From 2fc3e68688986517cd24b439126f6312527bc03b Mon Sep 17 00:00:00 2001 From: sadan <117494111+sadan4@users.noreply.github.com> Date: Mon, 27 May 2024 22:37:25 -0400 Subject: [PATCH] a --- boxes/desktop/home.nix | 3 ++ boxes/wsl/home.nix | 5 +++ common/files.nix | 83 ++++++++++++++++++++++-------------------- common/sops.nix | 10 +++++ secrets/hosts | 28 ++++++++++++++ 5 files changed, 89 insertions(+), 40 deletions(-) create mode 100644 common/sops.nix create mode 100644 secrets/hosts diff --git a/boxes/desktop/home.nix b/boxes/desktop/home.nix index be5ce21..d559ae5 100644 --- a/boxes/desktop/home.nix +++ b/boxes/desktop/home.nix @@ -15,6 +15,9 @@ let in { +imports = [ + inputs.sops-nix.homeManagerModules.sops +] programs.zsh.enable = true; programs.zsh.oh-my-zsh.enable = true; programs.zsh.initExtra = builtins.trace _z1 _z1; diff --git a/boxes/wsl/home.nix b/boxes/wsl/home.nix index 3b06acd..4d58856 100644 --- a/boxes/wsl/home.nix +++ b/boxes/wsl/home.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, inputs, ... }: let + _s1 = import ../../common/sops.nix {inherit configl; }; files = import ../../common/files.nix { inherit config; }; shell = import ../../common/shell.nix { inherit config pkgs; }; p = import ../../common/pkgs.nix { inherit pkgs config; }; @@ -15,6 +16,10 @@ let in { +imports = [ + inputs.sops-nix.homeManagerModules.sops +]; +sops = _s1; programs.zsh.enable = true; programs.zsh.oh-my-zsh.enable = true; programs.zsh.initExtra = builtins.trace _z1 _z1; diff --git a/common/files.nix b/common/files.nix index 3e331c1..21f83bc 100644 --- a/common/files.nix +++ b/common/files.nix @@ -1,46 +1,49 @@ { config }: rec{ - kitty = { - recursive = true; - source = ../dotfiles/kitty; - target = "./.config/kitty"; - }; - eslint_d_config = { - source = ../dotfiles/eslintrc.json; - target = "./.config/.eslintrc.json"; - }; - gh = { - recursive = true; - source = ../dotfiles/gh; - target = "./.config/gh"; - }; - btop = { - recursive = true; - source = ../dotfiles/btop; - target = "./.config/btop"; - }; - nvim = { - recursive = true; - source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos/dotfiles/nvim"; - target = "./.config/nvim"; - }; - p10k = { - recursive = true; - source = ../dotfiles/.p10k.zsh; - target = ".p10k.zsh"; - }; - rofi = { + kitty = { + recursive = true; + source = ../dotfiles/kitty; + target = "./.config/kitty"; + }; + eslint_d_config = { + source = ../dotfiles/eslintrc.json; + target = "./.config/.eslintrc.json"; + }; + gh = { + source = ../dotfiles/gh/config.yml; + target = "./.config/gh/config.yml"; + }; + gh_auth = { + source = config.sops.hosts.path; + target = "./.config/gh/hosts.yml" + } + btop = { + recursive = true; + source = ../dotfiles/btop; + target = "./.config/btop"; + }; + nvim = { + recursive = true; + source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos/dotfiles/nvim"; + target = "./.config/nvim"; + }; + p10k = { + recursive = true; + source = ../dotfiles/.p10k.zsh; + target = ".p10k.zsh"; + }; + rofi = { recursive = true; source = ../dotfiles/rofi; target = "./.config/rofi"; - }; - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; + }; + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; } diff --git a/common/sops.nix b/common/sops.nix new file mode 100644 index 0000000..7cb7d2e --- /dev/null +++ b/common/sops.nix @@ -0,0 +1,10 @@ +{ config }: +{ + age.keyFile = "/home${config.home.username}/.config/sops/age/keys.txt"; + defaultSopsFile = ../../secrets.yaml; + secrets.hosts = { + format = "binary"; + sopsFile = ../../secrets/hosts; + owner = "${config.home.username}" + }; + } diff --git a/secrets/hosts b/secrets/hosts new file mode 100644 index 0000000..42962bd --- /dev/null +++ b/secrets/hosts @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:90aRKN1foxr77gsPKWqjlk0GU0QnQIPdHNyfdUhjp5Ws7+5QoR0QHSLfWKM9iFU9Ee5UZrSX2z24hY7pbTMOubRf5zQmNEK+phT98m8PqHxrdxctRSHKgklLdAiGH03yM41ZsCoRpMW3nnHbJh6UhyHiwxMTGJg/2XlueEVYlh1vla0hsaFlw3XF2mEzcGNO9HghfthGg0XMsDm7qriyhd2VjWfI/DbFqQDvr2YMsC1mTYcorL5bo0dkjOZ1pR6rQA==,iv:8ntUEwOB9m+OxfKY2/oOqjS3YkcEirJgaD7ropcQzTU=,tag:cgN+e7OGVtvwC8mDBy2YJw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1xsuyaeehzv4ar4f6xpc6tfp9pttzjf7qdyl3x2tj42vjc8szlqpq834e3d", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWGczdExuSk10K2x6Qkhv\ndlhqeGwrMjJUdTRYUjNvcmMvVjZBanE5bFhvCnIxdy9OWEZ5YVZ1b1JPaEVoRjlQ\nS2tTekdZVk1XV2o0TmdwbXFvTTU0QmcKLS0tIHEyUldoaUNXV0xuTjlqd3FiaC81\nT002TGZuOUFYOWtJNHQ5VEZxRGdGZ1EKfn6ogFhUJTPOWa9pwTrQDBly1A30JppY\n164UbgNlIx+muZqkm3l+RMUx41hzIA8JwdW/yDlhFM8pl9tR3y10FQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tq8zaaqe8t4u2jgyf7usngtzyql0ymyxq6hntmu04vt5ypwhxensmzynhl", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrN002bTJUcmt2TVNXR1Vu\nOElRLzdpdGU0c1daTjlEZlpXbXlnYTNNQ3hVCjdKcWR4UndSdUF3YnA0a1RKUy9m\ncEEyT3p4K3orNGhOT0RBa00yQS8vSW8KLS0tIElQMXdQMXdEelFPSlU3NENubVZE\nOTI5bmFFK0xUS0ZEMWtUZDloQTdOVFUKbgTzgiNPT+QXLXjNlBGK/XQFx9Ox8Bos\nTLUkJ23rsk+LMPWSO4Flpv+5ce/G2YQFV6SXlpFSYlNJlSxU2mZtWw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1cz006hex596lmj88kkhrkvq89luqk59hxuq83q4kvhz82ltwpe4ss8gm3t", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRy9UZjRCaGlOUjVtTnZI\nV3VtdWwwbzQxaDhIVUN3cVF5OEUyVm8reUF3Cjh6bFVDY3ZZUWVvQ1h0QTFEU08r\nZ2tJN3ZrVisyQmpIcnoxZGdjcWcwbDAKLS0tIGNlbTc1QUJiWHU5bnhJKzRYTDVJ\nR1lrWlVmSkJJS2dZQlFTRWloN05mK2MKGVyjmdWFtCfR0AlnH8SaDdtHXlGsVleG\nRkHDFvAN2Y62S45w5l9d66J5WykSCmgQB2TNuzlYKNAsCwTbzaBBDg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-05-28T02:14:52Z", + "mac": "ENC[AES256_GCM,data:B/Jj1zszWdqX1xAABaKg/j39CwQtTXh5fh43eT1vMCk/spHXJhhZc6kdIP1Ll0xGXQobxF/fRtL5EVz2/3qz8Hi/XfTXeNZRIq4d6mhuL5SoSJfgo9NynaLu9of4zYpWJobIWFAnv/wZRq9swKUEypkGvqBzx/CmSvOsxw6EMWQ=,iv:NPFEhI6Z2rFz1cXRacj91NIdi07S/lyRyEIsVfloZpQ=,tag:Q7vEyQh933/HO3bowqKfZA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file