Secrets Support

2023-07-27 16:15:53 -04:00 · 2023-07-27 16:15:53 -04:00 · ec64e16dfc
parent b58947c554
commit ec64e16dfc
4 changed files with 29 additions and 20 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,11 @@
+keys:
+  - &root age1cvmffz227lhsvy4ufh0gnkfsvs5f27hv5l90m0lf4558uphteefsj2t74j
+creation_rules:
+  - path_regex: secrets/[^/]+$
+    key_groups:
+    - age:
+      - *root
+  - path_regex: machines/[A-z]+/secrets/[^/]+$
+    key_groups:
+    - age:
+      - *root
--- a/flake.lock
+++ b/flake.lock
@ -32,22 +32,6 @@
        "type": "github"
      }
    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1690026219,
-        "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "root": {
      "inputs": {
        "nixpkgs": "nixpkgs",
@ -56,7 +40,9 @@
    },
    "sops-nix": {
      "inputs": {
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
@ -68,8 +54,9 @@
        "type": "github"
      },
      "original": {
-        "id": "sops-nix",
-        "type": "indirect"
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -3,12 +3,18 @@
    nixpkgs = {
      url = "github:NixOS/nixpkgs/release-23.05";
    };
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      # Follow the system nixpkgs
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };
  outputs = { self, nixpkgs, sops-nix }: {
    nixosConfigurations.kcnhub = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [ 
-         ./machines/kcnhub/configuration.nix 
+         ./machines/kcnhub/configuration.nix
+         sops-nix.nixosModules.sops
      ];
    };
  };
--- a/machines/kcnhub/configuration.nix
+++ b/machines/kcnhub/configuration.nix
@ -59,7 +59,12 @@

  # TODO: Make set of themed packages for packages that are available, e.g. Python packages, Matlab, Octave, etc.
  environment.systemPackages = with pkgs; [
+    # Needed to manage Flake
    git
+    # Needed to use secrets
+    sops
+    # Used for Key Generation
+    age
  ];

  # TODO: Make services directory for with a nix for each service that is enabled and what options it has