home/nix: add sops and github token
This commit is contained in:
parent
f74c1f7aa8
commit
c4f98ec9e7
@ -192,9 +192,14 @@
|
||||
inherit inputs;
|
||||
inherit (self) extendedLib;
|
||||
inherit (config) machineVars;
|
||||
hostname = name;
|
||||
secrets = secrets.outputs.settings;
|
||||
};
|
||||
|
||||
sharedModules = [
|
||||
inputs.sops-nix.homeManagerModules.sops
|
||||
];
|
||||
|
||||
users.h7x4 = {
|
||||
imports = [ ./home/home.nix ];
|
||||
};
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, lib, extendedLib, inputs, machineVars, ... } @ args: let
|
||||
{ config, pkgs, lib, extendedLib, inputs, machineVars, hostname, ... } @ args: let
|
||||
inherit (lib) mkForce mkIf optionals;
|
||||
graphics = !machineVars.headless;
|
||||
in {
|
||||
@ -51,8 +51,18 @@ in {
|
||||
./services/copyq.nix
|
||||
];
|
||||
|
||||
nix.settings = {
|
||||
use-xdg-base-directories = true;
|
||||
sops.defaultSopsFile = ./secrets/${hostname}.yaml;
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
sops.secrets."nix/access-tokens" = {
|
||||
sopsFile = ../secrets/common.yaml;
|
||||
};
|
||||
|
||||
nix = {
|
||||
settings.use-xdg-base-directories = true;
|
||||
extraOptions = ''
|
||||
!include ${config.sops.secrets."nix/access-tokens".path}
|
||||
'';
|
||||
};
|
||||
|
||||
home = {
|
||||
|
@ -1,3 +1,5 @@
|
||||
nix:
|
||||
access-tokens: ENC[AES256_GCM,data:K1V98nx+w0uoOY9ONDxbaZT9jbEbMqpzyYWaSrQIYfo2bm1HLeTHPqp2rqRFIPu5gD/5SqY2FW4Pak92it4S7o9liiI=,iv:/c6Mr3WQsbW7nBaa5NIG3pzatSyC9UE5zDpKjuD/FG0=,tag:8V344qvOVrgh5XHlinuFyw==,type:str]
|
||||
ssh:
|
||||
nix-builders:
|
||||
bob:
|
||||
@ -33,8 +35,8 @@ sops:
|
||||
cElPYm5qK2lkTWZ1UGd6TU1NV2h4OTgK8Ecv58Ybnc6iYMjtSKTT1fYbNf4yyFgX
|
||||
rjQ2sU8Rqc04MqixnAkF2zSDaaJ0vqwf22MvbO3bYhpqOHwiTMbRLg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-25T17:16:57Z"
|
||||
mac: ENC[AES256_GCM,data:vA8eGtD43gSWTXfuRmUcGXOn0UStfnDS8R6n3PNRWZFpMmtja96uGFvCwHM7rB3nWuz7LjHjxIqAEzjFuUy6SN2ta86ZQg+bdJZ+MsK+02o0senUgAHYx5Jxt5f0E+P9y4g5E9zgFkHMpTcGHGV+7sTjjqxjCF0jUVi20bh/T5g=,iv:FyivxwZQ7LDQUazdM03MdDTNWJWyp3nEQZk+TFGnUfQ=,tag:Z8q2aEqJeXcbCW/04N0rSQ==,type:str]
|
||||
lastmodified: "2024-06-25T18:03:45Z"
|
||||
mac: ENC[AES256_GCM,data:HLm8tiOhW4QtBbAVMen1g451S7cTYF+bN1/4eHZDd1U8UjkbU1yim7m5EZGgZnGw9o5+YvMt08BUXjVLfpIaW7oX9DbQrUr9pxiLpuUM+qtStzYfohnae8BzLF9naNg3oOMYAo3nOWWpcAtLVUoNBtBaD/VI5bvj3VnCbMWQ6pE=,iv:p1wgOGwcfdmvNgwmcSjKZ2c4zpL8138tZ0CD7lgwtZ4=,tag:QKMd/iUZcBrcW5iOsZ/Lbw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-05-08T00:49:52Z"
|
||||
enc: |
|
||||
|
Loading…
Reference in New Issue
Block a user