materus
/
nixos-config
mirror of https://github.com/materusPL/nixos-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

materusPC: prepare sops

This commit is contained in:
Mateusz Słodkowicz 2024-03-02 22:36:43 +01:00
parent c5a5265557
commit 8218e3e8cb
Signed by: materus
GPG Key ID: 28D140BCA60B4FD1
7 changed files with 69 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
private/** filter=git-crypt diff=git-crypt

2
configurations/home/genHomes.nix
View File

@ -20,6 +20,7 @@ let
../host/${host}/extraHome.nix
profiles.homeProfile
inputs.private.homeModule
materusFlake.nixosConfigurations.${host}.materusCfg.configInputs.sops-nix.homeManagerModules.sops
];
};
}]
@ -46,6 +47,7 @@ let
./${username}
profiles.homeProfile
inputs.private.homeModule
materusCfg.configInputs.sops-nix.homeManagerModules.sops
];
};
};

1
configurations/host/default.nix
View File

@ -25,6 +25,7 @@ let
./${host}
inputs.private.systemModule
profiles.osProfile
materusCfg.configInputs.sops-nix.nixosModules.sops
] ++ extraModules;
}) // { inherit materusCfg; };
in

2
configurations/host/materusPC/default.nix
View File

@ -5,6 +5,7 @@
./hardware
./vm
./secrets
./scripts.nix
./tmp.nix
@ -13,6 +14,7 @@
./kde.nix
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
system.copySystemConfiguration = false;
system.stateVersion = "23.05";

27
configurations/host/materusPC/secrets/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, pkgs, lib, ... }:
{
imports =
[
];
sops.age.keyFile = "/materus/root/age.key";
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [];
sops.secrets.users.materus = {
format = "json";
sopsFile = ./users.json;
};
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}

7
configurations/host/materusPC/secrets/private/default.nix Normal file
View File

@ -0,0 +1,7 @@
{ config, pkgs, lib, ... }:
{
imports =
[
];
}

29
configurations/host/materusPC/secrets/users.json Normal file
View File

@ -0,0 +1,29 @@
{
"users": {
"materus": "ENC[AES256_GCM,data:rB089alZTUAB24VX76vg7dOdQdWa12/rVXdSKNj80TTQhXu1Alw1l697BbzuOwlkcj+OaeV+cU+rPgXPIPVjnQlyHJNNC9VPUg==,iv:uWjjrvnwEZERsJDw6bAe3qcHO5zl6bCK9rv4MZbXCnU=,tag:QvMjcefg2xHsfXdJs5KguQ==,type:str]",
"root": "ENC[AES256_GCM,data:sbq8UeP6QmJ7gRa8RlL4/upy1y5RhWRrU+THCs1Sdc1vZy6s7pJThZeT/GEe9WNYFvbRjgTorkaKpTBp2Xar/fW52EuqSM+P0Q==,iv:Hm//gIpCqYA9aemq4VAly31U9niy/xYYrTghlBbXKSc=,tag:J8VT7nFRrTOHA8wIlOUw+g==,type:str]"
},
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1fq9ckkwtgvm69w045rf9pgurnhch6ukdxejr8yxgrthn7j8vp48qvd9rkx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2a21FTnMwM3JIZmhWSExI\naUJXVUZVVDZ4VFRXTXJ6R0hKY1VkZWQwejJNClB1NS9vWXRrendOSmpobjZ6ZGJv\na2cwR2lNcm96aEtjMktpWmUwZTdxWEUKLS0tIDF4b2tyQ24yMVQ1citpdDZUMUt5\nRGZIV3ZaakY3aDFjek9Hdklpb01IaTAKGwMh6ZPBRnBRTzMzYM2qfgqPcDhxcdnB\nVI3v6eQMpJcqfKg8t2RtPoS0sXItEIGb22O1cqv7lqsDNFTfJFsKcQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-03-02T21:30:11Z",
"mac": "ENC[AES256_GCM,data:k1L4cZJD+o8oxCxD0DaF7596Oca4npFQSKKG7XQzkLJdCEyq1u51waCXcOn976lipgCPrgPlnc1Ad8QpRjvkROaUjFVq3NH/dUtEQa+haWHTQC58kVJU+hzE8NPv6fId+m5z1nu4KRhHoFoMOtuiXc/XLR8yLejIg17d+ncKokA=,iv:YOiwx2NX/piw43E74B/kWwr+zw02DLqiOxe5vVgK0gI=,tag:TdEHcJmwNMTos9T/tpT1pQ==,type:str]",
"pgp": [
{
"created_at": "2024-03-02T20:47:34Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D5fSX77p80GYSAQdA12LSQRZXdxMZVUaMilMqDfY2f9Zx25S5wxsvg4HirjEw\nI2SIG1eW6MZaeFqJc3rEHEx6SY0igFy+gpwWr6KugBTdJmXVJgh6aG5fsv7z00Rx\n1GYBCQIQ1hXRnsn6UsaNcFaqv1WCsIc+h5WLIFZeB3Jrwdzy8YeVv8WYkNlbrni8\nihQnWhOwWfzjOYpmee1goRAqKBrbqHBouJwZJH6V7ZGUDfOMU63gvpmdKhUu2ML6\nw7swxzkrglo=\n=g87z\n-----END PGP MESSAGE-----",
"fp": "28D140BCA60B4FD1"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}