lightly-toasted/nix-config
1
0
Fork 0
mirror of https://github.com/lightly-toasted/nix-config.git synced 2025-10-04 03:15:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add sops-nix

Browse source
This commit is contained in:
lightly-toasted 2025-08-23 21:38:58 +09:00
parent 7e57ae8088
commit 4a948cc348
10 changed files with 85 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &primary age1mggj0wsszz92kfpvq7pjlf0mthkljl9usu7u98jrmyxh85q4pecs6zz4ll
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- *primary

23
flake.lock generated
View file

@ -239,7 +239,28 @@
"nix-flatpak": "nix-flatpak", "nix-flatpak": "nix-flatpak",
"nixcord": "nixcord", "nixcord": "nixcord",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixvim": "nixvim" "nixvim": "nixvim",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1754988908,
"narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
} }
}, },
"systems": { "systems": {

11
flake.nix
View file

@ -14,19 +14,26 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-flatpak.url = "github:gmodena/nix-flatpak"; nix-flatpak.url = "github:gmodena/nix-flatpak";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { self, nixpkgs, home-manager, ... } @ inputs: outputs = { self, nixpkgs, home-manager, ... } @ inputs:
let
rootPath = ./.;
in
{ {
nixosConfigurations.nixos = nixpkgs.lib.nixosSystem { nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs rootPath; };
modules = [ modules = [
./hosts/nixos/configuration.nix ./hosts/nixos/configuration.nix
]; ];
}; };
homeConfigurations."toast@nixos" = home-manager.lib.homeManagerConfiguration { homeConfigurations."toast@nixos" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = { inherit inputs rootPath; };
modules = [ modules = [
./home/toast/home.nix ./home/toast/home.nix
]; ];

2
home/toast/home.nix
View file

@ -4,6 +4,7 @@
inputs.nixvim.homeManagerModules.nixvim inputs.nixvim.homeManagerModules.nixvim
inputs.nixcord.homeModules.nixcord inputs.nixcord.homeModules.nixcord
inputs.nix-flatpak.homeManagerModules.nix-flatpak inputs.nix-flatpak.homeManagerModules.nix-flatpak
inputs.sops-nix.homeManagerModules.sops
./modules/kitty.nix ./modules/kitty.nix
./modules/git.nix ./modules/git.nix
@ -24,6 +25,7 @@
./modules/hypridle.nix ./modules/hypridle.nix
./modules/obsidian.nix ./modules/obsidian.nix
./modules/xdg.nix ./modules/xdg.nix
./modules/sops.nix
]; ];
home = { home = {

10
home/toast/modules/sops.nix Normal file
View file

@ -0,0 +1,10 @@
{ rootPath, ... }:
{
sops.defaultSopsFile = rootPath + /secrets/secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/home/toast/.config/sops/age/keys.txt";
sops.secrets."tailscale/authkey" = { };
}

4
hosts/nixos/configuration.nix
View file

@ -4,6 +4,7 @@
imports = imports =
[ [
inputs.nix-flatpak.nixosModules.nix-flatpak inputs.nix-flatpak.nixosModules.nix-flatpak
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
./modules/boot.nix ./modules/boot.nix
@ -15,8 +16,9 @@
./modules/hardware.nix ./modules/hardware.nix
./modules/environment.nix ./modules/environment.nix
./modules/programs.nix ./modules/programs.nix
./modules/sops.nix
]; ];
system.stateVersion = "25.05"; system.stateVersion = "25.05";
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
} }

5
hosts/nixos/modules/services.nix
View file

@ -18,7 +18,10 @@
}; };
}; };
}; };
services.tailscale.enable = true; services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."tailscale/authkey".path;
};
services.flatpak = { services.flatpak = {
enable = true; enable = true;
packages = [ packages = [

10
hosts/nixos/modules/sops.nix Normal file
View file

@ -0,0 +1,10 @@
{ rootPath, ... }:
{
sops.defaultSopsFile = rootPath + /secrets/secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/home/toast/.config/sops/age/keys.txt";
sops.secrets."tailscale/authkey" = { };
}

17
secrets/secrets.yaml Normal file
View file

@ -0,0 +1,17 @@
tailscale:
authkey: ENC[AES256_GCM,data:ssxd13QKzXbezZs9ewR0CRsN0T6FMzQjGyJ5czjv4lHP6ODM1hAkS728vInfgq2hwUwVzs17I0C4017MGg==,iv:r/M4WtjrQZLdqidlFNUvY9NQhDSntNka2iYOAu+RQc8=,tag:kycZLagUboZ31ryQ3exi3w==,type:str]
sops:
age:
- recipient: age1mggj0wsszz92kfpvq7pjlf0mthkljl9usu7u98jrmyxh85q4pecs6zz4ll
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2VXJQZ2RkQ0F4aHNSRVh5
OTVFdDJ5bTFoM3M4Q2VBVE5EU1NlRkNJZURFCm9hOGJUZmpHNzNhQkxzdjh3aW1q
VWtPNVhoVzRoMjl3ZFhHaDdlYnVqN00KLS0tIFRiNmF5a2pZbnI4Q3p1Z1pHZGN5
Z0crWElZcVFMVUd0VytoTHFqbkRDck0KY8nsRThk1hCA/yDNy5JJ0T6pTUwRZhYW
j8grD6JYvauuYa+3tSIwqy2RPiKltx696n9nXy9iPnFUO0QY/rQGVg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-23T08:50:02Z"
mac: ENC[AES256_GCM,data:nlUuYj6F960mebfQEER+ZyUfulIRRC1Uo1U0ZvKLA/YeemIzbbS/PlVawncsYEmhl6dyQ3RsXTEEqV7dAr0Bz3Ds5TFf4zz5kvRAf++1ho8TGyjBC88qR6hEoShJsuTfjFUn6NWiYetIKbmnLsuclE2aQU+8fo54PvIx8ut8mpo=,iv:qOHR8lXg9IeSHHq5StrwVsgIC4tIOAzvcSGS6bO7MXc=,tag:tZ7PByMZAPwe10sr3YLRgw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

1
shell.nix
View file

@ -5,5 +5,6 @@ pkgs.mkShell {
nix nix
home-manager home-manager
git git
sops
]; ];
} }