBQE3NaQ==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-09-06T15:25:51Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4Dg0be+qgFJlcSAQdAtgr7NQCBh2lFuJVelU3zgaV9bvwKzEA9VPYOq1/53lkw
|
||||||
|
AJXNN1tW/RIMLJYlotfmd4vKd7JXJL7yVNgxFNfepFnDxcc58aFkefYFLSR3Owe7
|
||||||
|
1GgBCQIQkCcQDT/8Pkd9hM7D6ZNDi8tl1sGukChIZ0De7nQ3jun2LwFPtYYVw97J
|
||||||
|
iSeMyas8Z+BkkL0eYyzdRPlYBnzDNwGLteRMkjWCHeNESaeUjP06Bz+v7rMFn9DS
|
||||||
|
7O8SqYeKKm4YkA==
|
||||||
|
=/tp5
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: CEFAA4772EBDE0F5CFD1D1B3ED7E4FF32820BDE8
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.0
|
||||||
Loading…
Add table
Reference in a new issue