diff --git a/home-manager/bash.nix b/home-manager/bash.nix index c4890878..d13c22ee 100644 --- a/home-manager/bash.nix +++ b/home-manager/bash.nix @@ -10,6 +10,10 @@ enable = true; enableCompletion = true; bashrcExtra = '' + sops-edit() { + nix-shell -p sops --run "sops $1" + } + nix-clean-all() { nix-channel --update nix-env -u --always diff --git a/home-manager/shell.nix b/home-manager/shell.nix new file mode 100644 index 00000000..66b6fe17 --- /dev/null +++ b/home-manager/shell.nix @@ -0,0 +1,37 @@ +# shell.nix +with import {}; +let + sops-nix = builtins.fetchTarball { + url = "https://github.com/Mic92/sops-nix/archive/master.tar.gz"; + }; +in +mkShell { + # imports all files ending in .asc/.gpg + sopsPGPKeyDirs = [ + "${toString ./.}/keys/hosts" + "${toString ./.}/keys/users" + ]; + # Also single files can be imported. + #sopsPGPKeys = [ + # "${toString ./.}/keys/users/mic92.asc" + # "${toString ./.}/keys/hosts/server01.asc" + #]; + + # This hook can also import gpg keys into its own seperate + # gpg keyring instead of using the default one. This allows + # to isolate otherwise unrelated server keys from the user gpg keychain. + # By uncommenting the following lines, it will set GNUPGHOME + # to .git/gnupg. + # Storing it inside .git prevents accedentially commiting private keys. + # After setting this option you will also need to import your own + # private key into keyring, i.e. using a a command like this + # (replacing 0000000000000000000000000000000000000000 with your fingerprint) + # $ (unset GNUPGHOME; gpg --armor --export-secret-key 0000000000000000000000000000000000000000) | gpg --import + #sopsCreateGPGHome = true; + # To use a different directory for gpg dirs set sopsGPGHome + #sopsGPGHome = "${toString ./.}/../gnupg"; + + nativeBuildInputs = [ + (pkgs.callPackage sops-nix {}).sops-import-keys-hook + ]; +} \ No newline at end of file diff --git a/keys/machines/nixos-laptop.asc b/keys/machines/nixos-laptop.asc index bb8e6b52..01a62648 100644 --- a/keys/machines/nixos-laptop.asc +++ b/keys/machines/nixos-laptop.asc @@ -1,30 +1,28 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Comment: A20F 7BD3 9673 AEA2 E929 3E35 4E71 A215 3513 42A6 -Comment: nixos-laptop -xsFNBAAAAAABEADOHuEyjp0I7RgvVmmijYMW1DS6+sGpfIZH9Emte2nQ4RmzJ4hy -lN6ib8/FN2ywkl0pYhXIcAimuyqI48nV+f16ckjKNpZZH/0xgRYhmARen/behOeH -BTUyaY44Of/hzOFaIceQfXy8oRpFd6tnhzeHrMFu56bnAbbcCdQYCqtgcS37v4tv -cdXZPgcQeRNUC74ml+jO/rNxpxHW8waSI0qr6+UbQ7pe9PzVZVuBdPGjwHCM3O8S -gytAKyIMSfSa0lej43FESUrdjxsuAtOsJPjibeoAC4nas+oagq8DpYnhRkx0kbvY -P8s/FRty1yFw3Fke4QHX1TTDXU4rffayu9koYsdCpxGljOn/8IiuXcQWAf/cQIcq -nI4DAh3mIQWa7O2xnHw2K3iRxBxz7MhtyqR+yK7uRi2QYWmARumsSl7RT6hbYCxy -pbhdauhHYl1wulmn0h2HYpNeU127LFm0wGHDckqWLvlk/GTDv/+NOM2z92PbCX9A -Af73oy8ZT6m5zE6hBWcWtviPBvaW21+2CeZ3wbUAEgsdTARDQxSG8M8EJfr2McIT -3gyhiCQA//yBZOnDsk79SQXz4SgX6Bc3Mk6fxt2qhWewnebteDje6GGuFReWnvuW -jOwrIdJeVxMliD2qjX9yrv5fpN+aWM12nb35/k4atUh5Ou8fmNkl1KnG7wARAQAB +xsFNBAAAAAABEACuO/0sMege8N4c08GCN2b1UyMVm9Qcn5gr7lT3szNvMX3IvM1O +nluIr8mOHxKv5En0XOWEV1dOSauJ0eOhucFvt4w5ReKO24k8ng6vfxK3EktSnBd9 +Xly+CBvXxA9Mq4Te4MMvnI7Zv9qW6Gy0XjEly+rAS4Pk+BzZVjRNmZ04uLsXPQO6 +xGtANzvDQdT5IQT9n71vOYNyMYBDdAOnOJJcKbLBlq2sMiO+iq0qGk/cahKRWN0l +kRxJQnTjlZhwIsrANxOBVgkkVeG1K22lL72+Ju+2DR1Vccx1xsZQmSM7TJAvsQ7r +4Yw2KqqYcWCcYr/lQmKj8QM4mVpA73yKS4SBdSdkPHwa6fowQp3QRaZNt3hyTOYU +iBDcTojphL2yVK+QIpQyFdplDvBvzTR6W+mMOvYbie7JwaO8agb6TQ3+s7DrOhmv +7zE+8fDHjLcLf6DVaGLkl3J9tg6Ks85/2PvAbsCxjPMh90BpikK1f7oFSb+/yHrG +y1q0ii7wviIQZzrbazW7GToxAeorjUjh3SNqtmPI4jAGjJS+Sj4YBNfUvCsqOzB5 +vTGe960atUkvrX/lbKdzPi8NM6JGIPO1QCKvAY1xgR1UoIj9fF/nrd4HutCMr9lY +AjyzsCtuB40aGmTYlEgLuWOp8JCGsnZYhlmk6QmNUSswXpTrto/xiS4PkwARAQAB zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT -AQgAFgUCAAAAAAkQTnGiFTUTQqYCGw8CGQEAACQLEAA3GUIH8GjssDr0a5PJ4BpJ -8K9jzT24Yo0vegyhWdH3Y6XRsOqHEBHe5M2u4dgAt3H48o3ac0PhPqaUvMRqrM6X -qrq3CkIX2wzDc5XqSzyjBGTjAf+LUU6o+IU/bJuqJLnLWjZTLxQ53l3UCBYhSj1+ -93dR/0Ffy+cbMDJV1d02Bhlt2qND9WYz/tlMkf4mlMqYFqq8Qs26iuNnlD1nCn+I -cTQ2zHy4tjxgnTBQcSaNjviMF0OJI30OLbaQWu7LUYRAPG1NyObLfuU+1amz4YRd -pU/LakEcXxEV5o37mUWFc7yktItM2XWnr87M+8fr/2EgrVN36nKw0NeQY5hgcfWw -y/rnE7MGPdepU+HmqQgFsRTyGAy0erPqwvsm4mZ5x1bfVNE6DpAXaaHNhmNAgyfj -AB5/deHtnnCDoCOv8po3K5kDpIDEVcBg8NKPYrsuTdoad9jGogTLYMdN+WkbUJ/A -l4kB7e1yPUh2jQ2XuQjHJUkoFUTZ2KW/vOk5UTRUNY2hta4uDB7NQB7byrlWIwZ8 -1iwiZXxlf4vFMd3mQUVWwS2LkbC2MhHPUed4R2uCLszGkXrkEREwBUlRBM+/nkxU -O9ILXbOuaBWYv8iOhRyyvImWuq94sy5xHCXxhOg0TcoDLh6/rBMztZYRpdqIxCRU -KudAkJ6XaiMqaPE/hs+6qw== -=Jg5R +AQgAFgUCAAAAAAkQmWI2lXyIcWgCGw8CGQEAAJXPEAAIcePUuNMdkDBa2Fhtagpl +tKF/6lJo+TlXW41+O4AqWrkTZWbII5pi7Mx4WEraRQyx1vpGzktySvsgomM8ngkZ +wNuWX0XKQW8WHBfQCqSRgXZXVF20KjTy7GWXW4b4cbb29fKs5Qx3Pl+lwwA0wlLD +QwJBbtZr9ZnIvksCjr3RGweqdcejAkUWJXPkC11I6GZtsWZeN+2wklDKUeSCAjVx ++tmmlP3IAXZtBaV7WyNuBoIkAPnxvP6IFnp3YdtQC/L/yTGEZkXoiJAZ6LEPG0Cd +BS8hB9C2+pA78IOd4tbCNsI7hVBV/VfoxLQGDCyXjHovGU9CKkYo9DL9r5au6f6k +YOqlgEHnF5lkyLD3N1QdOrUIAKQrp9C0BirgU/ntaSuB5WjFsRuJUMxYPs5VOFU5 +/zyt1+rkrJB34m9cViifDIakeCIyF8V4/ksXH2GBEag3HQzUc8zXUrZpY4PZHShN +VWt1fjJ7BnVdbhJVLlHXF84A23EkcXieW+I1PwIRtnE6oyZEla9JXRZd/dxHd6W7 +EOkNRV62Y6V2FOd3t1DV3xQoZWZuYnFWiW47N3gzcoZ4hXzNxFYlyiD2GEhUgrAg +/Ib2VnHKkF0Rq0Dso67OcJX38+Q3BfKbGJj2TZw2uey/dJiuIx1LXsaHP3SYjxs/ +PwBtTGrZ9h1Hi57KNlTwTw== +=ckFg -----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file