LailaTheElf/nixConfig
Archived
1
0
Fork 0
Code Issues 5 Pull Requests Packages Projects Releases Wiki Activity

test for using sops

Browse Source
This commit is contained in:
Laila van Reenen 2024-05-02 18:13:43 +02:00
parent e7b56b19b5
commit a1ee5c63a1
8 changed files with 86 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml Normal file
View File

@ -0,0 +1,7 @@
keys:
- &freenen_pgp 659E789F50DBF29C559A20D31A49C544894DAA60
creation_rules:
- path_regex: \.secret\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *freenen_pgp

11
configuration.nix
View File

@ -11,6 +11,7 @@
./locals.nix ./locals.nix
./services.nix ./services.nix
./software.nix ./software.nix
./secrets.nix
]; ];
# Bootloader. # Bootloader.
@ -63,16 +64,6 @@
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true; # services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.freenen = {
isNormalUser = true;
description = "Finley";
extraGroups = [ "networkmanager" "wheel" ];
packages = with pkgs; [
# thunderbird
];
};
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
# programs.mtr.enable = true; # programs.mtr.enable = true;

4
flake.nix
View File

@ -2,12 +2,14 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1"; nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1";
sops-nix.url = "github:Mic92/sops-nix";
}; };
outputs = { nixpkgs, nix-flatpak, ... }: { outputs = { nixpkgs, nix-flatpak, sops-nix, ... }: {
nixosConfigurations.frdesktop = nixpkgs.lib.nixosSystem { nixosConfigurations.frdesktop = nixpkgs.lib.nixosSystem {
modules = [ modules = [
nix-flatpak.nixosModules.nix-flatpak nix-flatpak.nixosModules.nix-flatpak
sops-nix.nixosModules.sops
./configuration.nix ./configuration.nix
]; ];

10
secrets.nix Normal file
View File

@ -0,0 +1,10 @@
{
imports = [ <sops-nix/modules/sops> ];
sops.defaultSopsFile = ./sshkeys.secret.yaml;
sops.secrets.userPasswords = {
neededForUsers = true;
sopsFile = ./userPasswords.secret.yaml;
};
sops.secrets.sshKeys.sopsFile = ./sshkeys.secret.yaml;
}

3
software.nix
View File

@ -8,10 +8,11 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim wget git ncdu btop vim wget git ncdu btop
gcc cmake valgrind clang-tools gcc cmake valgrind clang-tools
texliveFull
vscodium vscodium
gnome.nautilus gnome.nautilus
libsForQt5.kalgebra libsForQt5.kalgebra
texliveFull
]; ];
services.flatpak.enable = true; services.flatpak.enable = true;

25
sshkeys.secret.yaml Normal file
View File

@ -0,0 +1,25 @@
sshKeys:
mainRSA: ENC[AES256_GCM,data:BKPuceNFRVG0Tyj0tMmYeZbA3WBrJUKB4NrJh4+lvzMgPreGJIwKuB5bQkMvcyz5x6lDYeIiUTLYIzsiPvCmwWSqeTHmyqum09zekZNfxEOYyrMHuxxRISz8LPZ0fKTaXp0VsN1uqfNBe+aLUzgWlilzib4LZrUM19W+nyb+PLA+wSaZn6e7Ov2c7IpGdeEwi5A6PeW96ni7dioJtCSDXz7OcWzLub28gMgPMaGbrMy4HosqbZvCct/QUFg3qveQWZ8dIPIMvDioHWgqpHkV1ELGbL20zv49A5riJ3fF2R70Yjbmb4cEEagNix9L7z325wz2mNcNHNbb+a2yq+bweZ8ia21MmCW/smniwRwnpbJ4HYQwzuq7K/NoRkBAZGPg5STTarOsMa3O7X3mf382VCMt1Y8d9C1POjete7fJGfKvzY56+JoLPxnjc8lw5/EGjJrq+KzY9BgKWXP9TXH3638KeFoJv+xPy0beNCG5wYfObLCoFzbjw+gd56hZ8JLDjjkxx+Zr4wita+et3BQtcwcSt1o9sih4zmF1l3oTvCEpPVY2HU32lCyk0A2IwHDOhVKHpt7LfgNmlqr7WHCXmp+5P7xSczyZpCma15VnwREKUHgGpWTpozLEo1BDE/VQqfeqyT9MRntkvWgfZLQzS7EqGxJ/C2QGN0rKkAV0si26iwSJpz7CcDyITJEQDhbbEioMXdciDFuFEMaa5VExNDkBqib2C1gkLJ3hxRaxZMzyYw3rg57hQr2tazdpEdy1P2qkJqQdMXsE+TCyc91+zgLaf4Oc71Q0nbdnuKZ9/bFV94sV+zu9C/LD7z8CNZSDBlanRCZm8lTXZQzAFX5bbCL/V5YyEc3ioDrTYIkZ/me5HfDabB8atr2p5uk2W/oVKGZmQPD/oBQ1K95svPp46ko1gEC6tOVCweNs0pvnUmAPkcZHEH1tz8dA7MiB+FUcwLpXly9dKU1mldcXb+YYWvVhVSvyGK7HVQdpw/fd3uPY6f0h/rhqePzHnc3kEovNcrpIDSmQB1s0/4ANnk5WjGKsG6L4bIJ/3UA8mfV4qitGJS2Q0+WwndO3Hy0pieIkcT2F7yCCoB4jM46t0tgWb7ztGVszJGfWAULD6phiEXUpcpQsuBz0hBk5R0+iiiQT7NUXgxQRV/LgbIHDVu9e2hAwlAPogKZZCjZEtDzj4HDsBajUjSdfZzR5cdLnO1gyEERqMPb13P4E0J18ohI7+XFdnvvCRnNf3jsW3pW/VRBGwZa8NPjiJjp5ANkNmfZStiVPMgQRncJgM2C+jJfPa76Jn3gz4ukbCSOjqh+kOSk9aJaIsjsUlNw5cQwPHtWpBSYDOyJceFObLkPvdGnsLRo9ZfpHAMLe43OVXJ/KH+VJBfKMX4ocTGSEIjPnt0B38k1VN4zRU2PG5pDhOiKF6Rz53Ju9JRtqOwBGdMS+hoC13eRw+PMXtUuTnFq2LMUylxAqGDsTGK0Fq9f7GG6H53HWV2eKZA11kdvOkUaYpaULnumNErtmH+xFTg3mUEBPQk+dtqQaCigIJAE5aZsL3wWkapU1SJ9aP2oHn34SPN4P2v5TctYT9aqmQwdO3GNsm/N5CSt5UaAoJ3y7PHe8G+cj/4dG498/S1EKhQ+D8A6LfDu91guuEBK9wH28eecNw89V918N98NcP9Zlv09+38LnMdfwSWQEG0qNM7IM49NeLP2nyTErx5W8fu16ebw7Mg/0/mCg9s/wyqkahs7N1rD0wJMggIVY/bbj37WABwcp8lIGK8v2IXHCsEWwWLXeVsWIHLC97vWR+DK3+F9uhhSUTo2kmuAf7bLe8WD61lnPPvgdnUwhzCFGEm3cUhtIesnr4Dw8IGN5UuDaZ8BtyM6Wo1Wwsk0CUi7caNHHU/3Y9ttwu8DaqO/2KCyXDnm9jbtmsx0FAEdirf8AbXxp8ouZL2tytKjhwOlt2TIU7ElKPtvuJ1+Yks0Y28XIbs1pZLPWFPT4oDHDh74Ao0fFcB8JNz75DAD0fDTH6g52szTQzrQ1vq5KrsqEeUzh205tO96ycpfEoD24nSem9g5VMyZ8/MKeqUfPpjEIQtoi+aOoQrPzb0h9LYb3ZJpTEX2PdrgxV0g7RUOFpXfn6YxFgtG5WF4vkp1sRCAyZm10/DwvdARSo1bOhwOMMszGCwbOsU/YMsbNiClrU5LTGfETqp8xjXx/UjXFwuRBJaLvUbVAhmSrDGJLrSnw9ZqKHEp6vRdO6h8Bqp541i6TIEGKexTSG5L8igaElAJbLflfKptbXprXbqQPGpb+IhnnIDut4rWaEHMzEI/58Q7qRX2tvH/xcuCmgyLA5saUsiGTJAORBd4CETBsVXDijuK2Vw6GLkM/c0h59PYN1HGw1iAcWBe0rGIP23HmF/xqCAxTJafYMItGskOP5ERYFOCNJkwAA304JQeW1plG0UHed+4iAQ2nmPmwm+dVJXoFIliKQVgkRN51EL+DCLCT1Z5s9S4l1e4r/uZoCoykHlAuATkznuX6QA9FL1G300gXwC9FMmp4qYhVPX0XBIko7Zd7MaQdrQHDLdaq9SVmH83HZejD4vnGXtHC0gdHvjPQSBtXlmxNtNzMhoJP8DCgUUrKAkYWS06Snmfxe4hZzisFumzODcEPiTDP3JWjwVlsDYqxgBf9tEGR9vjHWBttutdIuhu8/LOUlXhh1Pyt1Ua4YNgB/dgc9cOV3nsog5gy4sPrHxNSa7zYXE3xSnC9wVjSyJscvfGhZ6WI5BwTkVH3DrXW9Td3iHS3HDHu9AMEs9HdEd0C3udn01K6N/JW7Olaczm1EfYEEM+3Ka4OzaBA770GnBCf8TjEBFA4aLfxtW11GTszmXiek5vuzc9n+Ute+hU3fq0jxV06XPXHxvLtxmmGcVVEXPzreV0yLbUSOvi1QIvt7lysOyXzg5OnPz/9WXC3QcUzPoeho38C/VWJCXrhuJJI8YkhQm4APEbXr8agQKw1jjn276qaZBnM/0XqGS2OSJOAp96dzb2ph4vntFy0SMgORQTWHamUrC+mtvTmrLxG3ALQWDXJu1sVS9XFwrzfdaqBF29EA6Baz6NMsqmEpqiUvD/5VK1JJo2buGe++1kW/WblQ7fRTY6c4tALj84t+zkjswkDsHWlo59RihaHInAKoIOgwBaBejVw2I03uLP/Rp0YR1KEFKLrqNZR52hLeeDYhjI/8FqSKpGQZ+YLoGcv4piVR+hzb2KLZ4mfX3LpHMvNJ80VLhoAe2Cl236GCst7V9/4dS+Iq7JWFzlbs2pmj82O40DRERLOqtYg2bp8LbSv3kbnDh+A+qJkH2/t3+/gQbYEM7HlKugg7xtKZCldVJstO/YAkFi0CzX8PN//3Xo1IfFRu2di361cRxiBJjq6mgxQ4x9CHqYJpnjYQ38/FmDAU3Evm6bkiIcSAM448a8yFo8jgOJf1BOgphg1N8UblNR05qPwhj/7+Ox5R+y/jGmloAX1IrLEk0oybbBq9PjxzO2uUdoR759Xi59sUGffyxCUVZK5cGoxqCmP,iv:OTAzULAPMvKR0STRcTBX3niYwXO0qnp1e+EL4qbbYqc=,tag:p4VWErm4a2L6zrZx9WyT9g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-05-02T15:04:39Z"
mac: ENC[AES256_GCM,data:J4WvM1rQQ3tkbmf+cXh6HnoDvRFqECzwz8EoO1mdtT8oLPd/0wq544qYy12WrGzRM/TLFKvqi874JxB1uBT9fiTkIPgTtQd0juzUO1mAFXO1sMjxj7xZqlet9TZuvh7pqWmaDMcyqSjDnHqKuPTbVOPsagc8twP97b2i9gUDbp4=,iv:qNBP03Y28s2MOMaIpz2lw89FIB8lrGt+q4YJ6HkCHDY=,tag:3VMIaoRzL8CuuW5I953zOA==,type:str]
pgp:
- created_at: "2024-05-02T14:45:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DNs2dC5MoGHESAQdAMAANtGTepileo5+JlKQjUN5WQMizJod4Btc+nIttk2Aw
CiQfHb0PXS3hMmPvEE5r4ncbLP5j4GbJQIWlvcuMzpHOtcXN33U7yQlNWQ7+yl9/
1GYBCQIQ2SOLTJEuOOadtdFNR6IqhcZZMmGab5WPRBsG1Ez0TsVm6D2gpxYL8Mwt
l5963ZKae6/DEWQaTdwLEke03coNeMh+ayviARZdHqw5722/hG2bt7mV+YEhhX+S
83mxH0/aVvc=
=B3Ks
-----END PGP MESSAGE-----
fp: 659E789F50DBF29C559A20D31A49C544894DAA60
unencrypted_suffix: _unencrypted
version: 3.8.1

24
userPasswords.secret.yaml Normal file
View File

@ -0,0 +1,24 @@
freenen: ENC[AES256_GCM,data:YiJ1EKxEHq8jS/yhuemgzcAX2Hx5idxCXi3VJZoWCxY2EWAxErIJEYfTPm1PunHQ+OyqailvIDMzXpZ0DF9COLRVAksgcFJonA==,iv:aCbuapg9W6QsZzebP0aGsXtNIuuNIarUCjvG0URRcnU=,tag:bq91mG4xVrfbLr+F4mZ5rA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-05-02T15:21:54Z"
mac: ENC[AES256_GCM,data:DxuNe6mAIbIbQg64ABAJKEBu00L+0SGkNAsBsfZtqVOFZAendLgHeSpRPM54ofpJq7O6WosEDCcvEHCmhO14Rba9HbsWtlkEpZXvAnWcNc012aaulJ6rDmsN1MozDxHMSfd/8a4iyxoj6jTKnHJl7XmRrbcy/3Gz8ZJ3PAceElY=,iv:ZQEx7axOaRlRMkVqe9HerDADAavob3veFDcdu+8ot8c=,tag:aqQ/Ci17z7hPPYY9PwJ6SQ==,type:str]
pgp:
- created_at: "2024-05-02T15:20:40Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DNs2dC5MoGHESAQdAS8J1hu2Vrl81vWurRGN+f9orvzmsvGtIlkZujVe5sUAw
RumSi34DsECwn0yWti6jKqrDXnxz9FP3s2IAAqF/sSdjdMqoHQxKAjJhc5icHLkb
1GgBCQIQa7dTBhih0hOnQzv1kzTi1OH0MpFw//HBJ/h5C/6g6T0RCfZH54vEp7Dt
oiSr7QHZbGhR28LEHq4tAQmqA8W/cvEexcT8DcdWQHCbWbL5yhoKuKltMJ747ay/
cDZT+hML31L5ow==
=Ev2q
-----END PGP MESSAGE-----
fp: 659E789F50DBF29C559A20D31A49C544894DAA60
unencrypted_suffix: _unencrypted
version: 3.8.1

14
users.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, pkgs, ... }: {
users.mutableUsers = false; # make users unmutable
users.users.freenen = {
isNormalUser = true;
home = "/home/freenen";
description = "Finley van Reenen";
extraGroups = [ "networkmanager" "wheel" ];
hashedPassword = config.sops.secrets.preUser.freenen;
# openssh.authorizedKeys.keys = [];
# packages = with pkgs; [ ];
};
}