me/nix-homemanager-laptop
1
0
Fork 0
Code Activity

Fix sops

Browse source
This commit is contained in:
Ethan Reece 2025-07-17 17:21:00 -05:00
parent 48e842cc03
commit bbb3f94de6
Signed by: me
GPG key ID: DD8CE04D5D8FF832
6 changed files with 128 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -6,3 +6,4 @@
.helix
.pre-commit-config.yaml
result
*.local.*

6
.sops.yaml
View file

@ -3,15 +3,17 @@
# SPDX-License-Identifier: MIT
keys:
- &laptop age1thulhunl9qf552rnlvhrdjrfy3udhfy43389them5her09ycrwcsqdjd25q
- &laptop age1thulhunl9qf552rnlvhrdjrfy3udhfy43389thm5ehr09ycrwcsqdjd25q
- &vpn age1emavxf6jydt0f8nt7y5xyagthhh0hcc3f0kthtt2yx0am7df3vdqw7uwk6
- &vpn_ssh age1gqtj74kr2yumd7wkaf83j2ctlmltv6ykvkwna4thjjmr0v0tts6qnt5dc0
- &builder age1emavxf6jydt0f8nt7y5xyagthhh0hcc3f0kthtt2yx0am7df3vdqw7uwk6
- &raspi age19mg5f2p7pwjqgnzu6upe7jezknr68ufjppn0h5eunmgzdgykggjqzkj5la
creation_rules:
- path_regex: secrets/*
- path_regex: sops/*
key_groups:
- age:
- *laptop
- *vpn
- *vpn_ssh
- *builder
- *raspi

90
flake.lock generated
View file

@ -146,6 +146,9 @@
"git-hooks-nix": [
"git-hooks-nix"
],
"helix": [
"helix"
],
"lix-module": [
"lix-module"
],
@ -157,11 +160,11 @@
]
},
"locked": {
"lastModified": 1752566655,
"narHash": "sha256-w1Shlyy4dlAwtOb8NJ9XMs2FUD030WLgHWxOBQsh8bk=",
"lastModified": 1752789776,
"narHash": "sha256-1GlRsbIJ8+j5tVTnNZJNV2UiGkNSPND9QM/AhwvPreU=",
"ref": "main",
"rev": "193dbe8d030aa6784eae9acb211c4cfda404ed65",
"revCount": 11,
"rev": "657a888b00d75b2b341e74752d421b8a5f18cb22",
"revCount": 19,
"type": "git",
"url": "https://git.sudoer777.dev/me/nix-flake-base.git"
},
@ -358,6 +361,25 @@
"type": "github"
}
},
"helix": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1752674572,
"narHash": "sha256-rCAwXmLQJQVHRpquWTQV1fDurHhf4beUzqDi6FVkdEo=",
"owner": "helix-editor",
"repo": "helix",
"rev": "2ee11a0a9d9b9951b5b64b54be05379cc030230b",
"type": "github"
},
"original": {
"owner": "helix-editor",
"repo": "helix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -365,11 +387,11 @@
]
},
"locked": {
"lastModified": 1752780113,
"narHash": "sha256-w312x4qtwWzJZSLG8c9srlr/hQTh1IfyOaV40xmg4Fg=",
"lastModified": 1752783339,
"narHash": "sha256-RXxejsGIWtJ5rJKLAm8Kh159euZHPMi7CtbOoHLsm2c=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e595fe1df49d75e971b33f311e365f032089f450",
"rev": "7c78e592a895f2f1921f0024848fe193e2f8518e",
"type": "github"
},
"original": {
@ -483,6 +505,22 @@
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1740560979,
"narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5135c59491985879812717f4c9fea69604e7f26f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1752747119,
"narHash": "sha256-2Kp9St3Pbsmu+xMsobLcgzzUxPvZR7alVJWyuk2BAPc=",
@ -498,7 +536,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1752480373,
"narHash": "sha256-JHQbm+OcGp32wAsXTE/FLYGNpb+4GLi5oTvCxwSoBOA=",
@ -514,7 +552,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1747958103,
"narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=",
@ -533,14 +571,14 @@
"nur": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1752764131,
"narHash": "sha256-ICuzcl6k4/zxjsXjMm+CIDHroLSuVPYEWAZvjMsZtbg=",
"lastModified": 1752785475,
"narHash": "sha256-Lcy5RBPP0+EzUHboRaM1gPSHKwKJQF1e2qj/EOYsmGQ=",
"owner": "nix-community",
"repo": "NUR",
"rev": "a354aa8bcab5191c01acba64b4fdc81ede297757",
"rev": "12d87205784d8600ad091054f2d8458721e362ed",
"type": "github"
},
"original": {
@ -581,16 +619,38 @@
"flake-lib": "flake-lib",
"flake-parts": "flake-parts",
"git-hooks-nix": "git-hooks-nix",
"helix": "helix",
"home-manager": "home-manager",
"lix-module": "lix-module",
"nixgl": "nixgl",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"nur": "nur",
"sops-nix": "sops-nix",
"stylix": "stylix",
"treefmt-nix": "treefmt-nix"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"helix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1740623427,
"narHash": "sha256-3SdPQrZoa4odlScFDUHd4CUPQ/R1gtH4Mq9u8CBiK8M=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "d342e8b5fd88421ff982f383c853f0fc78a847ab",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
@ -773,7 +833,7 @@
},
"treefmt-nix": {
"inputs": {
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1752055615,

14
flake.nix
View file

@ -15,6 +15,7 @@
lix-module.follows = "lix-module";
nixpkgs.follows = "nixpkgs";
treefmt-nix.follows = "treefmt-nix";
helix.follows = "helix";
};
};
@ -48,6 +49,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
treefmt-nix.url = "github:numtide/treefmt-nix";
helix.url = "github:helix-editor/helix";
};
outputs =
inputs@{ flake-parts, ... }:
@ -80,12 +82,24 @@
"SOPS"
"Stylix"
];
excludes = [
".sops.yaml"
"sops/*"
];
};
markdown.enable = true;
nix.enable = true;
toml.enable = true;
yaml.enable = true;
};
pre-commit.settings.excludes = [
".sops.yaml"
"sops"
];
treefmt.settings.global.excludes = [
".sops.yaml"
"sops/*"
];
devshells.default = {
packages = [ pkgs.forgejo-cli ];
devshell = {

11
home-manager/base.nix
View file

@ -466,11 +466,12 @@ in
];
};
};
direnv = {
enable = true;
mise.enable = true;
nix-direnv.enable = true;
};
# TODO: Is currently broken
# direnv = {
# enable = true;
# mise.enable = true;
# nix-direnv.enable = true;
# };
};
services = {
gpg-agent = {

47
sops/secrets.yaml
View file

@ -2,37 +2,46 @@
#
# SPDX-License-Identifier: MIT
openrouter_api_key: ENC[AES256_GCM,data:V/JK4bZb6ps22fseIz01AuXqHG+jGy1un3GzJNR5JL2y7WynHdVp9xsK01D4HoYApxYhbKG87VM2/40MSdfu46Rd7e6BwGCaiw==,iv:BMHPFzpu99911v3tBNvuZSzRiXpi+hJ+o/aGL3O/xPc=,tag:iXNV+chWGbUKUaghv6Rytw==,type:str]
openrouter_api_key: ENC[AES256_GCM,data:1/KzXXeYw35sp5MdW4ofnuMyWAc8e+t4f5Q58XuvPSxlOeAow8a51YDMcgAYl7Y9f9BUYQKdEXakUi5cmZNEtSHEZigFY9lVmw==,iv:v7cAy26YkNuOZFmJtSXIAYUd3rQinSKLch0Lfazj0yE=,tag:UBUbOnthVRqpd8m8oueAjQ==,type:str]
sops:
age:
- recipient: age1thulhunl9qf552rnlvhrdjrfy3udhfy43389them5her09ycrwcsqdjd25q
- recipient: age1thulhunl9qf552rnlvhrdjrfy3udhfy43389thm5ehr09ycrwcsqdjd25q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbkV1UUo0b0FzSVZ6ZTUw
cjdFNkpVOXFRanNuQkZWTlo4MjNVUTlyS1d3Ck9LVW9aemRTaFdLV0xnRGFuZUhT
QW5ab29kWmFjOWpvOEdXWjRMUkZWYUUKLS0tIHcxbWVjMlFMR2p4eWFrL1o5U3RR
akhEeWtRRHN5OG9ndzRVRS8rcm45RFEKa3Blj75nqr/tlzsHR4TIuGmUZiQvC2xI
cS1Zaja1WlcdRw6S8YapYF3jpP9fCPLun4vDQTPfuqMTt2R38TrO1w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvaDl4cFJUZmVTS3JYZVI5
WVFleU9CeUhZVG1VUE5sZWpHaHRwR0RBdmxVCjBZb2d3OUVuMVk4dGdrNzdIejVW
emM5UUdhM1d6c1BnTkR5enhQOWlVZGcKLS0tIHdKUFc5bmdmdUxWY1hObWZOL3h5
M2NNVVZrTGFzVkxrSzNmamhuQU5vWTgKF/j5HPmhyZ/LicQlqQhvAHaGPXXlhTJ0
wic+KOJKe+aALFtsrwFVKnZrZKYu9z5SzRPzcvvUH1MCtHIrlU3jOQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1emavxf6jydt0f8nt7y5xyagthhh0hcc3f0kthtt2yx0am7df3vdqw7uwk6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MmphS0kwMkh5eVAveGFy
eVVqb3dITFRQQWx4cUdybXlNMGNEbUlDcVNRCkVkQlh5eGo0SkNVQ3k5c25LQUxU
ZHlMdEEvRXBMQVFVVjZtK2U1cU9KRTQKLS0tIGtlMHJRbThhZHBvSHlFQlFIdEtT
d25YNzhHekQrSUtyNklBcVIwalY3ek0KVYnN1qvmmcVPWZ1u+HwM8Ua+BbMOky7B
qXLuKB7yz2/utw9ACm6kzd28CB5kBIELdsv0GvmexV73cYe7h/w71w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByYTU0UHhaeEZVa0wxbHEv
NHVpa3pleDNhbFY1YzZXSzYxaE40dnUzcUVzCmYwY1M4cm1oclBrWUZlb2hoS0Vx
WmVTVTB0bTM4NmRMdE4zbmZSZTF4NVEKLS0tIE5jdFk3MmVpcUZHSzVmT2ZyZVhu
Rkk1NVpONHNrRFZrWHNlRVRzYnl6b3cKrDdWnmvJDwiXxdTew4TGG9orgsi4Lu3V
X5P+nN2TGxsVe187nmOi3UDTNB2jJnR4YsukyFykZ47DswrL70qTHw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1gqtj74kr2yumd7wkaf83j2ctlmltv6ykvkwna4thjjmr0v0tts6qnt5dc0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1QmJsOEJGM2JOV2FRQ0Y2
Ui9uRGNmTkRneUpLR3ZRb0VqYWJvTlRzOHlJCkgwa0R6em1andWMvVDZ6cW5idElz
UG8zaVNAndWJiRStocHkzc1Z2T0dVVWMKLS0tIHhSTEgwRXpPdXR2b1BqQnF2RVp4
bUZvN0pwdHBuYkN5M2JaOVExcXVFcmcKGPvIgMyzqBI2fUCU/83rPjnRHVKm0G43
nCbcF+TwcvNzgS8rGD3of8OeyK3D03jIJla9zVFBSWZ/zA5YHIHkgg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Ykk0TkhhSWI0NE52bUlV
NUFKYmRaREI4OGJXcldKOTFrd25wc2o0cGlrCmV0eDZlbDRodzBkSDNHK1BtdUtU
MUV6M3MxVkphWGtxeHc1QkMwZW00OVkKLS0tIE9XYlFYay80dDNvbnVhWE1oaXRh
SnFadEFOZVYzVitUeHNJMHk1eERMVUEKXLFCMOAX4AJSxy1UcsRxgC0CImUD4wEh
mVmmkokEqgwIyQgztRHom2/6uHh55evZSW+XxbzupoDPBTWoTiSIlA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-08T06:03:47Z"
mac: ENC[AES256_GCM,data:QDbGVibN23+BYfPfpw49qPVKF2k76ANaaMaxcWDIaPHvNdIcT+CdNl6Y+HJgayZjBA8W03djnm7Sts+4ijt8+SWuw5pHBmSqs4h5cZ7Vb2SAKjTYz2vPKb3aBHChWLpeIeL9Ihcn2GKqAl8D7PUP7i+YvC8Owr+U5xND/zaHCJ8=,iv:5ERCUXnjVpiOBLeswkEYT/R3sHqBF6kyDZ78L8/pyTo=,tag:Dki4cKMF66MxqBLbjuItZg==,type:str]
- recipient: age19mg5f2p7pwjqgnzu6upe7jezknr68ufjppn0h5eunmgzdgykggjqzkj5la
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoNUdBRGRGRGRDaFZtT3hU
OHJDd2E4cmtaWTRvL0RpcCtwbEVZL2J6N0hNCmZFOW1DOU1GbFdFYzJpVWVaVFBa
Z0J6S0NNVkR4aDJnc3FOWUZQZitEaUkKLS0tIDdrcFNNbmVING5QaXpINjV5cUl5
c1RISGFPUlIwOXhVTkJKYTJTc0N4cXMKL4EZLRC1xYzn+33lhbeMv/3bqQtxMMVA
UQ7RwbXHILo8AODQY+xXv4+j//wX/MU6ZoUW1tW0vJ6U9qXx9Ez6dQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-17T22:06:42Z"
mac: ENC[AES256_GCM,data:bvoNDtqM1ST50wjzhdXw1GPHM0D4Gfj3dUZJFol4qudN4mh/qgXIxgCxSDknZSXQ53ed9beDEZF34zmIN3xwy9ygJmghU4hZNUYBN+Ux8xaRT55L+cW4mBGB12DtbDiBXqmkZGTiIWcgj3TYVjOZbvmahJkpRkEevk6jvonTa7c=,iv:PODs60uQYwuc6ecfKh1yE/SBXqA5clVWqevL57H3pIw=,tag:C8sLoSlsNF0Jvi0KKlP0jg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2