From 6b98345a9793a055be763cc563b7911b9d4a9833 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sun, 31 Aug 2025 14:53:21 -0500 Subject: [PATCH] work on live --- .sops.yaml | 4 ++++ flake.nix | 7 +++++++ home-manager/users/nathan/packages/default.nix | 1 - system-config/configuration/live/default.nix | 9 ++++++++- system-config/configuration/live/secrets.yaml | 17 +++++++++++++++++ 5 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 system-config/configuration/live/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index a25b9e8..0a2ab72 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -15,6 +15,10 @@ creation_rules: key_groups: - age: - *laptop + - path_regex: live/secrets.yaml$ + key_groups: + - age: + - *laptop - path_regex: nathan/secrets.yaml$ key_groups: - age: diff --git a/flake.nix b/flake.nix index 98e895c..3c90ac5 100644 --- a/flake.nix +++ b/flake.nix @@ -92,6 +92,8 @@ specialArgs = { inputs = inputs // { nathan = import ./home-manager/users/nathan; + home-manager-config = import ./home-manager; + inherit self; }; }; modules = [ @@ -104,6 +106,8 @@ specialArgs = { inputs = inputs // { nathan = import ./home-manager/users/nathan; + home-manager-config = import ./home-manager; + inherit self; }; }; modules = [ @@ -116,6 +120,8 @@ specialArgs = { inputs = inputs // { nathan = import ./home-manager/users/nathan; + home-manager-config = import ./home-manager; + inherit self; }; }; modules = [ @@ -130,6 +136,7 @@ inputs = inputs // { nathan = import ./home-manager/users/nathan; home-manager-config = import ./home-manager; + inherit self; }; }; modules = [ diff --git a/home-manager/users/nathan/packages/default.nix b/home-manager/users/nathan/packages/default.nix index 888b980..70caa7e 100644 --- a/home-manager/users/nathan/packages/default.nix +++ b/home-manager/users/nathan/packages/default.nix @@ -24,7 +24,6 @@ home.packages = with pkgs; ([ - inputs.disko.packages.${pkgs.system}.disko inputs.disko.packages.${pkgs.system}.disko-install kjv diff --git a/system-config/configuration/live/default.nix b/system-config/configuration/live/default.nix index f6ef520..d85ad3a 100644 --- a/system-config/configuration/live/default.nix +++ b/system-config/configuration/live/default.nix @@ -49,8 +49,15 @@ ]; }; + sops = { + age.keyFile = "/var/lib/sops/age/keys.txt"; + defaultSopsFile = ./secrets.yaml; + defaultSopsFormat = "yaml"; + #secrets."nathan/pass".neededForUsers = true; + }; + sysconfig = { - remoteBuildClient = true; + #remoteBuildClient = true; host = "live"; graphical = true; users = { diff --git a/system-config/configuration/live/secrets.yaml b/system-config/configuration/live/secrets.yaml new file mode 100644 index 0000000..e18d6b8 --- /dev/null +++ b/system-config/configuration/live/secrets.yaml @@ -0,0 +1,17 @@ +nathan: + pass: ENC[AES256_GCM,data:0hmcbyTLbmadTAMoSeOgBmpqgtCKtfrY1EIxIUoxgo+3297+jZqcsSmhPlFKtbornezm+7uPRzaVRHyp2G0Ee6mG4FbzUfGYFg==,iv:F2aTS/BPPxTemu4vEy9H0FY0HUEBWaRFeaoMr8TJbmA=,tag:Ai90KJluCimR6OG5BtCnVQ==,type:str] +sops: + age: + - recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cUF3YWY2STgwc1pzREJP + QndUajV6WUJFZEdtOGNOQ05Ua1hGM25IbzJJCjF3Z24rc0JwMSt5bnpIVDZ0ZGJG + ZE9LdEU3bXhsMUxEL0hlMTNTc0VkR0kKLS0tIHhWOGJocS94eWJUSXdtaldJSG50 + TjZCN3RneGtJa0hLNU1yTUlLMDJpcEUKNvpcKkNXeRyFsn0CRjSKNb89l1864I6A + Yzijw0c0BVfivhn2wAyq0fYuw2rT+vIJdFUHvIgxkpkZFl4n/RucOQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-31T19:51:15Z" + mac: ENC[AES256_GCM,data:L4SK7iaPX3dPJTyl2RgSuqMcoFRm8q9k64TsroV3tT1uWn0J9XRBj9KXgGj/qLloQkgmZsmtct8w2x5tYYosh5k1+056/DeTD8l/Nw5339qKJppRjg6jYNtw02ZGPSNFQdmGNQU9NOOuT8Q94sl0mphwlYhFV1Tf1r/AoSg1ja8=,iv:/qEVdxOR8CDJ2plE8Ez9ML+u+lKPmsNfV0GyXgBbQRk=,tag:EyjdJzvuHXn+0+5hOk0dVg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2