Testing sops
This commit is contained in:
parent
ef4b12b618
commit
ed7c6f1075
7 changed files with 122 additions and 5 deletions
7
.sops.yaml
Normal file
7
.sops.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
keys:
|
||||
- &albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *albert
|
|
@ -25,7 +25,7 @@ Repo for nix configuration files
|
|||
# Theming
|
||||
* To change system-wide themes, you need to change the following:
|
||||
1. `desktops/gnome.nix` - Change the imports at the bottom.
|
||||
2. `users/albert/dconf.nix` - Change the theme variants in the following:
|
||||
2. `users/albert/gnome-dconf.nix` - Change the theme variants in the following:
|
||||
* `org/gnome/shell/extensions/nightthemeswitcher/gtk-variants`
|
||||
* `org/gnome/shell/extensions/nightthemeswitcher/icon-variants`
|
||||
* `org/gnome/shell/extensions/nightthemeswitcher/shell-variants`
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
lanzaboote.inputs.nixpkgs.follows = "stable-nixpkgs";
|
||||
|
||||
# Firefox Overlay
|
||||
moz_overlay.url = "github:mozilla/nixpkgs-mozilla";
|
||||
# moz_overlay.url = "github:mozilla/nixpkgs-mozilla";
|
||||
|
||||
# Nix User Repository
|
||||
nur.url = "github:nix-community/NUR";
|
||||
|
@ -70,7 +70,7 @@
|
|||
home-manager.users.albert = import ./users/albert/home.nix;
|
||||
home-manager.users.root = import ./users/root/home.nix;
|
||||
nixpkgs.overlays = [
|
||||
moz_overlay.overlay
|
||||
# moz_overlay.overlay
|
||||
nur.overlay
|
||||
];
|
||||
}
|
||||
|
|
73
keys/users/albert.gpg
Normal file
73
keys/users/albert.gpg
Normal file
|
@ -0,0 +1,73 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGEuKeIBEACiklPWFZHWa07mRjBn0Xg8lcH4OxS8eOHilaEi/h87L6lD+HHp
|
||||
NMkXvuKIH8KxlA662vJqEubH7w8OdMXmO4HrJYvVGGin7naAZZBV2HKx5Aj2flEY
|
||||
dmQi0j7S79nGXJaa4tZsnkSHHifdmItQThQbAZY+MGEeLqHdoac64EHjscTjO/uy
|
||||
/HwrY7sCqaH7tQet/HNp3KHNSR8vVYi8pAhhEnlVUEafSTmGLF8Ec6hX/zW0DBDB
|
||||
LwPTUKnRJH2jxKXLC+IABw2P5JxPi09kyJqv8F841lsPMwL+SSRSjrJ10WKRMh6S
|
||||
fa1u2VNhaOk2Te88c/aQpet3Ed9Qq/SdtSTnc6g/cHoIxJyIZghzDLBNahLMJmMH
|
||||
QwR9RmZV2a1axvqIeVZ7Y27IKYBM1jmBPKA41edvnq5yV1MgKFyYsLBvixp5JXDB
|
||||
6LVrTiR0cItHezyVzbpLp5cmgc3Oo+ntXO8nKswYqb3R9PrtJMpWHW/BMdQg7vhD
|
||||
DKbXk+mjn+dT+CpDuanyPjhqk2x5LLCAzSCCnbvFlj5ooBMebzwtV1kv7UGaDpLm
|
||||
Kiyo6zvGlKDMnGCVWwkoyp6fpYFCGQKK2MDmZET67tfReADG796T4KiQGqj5Km/q
|
||||
LOX49z48c8eEHIPerfmDyGBQRaW84dqadRqNQ5IVlp4VyiojARv89vecFQARAQAB
|
||||
tCVBbGJlcnQgSi4gQ29wZWxhbmQgPGFsYmVydEBzeXNjdGwuaW8+iQIwBBMBCgAa
|
||||
BAsJCAcCFQoCFgECGQEFgmEuKeICngECmwMACgkQZPbE60bEVDoTuxAAoLUULaXd
|
||||
00PfDAL7S1sFlaIcXcLJXFSMo1BtrpNgZePgYBv09eRwQPJ2zkUcxGspvmuGPRWY
|
||||
DKgfI50OygLoEdAQaOKQUTv8ZtWl+Ji7Xp1N1X+teZ2aN3oDeOBvpDmOVhIDanGK
|
||||
rUCrU7MsCNXFh3GmHKdoKRMiz7YCBDctfcdVUuSSgzZmmliDFw5Llx25eX2La72Y
|
||||
5pTsxIYTRSvrYHZiyUpmvu3fh8YP3+ZYmOHY73G8Jk88EFIZgEEZLGxWjUFt39Ng
|
||||
b5dBgGmN6mYY1lvy6EDLyEapjSJolsMRMRN55Xpe0+SwGUpvj17RO5Quk8ccuJB9
|
||||
6WTvJFYUxtiJ4GGm0HS9OWkrsQKGAHLxDuB+FpvbbwKkV4iSia1tEOhAdp3DD+lm
|
||||
eaUV+WCqe2H2sz0cwVEQHjo2jxe955ycnXlsSqSRZz/jFP3nE0VH0zvSF2XtLLbq
|
||||
18fqH0wduoe+zVViG18g/bNfVJ9cy7M2xZdjHFT9gV++VwvMybfQ7Otwi/aJ1LGF
|
||||
M29eWMGTS4XaE1I/LPSqsu5mettJ7/uiCLeGhc/j1qTKb4A0dKEab+ScULDsQSek
|
||||
bl/Ea7H5lUGlbllH3PgiMtocGZccmGfk5qyyK24W4r2vAGrTM3M3QWhc9Tk1bwCT
|
||||
wLWkivpkaAFtQ0upA9a6M+NsukAdzHxTe425Ag0EYS4p4gEQALZDK/wZpvr85okZ
|
||||
vDkUOkxlWtUJ30XaigTw5gDb2J6/FNCVjPCSTv+CNP+utbpjDTUyYVGShVLyMsuh
|
||||
N2Dn890rOlUbxmc8gnmIS3cZ/veJ+CG/HAxvwk1HOhN4RkXNKwtP/OpM5jvPSCh2
|
||||
Ym10agLE3GDzP17uXQw1bvqNGInlD8toipY9KCLs7i6g2ZbnBgOmvxvNZDVhN+El
|
||||
7N9xhJuvMj+5U63R6MbG0vTR3qr31TnPzB4QArcqE/eoHEk0P6v63dpnoge+l0pj
|
||||
To96F1u7ZWM+aHH1u7bhKIKQArESak0HQaNQrdT7y+1nlIJ0+4ea/RyWo430O74C
|
||||
i+A3fyJ+EfFfRekveCGoF/N4aWemq+VeYDimNYshJ/4XBMaJ6UCySvyd45KVzC6+
|
||||
cyetQ9rINVHgdcyxbMOJKUfCqV+2PHU7jsZmVpmlZvFuWbO7Rf4x2fBUFl8Wivfd
|
||||
ZFBSt+fvqSz/HC9blZ7CSKmUugCCb5KWcKe32ZbW/OphsYSGgJIiRqlJYMj8kiQu
|
||||
Wao0YnYrxas1Rhz93C77cHO6kopEMcPjXUriAMsYIURwb/anzsO65DLZjtzbIPmm
|
||||
mNrqjevmc1lk42GBsrTOo5JkxluVFsWlxqUu+j5OJwLJAQ4GV7fquld4WFAU2Xbs
|
||||
sTMtPEF1thLKWSFwqZi/rNA3GiaVABEBAAGJAh8EGAEKAAkFgmEuKeICmwwACgkQ
|
||||
ZPbE60bEVDqKtw//dqBgaGs1K8hNM7fw6L77ZuV5tHluVnNN1kDv7DOavAnsKY4X
|
||||
7+ONLGFN041jqomfZEGRyE2IxMgPFeFz8hDogOH8keaSbxAQzoe3yRC40Eap/tyn
|
||||
vx9WKLr2ALzTRt660uc/GelNM7IdHmWB7qTo6F5qs8gTttOZIsoTXdUZrpZBgyit
|
||||
TwpZ1G+uYH81C8TxXchC06xEC1r43bB4Fgfru09IzzjToyfBryntVywj6Rr6qLI3
|
||||
PSFmwzXQLuNsj8ndvA1NnxYR0hWVXLukQLLUgMl92z9tyrtUlvqc2bccfLORoPh5
|
||||
AvnZbxMcOptDy/iMHVJI0+p0C5rnXYuehDn0WpsfMH3Lgbek5trfBXQY9ClHa77d
|
||||
Y7VnXzJ+zqTFw2rh22o8CTTEho6cKPjF96DAiRl+YOhR15sPOC3bD9EXm55EPirQ
|
||||
6DzTGVnYnjrMg1w98m7H3ZvoElelER33Fusg42G+2zZlCYDGKKkAO76SSv7qaybs
|
||||
/riZvZ2j0mJr6bDAGTtuGbs5TaviB6e88OhdYDLXWL2xqylX7TMy7lHRefpTCRpB
|
||||
13E5zaPS1sWkKho9wRn5JhISWtDsyk0Ikeq2uiu+oZUeg7nSHglm0id8KvHGNWt6
|
||||
cEOhKQTPfolUiyTnLoO5FxxxqQftbEWgwfNIhvEHmUTaAgZdEbjquY8qEhm5Ag0E
|
||||
YS4p4gEQAJn5uSp0dBjyJenD1SKLiuWqLzNuhjaQm26cuc08m7oVpGWQeriToaMo
|
||||
d5Vr2Ay6HJjVDyIUucGdhi2OEj/gQVSoDNhnp/TvafB8npt88rmeAX+ass7Fiapq
|
||||
PdN/5mS2pMiDAf5ISAeYFKjb0Gltsl0CLcclbrXPD//4DFVQkhvtLp6TMtpSrkrk
|
||||
atrT0Wo2yCzwHLIyP6Lksl8lZuRETye476bU8L9GXn0CSW5n5fmhe5WJGmgE+9OK
|
||||
mlNHLt+VmjD7tiA3G4Wofrk56H4ur3ESdECCQ36HH4sKvqZeWkjewGZEX+KQUZN0
|
||||
Efidgx4v7rVPPU9/Iljbu1EyQsSlKq4rFZH43lZwQL4MuXyNN5WfGexn266R0lTv
|
||||
xNhsamYOljAI1/n9E4C1I8sc+i4C7jYjcA39kWD07N6SgHsreo6ca0nQPV6sDrAL
|
||||
heVtSbm01FxNMuBDKBN9xwzTDPuI12HuY/C4QF+EId+iMpIPrxBRAFYIUBPevDjk
|
||||
d9IFkZFAgFaVr/o68pZ651JeOefRZXC2fAWvO+UueMx+vpQyj2+I7sn65JEnvJbU
|
||||
kSrK8F9QzakkSyQJLof21x+IeX+pg6gjQSeODKIrIGonudkUcAcfMYC4Hb4VKPYS
|
||||
WyqF2V72KwJ6IS14CcLpi1u1Jdxely038Fj2RhAqLhuf1AmOLW7JABEBAAGJAh8E
|
||||
GAEKAAkFgmEuKeICmyAACgkQZPbE60bEVDoPLA//V4HETF7ymTMAWyQk6agOdwD6
|
||||
q8i1qc4SXPqAlMFXfQfmh+Z1te5kl3jeB3JWpzNdh+0XUeh2FkTf/YGq7j8yvcVk
|
||||
d1Yr0iQ58ieUkepR1/jm5Sx89OiJOWnudJO5y1a9/UMjK1+SqyO3jprngVu0VMpK
|
||||
EKWEI4SKbqIjw65GxFv1GGvrUlGQ6E4ggsOKrplRqbDTHViVXyAa+cnkjetZwP/K
|
||||
3GmIBgvGijrqDNcocrsfKd2pP7Kj1ajqrUZ4kQDiuSvKvfesbFcPaRM6LiDp0wvi
|
||||
up7fD2FUWpq6+Jt7J65GaiF69oJjM4k25T3tphF5tc0ijyKAD0krRn/iqfPxVWEr
|
||||
jlzSodZMjcvCX92fRj64VT/GPKsavVghHEnsJJNQkRaXGtxDQ873HG0VMKuEsQIv
|
||||
qwQD160uVw2x7EGhQo4MQA6tqN1c3AbL0LblXs+Zb+QqPpXbbsHYTOayfS2qulmP
|
||||
CbatjQwwkI0jp+GukOVX1DPLdjeKe5H/otaI4uXLoavQ3fUTIj/YiesJBLjhedLh
|
||||
2FgBN7uzW9dRbHv/1Tu3oQYRlUKL6rGjVY37BNXg2dpdiuJ1OtaSvV5YM14dYr3x
|
||||
iVwyWso7rlXF/zGRI8HEBe3yNGUQ1D4iNuuY3CnRRaPwYhvqsoO6XxMtUX14G136
|
||||
08J1IgWoIIjZCf5SFlE=
|
||||
=CwCE
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
37
shell.nix
Normal file
37
shell.nix
Normal file
|
@ -0,0 +1,37 @@
|
|||
# shell.nix
|
||||
with import <nixpkgs> {};
|
||||
let
|
||||
sops-nix = builtins.fetchTarball {
|
||||
url = "https://github.com/Mic92/sops-nix/archive/master.tar.gz";
|
||||
};
|
||||
in
|
||||
mkShell {
|
||||
# imports all files ending in .asc/.gpg
|
||||
sopsPGPKeyDirs = [
|
||||
"${toString ./.}/keys/hosts"
|
||||
"${toString ./.}/keys/users"
|
||||
];
|
||||
# Also single files can be imported.
|
||||
#sopsPGPKeys = [
|
||||
# "${toString ./.}/keys/users/mic92.asc"
|
||||
# "${toString ./.}/keys/hosts/server01.asc"
|
||||
#];
|
||||
|
||||
# This hook can also import gpg keys into its own seperate
|
||||
# gpg keyring instead of using the default one. This allows
|
||||
# to isolate otherwise unrelated server keys from the user gpg keychain.
|
||||
# By uncommenting the following lines, it will set GNUPGHOME
|
||||
# to .git/gnupg.
|
||||
# Storing it inside .git prevents accedentially commiting private keys.
|
||||
# After setting this option you will also need to import your own
|
||||
# private key into keyring, i.e. using a a command like this
|
||||
# (replacing 0000000000000000000000000000000000000000 with your fingerprint)
|
||||
# $ (unset GNUPGHOME; gpg --armor --export-secret-key 0000000000000000000000000000000000000000) | gpg --import
|
||||
#sopsCreateGPGHome = true;
|
||||
# To use a different directory for gpg dirs set sopsGPGHome
|
||||
#sopsGPGHome = "${toString ./.}/../gnupg";
|
||||
|
||||
nativeBuildInputs = [
|
||||
(pkgs.callPackage sops-nix {}).sops-import-keys-hook
|
||||
];
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
{ config, pkgs, ... }: {
|
||||
home.stateVersion = "23.05";
|
||||
imports = [
|
||||
./dconf.nix
|
||||
./gnome-dconf.nix
|
||||
../../common/dotfiles/git.nix
|
||||
../../common/dotfiles/neovim.nix
|
||||
../../common/dotfiles/bash.nix
|
||||
|
|
Loading…
Reference in a new issue