home/nix: add sops and github token

This commit is contained in:
Oystein Kristoffer Tveit 2024-06-25 20:10:58 +02:00
parent f74c1f7aa8
commit c4f98ec9e7
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
3 changed files with 22 additions and 5 deletions

View File

@ -192,9 +192,14 @@
inherit inputs; inherit inputs;
inherit (self) extendedLib; inherit (self) extendedLib;
inherit (config) machineVars; inherit (config) machineVars;
hostname = name;
secrets = secrets.outputs.settings; secrets = secrets.outputs.settings;
}; };
sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
users.h7x4 = { users.h7x4 = {
imports = [ ./home/home.nix ]; imports = [ ./home/home.nix ];
}; };

View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, extendedLib, inputs, machineVars, ... } @ args: let { config, pkgs, lib, extendedLib, inputs, machineVars, hostname, ... } @ args: let
inherit (lib) mkForce mkIf optionals; inherit (lib) mkForce mkIf optionals;
graphics = !machineVars.headless; graphics = !machineVars.headless;
in { in {
@ -51,8 +51,18 @@ in {
./services/copyq.nix ./services/copyq.nix
]; ];
nix.settings = { sops.defaultSopsFile = ./secrets/${hostname}.yaml;
use-xdg-base-directories = true; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets."nix/access-tokens" = {
sopsFile = ../secrets/common.yaml;
};
nix = {
settings.use-xdg-base-directories = true;
extraOptions = ''
!include ${config.sops.secrets."nix/access-tokens".path}
'';
}; };
home = { home = {

View File

@ -1,3 +1,5 @@
nix:
access-tokens: ENC[AES256_GCM,data:K1V98nx+w0uoOY9ONDxbaZT9jbEbMqpzyYWaSrQIYfo2bm1HLeTHPqp2rqRFIPu5gD/5SqY2FW4Pak92it4S7o9liiI=,iv:/c6Mr3WQsbW7nBaa5NIG3pzatSyC9UE5zDpKjuD/FG0=,tag:8V344qvOVrgh5XHlinuFyw==,type:str]
ssh: ssh:
nix-builders: nix-builders:
bob: bob:
@ -33,8 +35,8 @@ sops:
cElPYm5qK2lkTWZ1UGd6TU1NV2h4OTgK8Ecv58Ybnc6iYMjtSKTT1fYbNf4yyFgX cElPYm5qK2lkTWZ1UGd6TU1NV2h4OTgK8Ecv58Ybnc6iYMjtSKTT1fYbNf4yyFgX
rjQ2sU8Rqc04MqixnAkF2zSDaaJ0vqwf22MvbO3bYhpqOHwiTMbRLg== rjQ2sU8Rqc04MqixnAkF2zSDaaJ0vqwf22MvbO3bYhpqOHwiTMbRLg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-25T17:16:57Z" lastmodified: "2024-06-25T18:03:45Z"
mac: ENC[AES256_GCM,data:vA8eGtD43gSWTXfuRmUcGXOn0UStfnDS8R6n3PNRWZFpMmtja96uGFvCwHM7rB3nWuz7LjHjxIqAEzjFuUy6SN2ta86ZQg+bdJZ+MsK+02o0senUgAHYx5Jxt5f0E+P9y4g5E9zgFkHMpTcGHGV+7sTjjqxjCF0jUVi20bh/T5g=,iv:FyivxwZQ7LDQUazdM03MdDTNWJWyp3nEQZk+TFGnUfQ=,tag:Z8q2aEqJeXcbCW/04N0rSQ==,type:str] mac: ENC[AES256_GCM,data:HLm8tiOhW4QtBbAVMen1g451S7cTYF+bN1/4eHZDd1U8UjkbU1yim7m5EZGgZnGw9o5+YvMt08BUXjVLfpIaW7oX9DbQrUr9pxiLpuUM+qtStzYfohnae8BzLF9naNg3oOMYAo3nOWWpcAtLVUoNBtBaD/VI5bvj3VnCbMWQ6pE=,iv:p1wgOGwcfdmvNgwmcSjKZ2c4zpL8138tZ0CD7lgwtZ4=,tag:QKMd/iUZcBrcW5iOsZ/Lbw==,type:str]
pgp: pgp:
- created_at: "2023-05-08T00:49:52Z" - created_at: "2023-05-08T00:49:52Z"
enc: | enc: |