test iso
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
{ inputs, ... }: {
|
||||
|
||||
flake.nixosModules.remoteBuilds = { config, lib, ... }: {
|
||||
flake.nixosModules.sops = { config, lib, ... }: {
|
||||
|
||||
imports = [
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
@@ -55,11 +55,6 @@
|
||||
path = "/etc/ssh/authorized_keys.d/remote-builder";
|
||||
owner = "remote-builder";
|
||||
};
|
||||
|
||||
sops = {
|
||||
age.keyFile = "/var/lib/sops/age/keys.txt";
|
||||
defaultSopsFormat = "yaml";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
21
modules/features/sops.nix
Normal file
21
modules/features/sops.nix
Normal file
@@ -0,0 +1,21 @@
|
||||
{ inputs, ... }: {
|
||||
|
||||
flake.nixosModules.sops = { config, lib, ... }: {
|
||||
|
||||
imports = [
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
];
|
||||
|
||||
config = {
|
||||
|
||||
sops = {
|
||||
age = {
|
||||
keyFile = "/var/lib/sops/age/keys.txt";
|
||||
generateKey = true;
|
||||
};
|
||||
|
||||
defaultSopsFormat = "yaml";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
keys:
|
||||
- &homebox age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
|
||||
- &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
|
||||
- &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
|
||||
creation_rules:
|
||||
- path_regex: ^secrets.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop
|
||||
- *homebox
|
||||
- *android
|
||||
@@ -1,11 +1,8 @@
|
||||
{ self, inputs, ... }: {
|
||||
{ self, ... }: {
|
||||
|
||||
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
|
||||
|
||||
imports = with self.homeModules; [
|
||||
inputs.sops-nix.homeManagerModules.sops
|
||||
|
||||
|
||||
nathan-terminal
|
||||
nathan-mpd
|
||||
nathan-nh
|
||||
@@ -41,35 +38,8 @@
|
||||
iconTheme.name = "rose-pine-moon";
|
||||
};
|
||||
|
||||
sops = {
|
||||
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
defaultSopsFormat = "yaml";
|
||||
|
||||
#secrets."remoteBuildKey" = {};
|
||||
};
|
||||
|
||||
services.mpris-proxy.enable = true;
|
||||
|
||||
programs.ssh = {
|
||||
enable = true;
|
||||
|
||||
matchBlocks = {
|
||||
"builder" = {
|
||||
hostname = "esotericbytes.com";
|
||||
user = "remote-builder";
|
||||
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
|
||||
port = 22;
|
||||
};
|
||||
|
||||
"remote" = {
|
||||
hostname = "esotericbytes.com";
|
||||
user = "nathan";
|
||||
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
|
||||
port = 22;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -4,26 +4,9 @@
|
||||
|
||||
config = {
|
||||
|
||||
sops = {
|
||||
secrets = {
|
||||
"git/username" = {};
|
||||
"git/email" = {};
|
||||
};
|
||||
|
||||
templates.gitconfig.content = ''
|
||||
[user]
|
||||
name = "${config.sops.placeholder."git/username"}"
|
||||
email = "${config.sops.placeholder."git/email"}"
|
||||
'';
|
||||
};
|
||||
|
||||
programs.git = {
|
||||
enable = true;
|
||||
|
||||
includes = [
|
||||
{ path = "${config.sops.templates.gitconfig.path}"; }
|
||||
];
|
||||
|
||||
settings = {
|
||||
init = {
|
||||
defaultBranch = "master";
|
||||
@@ -38,6 +21,11 @@
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
user = {
|
||||
name = "Nathan";
|
||||
email = "nathanblunkall5@gmail.com";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
23
modules/users/nathan/home-manager/features/sops.nix
Normal file
23
modules/users/nathan/home-manager/features/sops.nix
Normal file
@@ -0,0 +1,23 @@
|
||||
{ inputs, ... }: {
|
||||
|
||||
flake.homeModules.nathan-sops = { config, lib, pkgs, ... }: {
|
||||
|
||||
imports = [
|
||||
inputs.sops-nix.homeManagerModules.sops
|
||||
];
|
||||
|
||||
config = {
|
||||
|
||||
sops = {
|
||||
age = {
|
||||
keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
|
||||
generateKey = true;
|
||||
};
|
||||
|
||||
defaultSopsFormat = "yaml";
|
||||
|
||||
#secrets."remoteBuildKey" = {};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,13 +1,15 @@
|
||||
{ ... }: {
|
||||
|
||||
flake.homeModules.nathan-terminal = { ... }: {
|
||||
flake.homeModules.nathan-terminal = { config, ... }: {
|
||||
|
||||
programs.ssh = {
|
||||
|
||||
enable = true;
|
||||
|
||||
# defaults as of 25.11
|
||||
matchBlocks."*" = {
|
||||
enableDefaultConfig = false;
|
||||
|
||||
matchBlocks = {
|
||||
|
||||
"*" = {
|
||||
forwardAgent = false;
|
||||
addKeysToAgent = "no";
|
||||
compression = false;
|
||||
@@ -19,9 +21,21 @@
|
||||
controlPath = "~/.ssh/master-%r@%n:%p";
|
||||
controlPersist = "no";
|
||||
};
|
||||
enableDefaultConfig = false;
|
||||
|
||||
"builder" = {
|
||||
hostname = "esotericbytes.com";
|
||||
user = "remote-builder";
|
||||
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
|
||||
port = 22;
|
||||
};
|
||||
|
||||
"remote" = {
|
||||
hostname = "esotericbytes.com";
|
||||
user = "nathan";
|
||||
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
|
||||
port = 22;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,36 +0,0 @@
|
||||
git:
|
||||
username: ENC[AES256_GCM,data:418z4cCK,iv:tgPmynsW8fEJs6n+OGfm6IypOjNNhVdVaqFImeKXpC4=,tag:V5zI47vb9FnSO/OWurbJ+A==,type:str]
|
||||
email: ENC[AES256_GCM,data:xp6HlIO1pTgvrXpGAOQwl0UvcnY4zrLrmw==,iv:LzGkluWeSe8MQqPXQMnNOv062UY+BkQE1fGjGqd/nCg=,tag:Y9nwo+Hjcg4ea2GxGKWApA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMktJdFhxRjhaT0MyZ0N3
|
||||
YVBMYlNkRnl1eU8zajZLWXRPajZzWDBGQWxVCkhMcEdsNlVKQ1VHR2hjZWdsR1gx
|
||||
MkhCeVZGUDJwdkdDTiswRW40QjRRYWMKLS0tIENIN2pheisyR21YZkIzblVZZ1cw
|
||||
bHpLWEdPdUc4d2ZSS1FjUDM0QWRQUWsKqvlH0oWHH/PhMDTYT5KhCTzaEffsf1jM
|
||||
r0o60YUCe6pUFs0qPvOxEPM3bq+7MkUpH4eXVAw3tCov3nUkmwlVZg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5K3ovcmpPck1reGVPQ0lm
|
||||
YTYvNGtaSk4vLzlYSW0rSkpHcjZWUnBMS2dBCmt3RU1PMkJ1VU5wNUc1NC9lbGFk
|
||||
cjl6cXp6M292enFHckkyamwwaDRia2MKLS0tIGRUTzFGdDZFaS9LdkRjMW56U25B
|
||||
emRDTncvNnlycHF3V2VJN3NlZTNVSjgK8RUx9qImdqjHBHisnwY+qRZ9vuafl3MN
|
||||
jnJsIsKSdF51dWYskEMVnPYwn9HdOKkAh6amwSITcw3ZCcK7ftfT+g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWXVTSVQvNEhsMkQ2QkRl
|
||||
SlZLTWN2eUdMa3MwdTBHZE8vdENKTTRKYVF3Ck01N2VNQUJPeHBwVHZTNWYzbXR5
|
||||
ZS9hUDQydy9nQnR0SVpiUHV6ejhPb0EKLS0tIEZKeXV5QnpZYzBCVDR3WjVSV2Vv
|
||||
TmJkL3VUbTRLNGNISGhFaGpmaXJ1cDAKpiZ8Nfml0KFq46JRg+394BCyZmnpE4XC
|
||||
zqxRrNlGH/EDp00q5/jN84vQA+bOhGHcScQpvRCDKMXehQn3H4jksw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-16T16:08:48Z"
|
||||
mac: ENC[AES256_GCM,data:3/ztJNXhOIPqgQ47QxjM5KTeAJwXPpUuVtvI5/xJsMOOZhXYRt+uhL584F98rJiMHhnbsuGIZi+jGlYRiE6c+GJ9X7TKLj9yRqKvCMSCdWHGzY721GH5kMPcjD2YDYZ4tt+olIMePNJBPjC1XJgfhfOvs43o2HyDTCS95cEQzB4=,iv:qofZBAwxbTrc/hPyuSi8nxibJ0bGhoytZpUTZwwzbuI=,tag:z1SJXutJmlJ+j6RnV4u29Q==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@@ -7,22 +7,15 @@
|
||||
useWith = x: y: (lib.mkIf (builtins.any (z: z == config.networking.hostName) x) y);
|
||||
in {
|
||||
|
||||
imports = [
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
];
|
||||
|
||||
config = {
|
||||
|
||||
sops.secrets."nathan/pass" = {
|
||||
neededForUsers = true;
|
||||
sopsFile = ./secrets.yaml;
|
||||
};
|
||||
|
||||
users.users.nathan = {
|
||||
shell = pkgs.zsh;
|
||||
name = lib.mkDefault "nathan";
|
||||
isNormalUser = lib.mkDefault true;
|
||||
hashedPasswordFile = lib.mkDefault config.sops.secrets."nathan/pass".path;
|
||||
hashedPassword = lib.mkIf
|
||||
(config.users.users.nathan.hashedPasswordFile == null)
|
||||
"$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
|
||||
extraGroups = [ "networkmanager" "docker" "libvirtd" "wheel" ];
|
||||
openssh.authorizedKeys.keys = lib.mkMerge [
|
||||
(useWith (homebox ++ iso) [
|
||||
@@ -52,6 +45,7 @@
|
||||
(useWith (laptop ++ iso) nathan-kitty)
|
||||
(useWith (laptop ++ iso) nathan-scripts)
|
||||
(useWith (laptop ++ iso) nathan-pywal)
|
||||
(useWith (laptop ++ homebox) nathan-sops)
|
||||
|
||||
(useWith laptop {
|
||||
wayland.windowManager.hyprland.extraConfig = ''
|
||||
@@ -64,9 +58,17 @@
|
||||
};
|
||||
};
|
||||
|
||||
flake.homeModules.nathan-standalone = { lib, ... }:
|
||||
flake.homeModules.nathan-sops = { ... }: {
|
||||
imports = [
|
||||
inputs.sops-nix.homeManagerModules.sops
|
||||
];
|
||||
|
||||
{
|
||||
config = {
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
};
|
||||
};
|
||||
|
||||
flake.homeModules.nathan-standalone = { ... }: {
|
||||
|
||||
config = {
|
||||
|
||||
|
||||
19
modules/users/nathan/sops.nix
Normal file
19
modules/users/nathan/sops.nix
Normal file
@@ -0,0 +1,19 @@
|
||||
{ inputs, ... }: {
|
||||
|
||||
flake.nixosModules.sops = { config, lib, ... }: {
|
||||
|
||||
imports = [
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
];
|
||||
|
||||
config = {
|
||||
|
||||
sops.secrets."nathan/pass" = {
|
||||
neededForUsers = true;
|
||||
sopsFile = ./secrets.yaml;
|
||||
};
|
||||
|
||||
users.users.nathan.hashedPasswordFile = lib.mkDefault config.sops.secrets."nathan/pass".path;
|
||||
};
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user