me/nix-homemanager-laptop
1
0
Fork 0
Code Activity

Add SOPS

Browse source
This commit is contained in:
Ethan Reece 2025-07-08 01:10:38 -05:00
parent 17af97957d
commit b1f49ec488
Signed by: me
GPG key ID: 198E9EB433DB1B28
8 changed files with 100 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.envrc Normal file
View file

@ -0,0 +1 @@
use flake

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
.direnv

14
.sops.yaml Normal file
View file

@ -0,0 +1,14 @@
keys:
- &laptop age1thulhunl9qf552rnlvhrdjrfy3udhfy43389thm5ehr09ycrwcsqdjd25q
- &vpn age1emavxf6jydt0f8nt7y5xyagthhh0hcc3f0kthtt2yx0am7df3vdqw7uwk6
- &vpn_ssh age1gqtj74kr2yumd7wkaf83j2ctlmltv6ykvkwna4thjjmr0v0tts6qnt5dc0
- &builder age1emavxf6jydt0f8nt7y5xyagthhh0hcc3f0kthtt2yx0am7df3vdqw7uwk6
creation_rules:
- path_regex: secrets/*
key_groups:
- age:
- *laptop
- *vpn
- *vpn_ssh
- *builder

23
flake.lock generated
View file

@ -204,7 +204,28 @@
"lix-module": "lix-module", "lix-module": "lix-module",
"nixgl": "nixgl", "nixgl": "nixgl",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nur": "nur" "nur": "nur",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1751606940,
"narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
} }
}, },
"systems": { "systems": {

14
flake.nix
View file

@ -15,9 +15,13 @@
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.1.tar.gz"; url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.1.tar.gz";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { nixpkgs, home-manager, nur, nixgl, lix-module, ... }: outputs = { nixpkgs, home-manager, nur, nixgl, lix-module, sops-nix, ... }:
let let
system = "aarch64-linux"; system = "aarch64-linux";
pkgs = import nixpkgs { pkgs = import nixpkgs {
@ -37,11 +41,19 @@
modules = [ modules = [
./home.nix ./home.nix
lix-module.nixosModules.default lix-module.nixosModules.default
sops-nix.homeManagerModules.sops
({ ... }: { ({ ... }: {
nixpkgs.overlays = [ nur.overlays.default ]; nixpkgs.overlays = [ nur.overlays.default ];
}) })
]; ];
}; };
}; };
devShells.${system}.default = pkgs.mkShell {
buildInputs = [
pkgs.age
pkgs.sops
pkgs.just
];
};
}; };
} }

14
secrets/Justfile Normal file
View file

@ -0,0 +1,14 @@
default:
generate-key:
mkdir -p ~/.config/sops/age
age-keygen -o ~/.config/sops/age/keys.txt
cat ~/.config/sops/age/keys.txt
# use `sops edit` instead
# encrypt:
# sops --encrypt --in-place secrets.yaml
# decrypt:
# sops --decrypt --in-place secrets.yaml

34
secrets/secrets.yaml Normal file
View file

@ -0,0 +1,34 @@
openrouter_api_key: ENC[AES256_GCM,data:V/JK4bZb6ps22fseIz01AuXqHG+jGy1un3GzJNR5JL2y7WynHdVp9xsK01D4HoYApxYhbKG87VM2/40MSdfu46Rd7e6BwGCaiw==,iv:BMHPFzpu99911v3tBNvuZSzRiXpi+hJ+o/aGL3O/xPc=,tag:iXNV+chWGbUKUaghv6Rytw==,type:str]
sops:
age:
- recipient: age1thulhunl9qf552rnlvhrdjrfy3udhfy43389thm5ehr09ycrwcsqdjd25q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbkV1UUo0b0FzSVZ6ZTUw
cjdFNkpVOXFRanNuQkZWTlo4MjNVUTlyS1d3Ck9LVW9aemRTaFdLV0xnRGFuZUhT
QW5ab29kWmFjOWpvOEdXWjRMUkZWYUUKLS0tIHcxbWVjMlFMR2p4eWFrL1o5U3RR
akhEeWtRRHN5OG9ndzRVRS8rcm45RFEKa3Blj75nqr/tlzsHR4TIuGmUZiQvC2xI
cS1Zaja1WlcdRw6S8YapYF3jpP9fCPLun4vDQTPfuqMTt2R38TrO1w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1emavxf6jydt0f8nt7y5xyagthhh0hcc3f0kthtt2yx0am7df3vdqw7uwk6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MmphS0kwMkh5eVAveGFy
eVVqb3dITFRQQWx4cUdybXlNMGNEbUlDcVNRCkVkQlh5eGo0SkNVQ3k5c25LQUxU
ZHlMdEEvRXBMQVFVVjZtK2U1cU9KRTQKLS0tIGtlMHJRbThhZHBvSHlFQlFIdEtT
d25YNzhHekQrSUtyNklBcVIwalY3ek0KVYnN1qvmmcVPWZ1u+HwM8Ua+BbMOky7B
qXLuKB7yz2/utw9ACm6kzd28CB5kBIELdsv0GvmexV73cYe7h/w71w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1gqtj74kr2yumd7wkaf83j2ctlmltv6ykvkwna4thjjmr0v0tts6qnt5dc0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1QmJsOEJGM2JOV2FRQ0Y2
Ui9uRGNmTkRneUpLR3ZRb0VqYWJvTlRzOHlJCkgwa0R6em1ndWMvVDZ6cW5idElz
UG8zaVNNdWJiRStocHkzc1Z2T0dVVWMKLS0tIHhSTEgwRXpPdXR2b1BqQnF2RVp4
bUZvN0pwdHBuYkN5M2JaOVExcXVFcmcKGPvIgMyzqBI2fUCU/83rPjnRHVKm0G43
nCbcF+TwcvNzgS8rGD3of8OeyK3D03jIJla9zVFBSWZ/zA5YHIHkgg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-08T06:03:47Z"
mac: ENC[AES256_GCM,data:QDbGVibN23+BYfPfpw49qPVKF2k76ANaaMaxcWDIaPHvNdIcT+CdNl6Y+HJgayZjBA8W03djnm7Sts+4ijt8+SWuw5pHBmSqs4h5cZ7Vb2SAKjTYz2vPKb3aBHChWLpeIeL9Ihcn2GKqAl8D7PUP7i+YvC8Owr+U5xND/zaHCJ8=,iv:5ERCUXnjVpiOBLeswkEYT/R3sHqBF6kyDZ78L8/pyTo=,tag:Dki4cKMF66MxqBLbjuItZg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

1
secrets/secrets.yaml.example Normal file
View file

@ -0,0 +1 @@
openrouter_api_key: d4d...