home/nix: add sops and github token
This commit is contained in:
parent
f74c1f7aa8
commit
c4f98ec9e7
|
@ -192,9 +192,14 @@
|
||||||
inherit inputs;
|
inherit inputs;
|
||||||
inherit (self) extendedLib;
|
inherit (self) extendedLib;
|
||||||
inherit (config) machineVars;
|
inherit (config) machineVars;
|
||||||
|
hostname = name;
|
||||||
secrets = secrets.outputs.settings;
|
secrets = secrets.outputs.settings;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sharedModules = [
|
||||||
|
inputs.sops-nix.homeManagerModules.sops
|
||||||
|
];
|
||||||
|
|
||||||
users.h7x4 = {
|
users.h7x4 = {
|
||||||
imports = [ ./home/home.nix ];
|
imports = [ ./home/home.nix ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, lib, extendedLib, inputs, machineVars, ... } @ args: let
|
{ config, pkgs, lib, extendedLib, inputs, machineVars, hostname, ... } @ args: let
|
||||||
inherit (lib) mkForce mkIf optionals;
|
inherit (lib) mkForce mkIf optionals;
|
||||||
graphics = !machineVars.headless;
|
graphics = !machineVars.headless;
|
||||||
in {
|
in {
|
||||||
|
@ -51,8 +51,18 @@ in {
|
||||||
./services/copyq.nix
|
./services/copyq.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
nix.settings = {
|
sops.defaultSopsFile = ./secrets/${hostname}.yaml;
|
||||||
use-xdg-base-directories = true;
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
|
sops.secrets."nix/access-tokens" = {
|
||||||
|
sopsFile = ../secrets/common.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
settings.use-xdg-base-directories = true;
|
||||||
|
extraOptions = ''
|
||||||
|
!include ${config.sops.secrets."nix/access-tokens".path}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
home = {
|
home = {
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
nix:
|
||||||
|
access-tokens: ENC[AES256_GCM,data:K1V98nx+w0uoOY9ONDxbaZT9jbEbMqpzyYWaSrQIYfo2bm1HLeTHPqp2rqRFIPu5gD/5SqY2FW4Pak92it4S7o9liiI=,iv:/c6Mr3WQsbW7nBaa5NIG3pzatSyC9UE5zDpKjuD/FG0=,tag:8V344qvOVrgh5XHlinuFyw==,type:str]
|
||||||
ssh:
|
ssh:
|
||||||
nix-builders:
|
nix-builders:
|
||||||
bob:
|
bob:
|
||||||
|
@ -33,8 +35,8 @@ sops:
|
||||||
cElPYm5qK2lkTWZ1UGd6TU1NV2h4OTgK8Ecv58Ybnc6iYMjtSKTT1fYbNf4yyFgX
|
cElPYm5qK2lkTWZ1UGd6TU1NV2h4OTgK8Ecv58Ybnc6iYMjtSKTT1fYbNf4yyFgX
|
||||||
rjQ2sU8Rqc04MqixnAkF2zSDaaJ0vqwf22MvbO3bYhpqOHwiTMbRLg==
|
rjQ2sU8Rqc04MqixnAkF2zSDaaJ0vqwf22MvbO3bYhpqOHwiTMbRLg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-25T17:16:57Z"
|
lastmodified: "2024-06-25T18:03:45Z"
|
||||||
mac: ENC[AES256_GCM,data:vA8eGtD43gSWTXfuRmUcGXOn0UStfnDS8R6n3PNRWZFpMmtja96uGFvCwHM7rB3nWuz7LjHjxIqAEzjFuUy6SN2ta86ZQg+bdJZ+MsK+02o0senUgAHYx5Jxt5f0E+P9y4g5E9zgFkHMpTcGHGV+7sTjjqxjCF0jUVi20bh/T5g=,iv:FyivxwZQ7LDQUazdM03MdDTNWJWyp3nEQZk+TFGnUfQ=,tag:Z8q2aEqJeXcbCW/04N0rSQ==,type:str]
|
mac: ENC[AES256_GCM,data:HLm8tiOhW4QtBbAVMen1g451S7cTYF+bN1/4eHZDd1U8UjkbU1yim7m5EZGgZnGw9o5+YvMt08BUXjVLfpIaW7oX9DbQrUr9pxiLpuUM+qtStzYfohnae8BzLF9naNg3oOMYAo3nOWWpcAtLVUoNBtBaD/VI5bvj3VnCbMWQ6pE=,iv:p1wgOGwcfdmvNgwmcSjKZ2c4zpL8138tZ0CD7lgwtZ4=,tag:QKMd/iUZcBrcW5iOsZ/Lbw==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-05-08T00:49:52Z"
|
- created_at: "2023-05-08T00:49:52Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
Loading…
Reference in New Issue