sops updates

This commit is contained in:
albert 2024-04-28 21:48:11 +09:00
parent e7900b98a3
commit 1bb5df50df
No known key found for this signature in database
GPG key ID: 64F6C4EB46C4543A
8 changed files with 24 additions and 51 deletions

View file

@ -1,4 +1,4 @@
{ ... }: {
{ config, ... }: {
programs.atuin = {
enable = true;
enableBashIntegration = true;
@ -7,12 +7,13 @@
enableZshIntegration = true;
settings = {
auto_sync = true;
sync_frequency = "0";
sync_frequency = "1m";
sync_address = "https://atuin.sysctl.io";
search_mode = "prefix";
secrets_filter = true;
session_path = "/run/secrets/atuin/session";
key_path = "/run/secrets/atuin/key";
key_path = config.sops.secrets.atuin_key.path;
};
};
sops.secrets.atuin_key.sopsFile = ../../../../secrets/secrets.yaml;
}

View file

@ -2,34 +2,6 @@
# Configure BASH exports
# https://nix-community.github.io/home-manager/options.html
# https://github.com/justjanne/powerline-go
# https://nix-community.github.io/home-manager/options.html#opt-programs.powerline-go.enable
programs.powerline-go = {
enable = false;
# https://github.com/justjanne/powerline-go#customization
settings = {
hostname-only-if-ssh = true;
cwd-max-depth = 2;
condensed = false;
theme = "default";
# valid choices: default, low-contrast, gruvbox, solarized-dark16, solarized-light16
# theme = "gruvbox";
};
modules = [
"venv"
"user"
"host"
"ssh"
"cwd"
"nix-shell"
"perms"
"git"
"docker"
"exit"
"root"
];
};
programs.bash = {
enable = true;
enableCompletion = true;

View file

@ -9,6 +9,9 @@
# Theming
inputs.stylix.homeManagerModules.stylix
../stylix
# Secrets
inputs.sops-nix.homeManagerModules.sops
]
++ lib.optional (builtins.isString desktop) ./common/software/gui # GUI packages
++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop} # Machine-agnostic desktop configs

View file

@ -16,6 +16,9 @@
# Theming
inputs.stylix.homeManagerModules.stylix
../stylix
# Secrets
inputs.sops-nix.homeManagerModules.sops
]
++ lib.optional (builtins.isString desktop) ./common/software/gui # GUI packages
++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop} # Machine-agnostic desktop configs

View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }: {
{ ... }: {
programs.git = {
userName = "albert";
userEmail = "albert@sysctl.io";
@ -15,6 +15,13 @@
SOPS_PGP_FP = "D98BBC6C9A27324654C2D8C464F6C4EB46C4543A";
};
sops = {
gnupg.home = "~/.gnupg/";
gnupg.sshKeyPaths = [];
# defaultSymlinkPath = "/run/user/1000/secrets";
# defaultSecretsMountPoint = "/run/user/1000/secrets.d";
};
accounts = {
email = {
accounts."sysctl" = {
@ -53,4 +60,4 @@
};
};
};
}
}

View file

@ -6,7 +6,7 @@
networking.hostName = "nixos-rpi4-img";
networking.firewall.allowedTCPPorts = [ 22 ];
# Allow passworded ssh
# Allow passworded ssh for setup
services.openssh = {
enable = true;
openFirewall = false;

View file

@ -31,15 +31,4 @@ in {
# Make this user trusted
nix.settings.trusted-users = [ "albert" ];
sops.secrets."atuin/key" = {
owner = "albert";
sopsFile = ../../../secrets/secrets.yaml;
};
sops.secrets."atuin/session" = {
owner = "albert";
sopsFile = ../../../secrets/secrets.yaml;
};
}

View file

@ -2,17 +2,15 @@ services:
promtail: ENC[AES256_GCM,data:NULM4o3ujFnx+/NKjMRQ5bi/nFViSNPjg0bmVlBDSt/1GWwxozHqeFwbbqC+cAOGRZvd3J5daqlB95nsPaBxrw==,iv:o2hvumFBQlkBrBV6qJrt9t3TF8oLiF3dByuILCandwE=,tag:CZbx+Ls5R8yrbBQMs1uewg==,type:str]
telegraf: ENC[AES256_GCM,data:o8zXVQ42vV4dDg3rljBE5xmSRQDorj6/CCtzbo6gr+fxnF37MPpH+0MJfQrZEzY=,iv:z2gotp149hfl0mWBhiWWbNtU8v+L6gdv5EqkqgwF9s8=,tag:hkmtMds+iQ97pYwU9QubpQ==,type:str]
forgejo_token: ENC[AES256_GCM,data:vAH8v82+WI/P0HhtLDfrK66B3u2H49XA1AglfL1LthM6Dm+znBlx4QaFmNk3ag==,iv:/jqtUejqNC9f9kXdUqxl1+LaxKsjXSZdU+I0u+ssmdQ=,tag:+2oWh6sgc7R1PXYxIz3oVQ==,type:str]
atuin:
session: ENC[AES256_GCM,data:CLsn+XQUurOOB1dWsfrRHeywXA13A59itrBlrJEiWZ0=,iv:33W2RBNk9iV+qvm6+mUE8TBrhxSWswAr8QhTJ0QXgFk=,tag:Sco2pCpo3Wu9/2WdNPVD6A==,type:str]
key: ENC[AES256_GCM,data:BOVygUPKXe9fjhULNoz3r6bOzcPtY30ZGWCmzvv9Tyq8iwsdMa5TgZ9z+dDP6huq6LdOHcFdYScDvKZiExFENDx34vdVyfqENRFgYw==,iv:vwbwNy3BKgEZEFRRqyIVffWTJkAAoVtHur5augO18ds=,tag:ZegtmTqOsL0EpV47wxRWVg==,type:str]
atuin_key: ENC[AES256_GCM,data:pSRdTZG59hGKvG2zj0VU9oudugW7q3qz7JfN0r5Zts6DKB1sTszWKRKTODGdhKsoBs3WIWUfJbi7MixRk7ttrJDySWyFZMPYUDgn3g==,iv:B6/DN/akNliFVAhN4Hwk2BvwVStcbtRHRZi/SUkIEzY=,tag:kOwmgKaCQrGupJBiEWiC0g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-04-28T07:46:51Z"
mac: ENC[AES256_GCM,data:Kg+lZaMrtYxmjthnPhtXonGf+EAqVRs+MT5d+bNU99wVItrbj690R8B7vA1hjflwhWN3oeodNUHWHracpMeQ1l2YtQW0jU1fJajoM6p9bDzcpEjw9+/Zjv0UJaiwy8fH4zN1UsfujZVxxXBuG7G7D9/kSPx8ngoRyS9Md/UG+I0=,iv:lTv9WGM/0UEpt4/QV1vYCAOYkdfbLdAa7FLqZ0mAVSA=,tag:c61zoO2oDkjjJsK7WtiWQw==,type:str]
lastmodified: "2024-04-28T11:40:09Z"
mac: ENC[AES256_GCM,data:0nfSYSCUKe4G5977jBuM8eQK531CkoA+rlrWGU6Dy8ukXkDCY3uG7nozKrbWgKFsiK22anfiHedcZbJ10tPvPGJK1WGiY26049cYoaDCCGGeZWS04YhbMomvNDRj2sqnj7NNcveJeLTThSSrkzv1f/KSSlnnuB8V3YjlrdX5D00=,iv:P4b+QtAz5QRwZfSONrg7YV7PhSZuTNrAfDJNxpq4gYk=,tag:JR4FZv8FMFCyHKJ4Pz6i5Q==,type:str]
pgp:
- created_at: "2024-04-28T00:33:16Z"
enc: |-