sops updates
This commit is contained in:
parent
e7900b98a3
commit
1bb5df50df
8 changed files with 24 additions and 51 deletions
|
@ -1,4 +1,4 @@
|
||||||
{ ... }: {
|
{ config, ... }: {
|
||||||
programs.atuin = {
|
programs.atuin = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableBashIntegration = true;
|
enableBashIntegration = true;
|
||||||
|
@ -7,12 +7,13 @@
|
||||||
enableZshIntegration = true;
|
enableZshIntegration = true;
|
||||||
settings = {
|
settings = {
|
||||||
auto_sync = true;
|
auto_sync = true;
|
||||||
sync_frequency = "0";
|
sync_frequency = "1m";
|
||||||
sync_address = "https://atuin.sysctl.io";
|
sync_address = "https://atuin.sysctl.io";
|
||||||
search_mode = "prefix";
|
search_mode = "prefix";
|
||||||
secrets_filter = true;
|
secrets_filter = true;
|
||||||
session_path = "/run/secrets/atuin/session";
|
key_path = config.sops.secrets.atuin_key.path;
|
||||||
key_path = "/run/secrets/atuin/key";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.secrets.atuin_key.sopsFile = ../../../../secrets/secrets.yaml;
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,34 +2,6 @@
|
||||||
# Configure BASH exports
|
# Configure BASH exports
|
||||||
# https://nix-community.github.io/home-manager/options.html
|
# https://nix-community.github.io/home-manager/options.html
|
||||||
|
|
||||||
# https://github.com/justjanne/powerline-go
|
|
||||||
# https://nix-community.github.io/home-manager/options.html#opt-programs.powerline-go.enable
|
|
||||||
programs.powerline-go = {
|
|
||||||
enable = false;
|
|
||||||
# https://github.com/justjanne/powerline-go#customization
|
|
||||||
settings = {
|
|
||||||
hostname-only-if-ssh = true;
|
|
||||||
cwd-max-depth = 2;
|
|
||||||
condensed = false;
|
|
||||||
theme = "default";
|
|
||||||
# valid choices: default, low-contrast, gruvbox, solarized-dark16, solarized-light16
|
|
||||||
# theme = "gruvbox";
|
|
||||||
};
|
|
||||||
modules = [
|
|
||||||
"venv"
|
|
||||||
"user"
|
|
||||||
"host"
|
|
||||||
"ssh"
|
|
||||||
"cwd"
|
|
||||||
"nix-shell"
|
|
||||||
"perms"
|
|
||||||
"git"
|
|
||||||
"docker"
|
|
||||||
"exit"
|
|
||||||
"root"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.bash = {
|
programs.bash = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableCompletion = true;
|
enableCompletion = true;
|
||||||
|
|
|
@ -9,6 +9,9 @@
|
||||||
# Theming
|
# Theming
|
||||||
inputs.stylix.homeManagerModules.stylix
|
inputs.stylix.homeManagerModules.stylix
|
||||||
../stylix
|
../stylix
|
||||||
|
|
||||||
|
# Secrets
|
||||||
|
inputs.sops-nix.homeManagerModules.sops
|
||||||
]
|
]
|
||||||
++ lib.optional (builtins.isString desktop) ./common/software/gui # GUI packages
|
++ lib.optional (builtins.isString desktop) ./common/software/gui # GUI packages
|
||||||
++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop} # Machine-agnostic desktop configs
|
++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop} # Machine-agnostic desktop configs
|
||||||
|
|
|
@ -16,6 +16,9 @@
|
||||||
# Theming
|
# Theming
|
||||||
inputs.stylix.homeManagerModules.stylix
|
inputs.stylix.homeManagerModules.stylix
|
||||||
../stylix
|
../stylix
|
||||||
|
|
||||||
|
# Secrets
|
||||||
|
inputs.sops-nix.homeManagerModules.sops
|
||||||
]
|
]
|
||||||
++ lib.optional (builtins.isString desktop) ./common/software/gui # GUI packages
|
++ lib.optional (builtins.isString desktop) ./common/software/gui # GUI packages
|
||||||
++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop} # Machine-agnostic desktop configs
|
++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop} # Machine-agnostic desktop configs
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }: {
|
{ ... }: {
|
||||||
programs.git = {
|
programs.git = {
|
||||||
userName = "albert";
|
userName = "albert";
|
||||||
userEmail = "albert@sysctl.io";
|
userEmail = "albert@sysctl.io";
|
||||||
|
@ -15,6 +15,13 @@
|
||||||
SOPS_PGP_FP = "D98BBC6C9A27324654C2D8C464F6C4EB46C4543A";
|
SOPS_PGP_FP = "D98BBC6C9A27324654C2D8C464F6C4EB46C4543A";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
gnupg.home = "~/.gnupg/";
|
||||||
|
gnupg.sshKeyPaths = [];
|
||||||
|
# defaultSymlinkPath = "/run/user/1000/secrets";
|
||||||
|
# defaultSecretsMountPoint = "/run/user/1000/secrets.d";
|
||||||
|
};
|
||||||
|
|
||||||
accounts = {
|
accounts = {
|
||||||
email = {
|
email = {
|
||||||
accounts."sysctl" = {
|
accounts."sysctl" = {
|
||||||
|
@ -53,4 +60,4 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
networking.hostName = "nixos-rpi4-img";
|
networking.hostName = "nixos-rpi4-img";
|
||||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
|
||||||
# Allow passworded ssh
|
# Allow passworded ssh for setup
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = false;
|
openFirewall = false;
|
||||||
|
|
|
@ -31,15 +31,4 @@ in {
|
||||||
|
|
||||||
# Make this user trusted
|
# Make this user trusted
|
||||||
nix.settings.trusted-users = [ "albert" ];
|
nix.settings.trusted-users = [ "albert" ];
|
||||||
|
|
||||||
sops.secrets."atuin/key" = {
|
|
||||||
owner = "albert";
|
|
||||||
sopsFile = ../../../secrets/secrets.yaml;
|
|
||||||
};
|
|
||||||
sops.secrets."atuin/session" = {
|
|
||||||
owner = "albert";
|
|
||||||
sopsFile = ../../../secrets/secrets.yaml;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,17 +2,15 @@ services:
|
||||||
promtail: ENC[AES256_GCM,data:NULM4o3ujFnx+/NKjMRQ5bi/nFViSNPjg0bmVlBDSt/1GWwxozHqeFwbbqC+cAOGRZvd3J5daqlB95nsPaBxrw==,iv:o2hvumFBQlkBrBV6qJrt9t3TF8oLiF3dByuILCandwE=,tag:CZbx+Ls5R8yrbBQMs1uewg==,type:str]
|
promtail: ENC[AES256_GCM,data:NULM4o3ujFnx+/NKjMRQ5bi/nFViSNPjg0bmVlBDSt/1GWwxozHqeFwbbqC+cAOGRZvd3J5daqlB95nsPaBxrw==,iv:o2hvumFBQlkBrBV6qJrt9t3TF8oLiF3dByuILCandwE=,tag:CZbx+Ls5R8yrbBQMs1uewg==,type:str]
|
||||||
telegraf: ENC[AES256_GCM,data:o8zXVQ42vV4dDg3rljBE5xmSRQDorj6/CCtzbo6gr+fxnF37MPpH+0MJfQrZEzY=,iv:z2gotp149hfl0mWBhiWWbNtU8v+L6gdv5EqkqgwF9s8=,tag:hkmtMds+iQ97pYwU9QubpQ==,type:str]
|
telegraf: ENC[AES256_GCM,data:o8zXVQ42vV4dDg3rljBE5xmSRQDorj6/CCtzbo6gr+fxnF37MPpH+0MJfQrZEzY=,iv:z2gotp149hfl0mWBhiWWbNtU8v+L6gdv5EqkqgwF9s8=,tag:hkmtMds+iQ97pYwU9QubpQ==,type:str]
|
||||||
forgejo_token: ENC[AES256_GCM,data:vAH8v82+WI/P0HhtLDfrK66B3u2H49XA1AglfL1LthM6Dm+znBlx4QaFmNk3ag==,iv:/jqtUejqNC9f9kXdUqxl1+LaxKsjXSZdU+I0u+ssmdQ=,tag:+2oWh6sgc7R1PXYxIz3oVQ==,type:str]
|
forgejo_token: ENC[AES256_GCM,data:vAH8v82+WI/P0HhtLDfrK66B3u2H49XA1AglfL1LthM6Dm+znBlx4QaFmNk3ag==,iv:/jqtUejqNC9f9kXdUqxl1+LaxKsjXSZdU+I0u+ssmdQ=,tag:+2oWh6sgc7R1PXYxIz3oVQ==,type:str]
|
||||||
atuin:
|
atuin_key: ENC[AES256_GCM,data:pSRdTZG59hGKvG2zj0VU9oudugW7q3qz7JfN0r5Zts6DKB1sTszWKRKTODGdhKsoBs3WIWUfJbi7MixRk7ttrJDySWyFZMPYUDgn3g==,iv:B6/DN/akNliFVAhN4Hwk2BvwVStcbtRHRZi/SUkIEzY=,tag:kOwmgKaCQrGupJBiEWiC0g==,type:str]
|
||||||
session: ENC[AES256_GCM,data:CLsn+XQUurOOB1dWsfrRHeywXA13A59itrBlrJEiWZ0=,iv:33W2RBNk9iV+qvm6+mUE8TBrhxSWswAr8QhTJ0QXgFk=,tag:Sco2pCpo3Wu9/2WdNPVD6A==,type:str]
|
|
||||||
key: ENC[AES256_GCM,data:BOVygUPKXe9fjhULNoz3r6bOzcPtY30ZGWCmzvv9Tyq8iwsdMa5TgZ9z+dDP6huq6LdOHcFdYScDvKZiExFENDx34vdVyfqENRFgYw==,iv:vwbwNy3BKgEZEFRRqyIVffWTJkAAoVtHur5augO18ds=,tag:ZegtmTqOsL0EpV47wxRWVg==,type:str]
|
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age: []
|
age: []
|
||||||
lastmodified: "2024-04-28T07:46:51Z"
|
lastmodified: "2024-04-28T11:40:09Z"
|
||||||
mac: ENC[AES256_GCM,data:Kg+lZaMrtYxmjthnPhtXonGf+EAqVRs+MT5d+bNU99wVItrbj690R8B7vA1hjflwhWN3oeodNUHWHracpMeQ1l2YtQW0jU1fJajoM6p9bDzcpEjw9+/Zjv0UJaiwy8fH4zN1UsfujZVxxXBuG7G7D9/kSPx8ngoRyS9Md/UG+I0=,iv:lTv9WGM/0UEpt4/QV1vYCAOYkdfbLdAa7FLqZ0mAVSA=,tag:c61zoO2oDkjjJsK7WtiWQw==,type:str]
|
mac: ENC[AES256_GCM,data:0nfSYSCUKe4G5977jBuM8eQK531CkoA+rlrWGU6Dy8ukXkDCY3uG7nozKrbWgKFsiK22anfiHedcZbJ10tPvPGJK1WGiY26049cYoaDCCGGeZWS04YhbMomvNDRj2sqnj7NNcveJeLTThSSrkzv1f/KSSlnnuB8V3YjlrdX5D00=,iv:P4b+QtAz5QRwZfSONrg7YV7PhSZuTNrAfDJNxpq4gYk=,tag:JR4FZv8FMFCyHKJ4Pz6i5Q==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-04-28T00:33:16Z"
|
- created_at: "2024-04-28T00:33:16Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
Loading…
Reference in a new issue