Secrets Support

David Crompton 2023-07-27 16:15:53 -04:00
parent 4e99e1ad65
commit 2b8e38e02c
4 changed files with 29 additions and 20 deletions

11
.sops.yaml Normal file
View File

@ -0,0 +1,11 @@
keys:
- &root age1cvmffz227lhsvy4ufh0gnkfsvs5f27hv5l90m0lf4558uphteefsj2t74j
creation_rules:
- path_regex: secrets/[^/]+$
key_groups:
- age:
- *root
- path_regex: machines/[A-z]+/secrets/[^/]+$
key_groups:
- age:
- *root

View File

@ -32,22 +32,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1690026219,
"narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
@ -56,7 +40,9 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2", "nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
@ -68,8 +54,9 @@
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "sops-nix", "owner": "Mic92",
"type": "indirect" "repo": "sops-nix",
"type": "github"
} }
} }
}, },

View File

@ -3,12 +3,18 @@
nixpkgs = { nixpkgs = {
url = "github:NixOS/nixpkgs/release-23.05"; url = "github:NixOS/nixpkgs/release-23.05";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
# Follow the system nixpkgs
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { self, nixpkgs, sops-nix }: { outputs = { self, nixpkgs, sops-nix }: {
nixosConfigurations.kcnhub = nixpkgs.lib.nixosSystem { nixosConfigurations.kcnhub = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./machines/kcnhub/configuration.nix ./machines/kcnhub/configuration.nix
sops-nix.nixosModules.sops
]; ];
}; };
}; };

View File

@ -59,7 +59,12 @@
# TODO: Make set of themed packages for packages that are available, e.g. Python packages, Matlab, Octave, etc. # TODO: Make set of themed packages for packages that are available, e.g. Python packages, Matlab, Octave, etc.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Needed to manage Flake
git git
# Needed to use secrets
sops
# Used for Key Generation
age
]; ];
# TODO: Make services directory for with a nix for each service that is enabled and what options it has # TODO: Make services directory for with a nix for each service that is enabled and what options it has