mirror of
https://git.sr.ht/~rouven/nixos-config
synced 2024-11-15 05:13:10 +01:00
use the sops home manager module
This commit is contained in:
parent
a06384c5d3
commit
5408a5ee19
13
.sops.yaml
13
.sops.yaml
|
@ -1,17 +1,24 @@
|
|||
keys:
|
||||
- &rouven 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
|
||||
- &yubi 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
|
||||
- &rouven age1l80slr486r82csm758q2a32j2e2qdxdyxgh46um6thsjv08la9sq7475p6
|
||||
- &thinkpad age1pwdahgk2yty9w8cw5ht90mral76h0ndp3vkp93xm4g0cttjlsvgqn8vlys
|
||||
- &nuc age18z4z5pgw8eluu32xe3krg4sxd2rncsnjw6e2axcun7x3vrj62vhq8eyz00
|
||||
creation_rules:
|
||||
- path_regex: secrets/thinkpad\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *rouven
|
||||
- *yubi
|
||||
age:
|
||||
- *thinkpad
|
||||
- path_regex: secrets/rouven\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *yubi
|
||||
age:
|
||||
- *rouven
|
||||
- path_regex: secrets/nuc\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *rouven
|
||||
- *yubi
|
||||
age:
|
||||
- *nuc
|
||||
|
|
|
@ -33,9 +33,10 @@
|
|||
home-manager.extraSpecialArgs = attrs;
|
||||
home-manager.users.rouven = {
|
||||
imports = [
|
||||
nix-colors.homeManagerModule
|
||||
nix-colors.homeManagerModules.default
|
||||
hyprland.homeManagerModules.default
|
||||
nixvim.homeManagerModules.nixvim
|
||||
sops-nix.homeManagerModules.sops
|
||||
];
|
||||
config = {
|
||||
colorScheme = nix-colors.colorSchemes.dracula;
|
||||
|
|
45
secrets/rouven.yaml
Normal file
45
secrets/rouven.yaml
Normal file
|
@ -0,0 +1,45 @@
|
|||
email:
|
||||
tu-dresden: ENC[AES256_GCM,data:bd5/rb4V60COzzCqych3Hfw=,iv:PUNE9amHlTc9PRST1LUpG1w/tOmP/VMOs3+3Zu3rLWw=,tag:iIc7yrrBC4iDkaRAD4nuVw==,type:str]
|
||||
rfive: ENC[AES256_GCM,data:j51G8LkEu3e3HPhZVTrBDsjJkDGIMZ3PPw==,iv:FtcO97LF57h4p8ZyvZPQ7gsLlQUyg+RzyIPlPYhLYK0=,tag:XbDBwcvWAlbuLvvV0I+2LA==,type:str]
|
||||
google: ENC[AES256_GCM,data:044yUHWp8PvtTytFwfCAhg==,iv:nRWzcxXCogombevZQxYsMuLL4us1kv6WKfChRphLR48=,tag:fnHxnweczc5bElK8kGa6rw==,type:str]
|
||||
ifsr: ENC[AES256_GCM,data:debmpTL+VYNE3InslDyV0FW1sKjBFA==,iv:ZKwyOMsfQivesFoEJeDCNnPzOgwlP0xmJ0GNsA57njM=,tag:CJZhWTb2MfsR+rv2VY6Xmw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1l80slr486r82csm758q2a32j2e2qdxdyxgh46um6thsjv08la9sq7475p6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2d1N1elJjb2c4OTAzMEs0
|
||||
cDg4NXBtZW9OLzZGV2ZFeEdlcDhCeGpRTkJnCmdKU01ISnZWdTZqc01MR3lqSWRG
|
||||
YmVSSVJ0b05GWGFVamtUbkRUNm1pZ2sKLS0tIERPNXlNZkdmbmZadVIwRWZpV1BM
|
||||
N08rUm1KNCtOaHlYVnFZUFViZnNHeUkKvQTAtOKQqCJP54eV6bxxCWX5CKACPJQP
|
||||
MBkKw0jbgjBI4SuDdPQVaXE0gEllJPjENUjqXGVatYbhBStbIraZQQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-02-25T23:44:24Z"
|
||||
mac: ENC[AES256_GCM,data:OxfIyFsDaMRkCcafcfETLRUP0Riw7XXqz8/aLrF9/gSFYUix5SlqGCFqT1+GyhjIewQK88oe3AjVeKwuuFjqgXVEh2/4+rLIOvHaW1z+Io9QSdU7ReNRK3KtwRbnZuB2grwt5UXNmSFUntdfIiF33wsKpMFAAJRStFFVwt6fMyc=,iv:oDsZt3T7yFNutmTX6BNL4FCckz09pdORZxDvLRWE4eI=,tag:Y2Yi+tiKOUYOGF/iLfjhJg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-02-25T23:44:24Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAzUXo8ZPJwGLARAAja+e+NQECvY7Pq8jVEvrTDZVWtywNXUhWIHaoA6dQG0y
|
||||
gbl4rTnOGEaTQbLZuT6HMHvu20ejgu48Xw34phKjw4S0nTL8PKH/euaQPPGt0qIS
|
||||
NEClOSPE+1l2UN7DbK/ViNNpPePi/ApM0dvc+Kmywy7vlDXT39JNWb/bHIpl95vK
|
||||
4LQ1oL1hQ8thRnVa8vhyEGx89eAKNV7+b8rhMAAwai83TBMZK8p/HS9PegXDYRPA
|
||||
ZReBbuWD4za89jWQyKSJZul2sDwfnrih+FLyCZp1BHyUIoi96ysFH1NrX8mQ/LgO
|
||||
8G4q0593DJ/M9ergP3RngjIJ6xj/ZS2ggaFeE3H/YD9R8DV/QtjrnIzwpLPKyxmi
|
||||
hX6/VGHYghpRNonsB4IJZSyqTNJAdkqQE6DN3xIxw25j49i90C+5pAn3YYvc/Pac
|
||||
O8Ra0kfh6ELxG9DdmJr3mWj+Co3L7mjD/q6Np5YRWwKcT4VLLBJaIobeE7FH+6DC
|
||||
Ti2hzz5Zj9wAH6KB8VjtjXUGguaH1Dx5H26w+pdkwFlBaDXg3V7UXrAxhN7DoV8a
|
||||
pvjO7bRIMdOfCVLXs+z3QjUY++kMK1zfO1vek3JSt9p0d9QQ5zez9ddqE12BMEJ1
|
||||
rdm5IZEY52zqohXQ4MgC61beE8KEGvGA4EqI4XUBQFLLLKUP63u6liiJ4qODR2TS
|
||||
UQGzV/RwExLowpG03J0te1EavWwLiGC+Nrq51ycWCAJOMsJ4ANcMsYfvxuVUQSaT
|
||||
xrS8y7eZ8gZWNy3toaZK39bns4dBVKs9XtVWatsycx4REw==
|
||||
=pj83
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
|
@ -5,11 +5,6 @@ wireguard:
|
|||
dorm:
|
||||
private: ENC[AES256_GCM,data:l2SEIEoljGLrEDWEVdfJiVdLafyAmlR4wKzKtz/xsLL6kEGveK/dgsDvjiU=,iv:5YktJB0g/2Agd+0+synPjZUsxxa5JPorFn975Vr/PF4=,tag:c6CmppUVMcjrip4YraBurQ==,type:str]
|
||||
preshared: ENC[AES256_GCM,data:sb6vHcYO6c+m2jegangICr3v2toTFdSwt/rgCKD7q4UB/qR8U5CaAEjQdXY=,iv:QwQbNxx4+xTL14ID10bS7HWxKWzkoMSV6wHu8qytbEU=,tag:ozsK2gqayY56uOTGZtCNqQ==,type:str]
|
||||
email:
|
||||
tu-dresden: ENC[AES256_GCM,data:JRSfF2tnZX6NRPXFdJE5c7Q=,iv:phOzSD2XUcnvSneKtmMmB5zYrnXcZL1PzsurWLsy9gA=,tag:sxC5hLb7Rd4j5/mEi8Zu6A==,type:str]
|
||||
rfive: ENC[AES256_GCM,data:noHhc37RxE/UZtTcllCb0r57ke7mauZNpQ==,iv:kbhXBDcRigSxbPyQu5HS8xG+WfehEYNi+uGC6lcvHEw=,tag:CPHmf85Fr54P8zj/dShazg==,type:str]
|
||||
google: ENC[AES256_GCM,data:MObdBDErPOyPISOoc8zlQA==,iv:cPJgKjHR838Pm4O+WI52ZO4v4ds4GU351oU0HDSDfsg=,tag:dy+ApExgn26+3Osu5B2kaQ==,type:str]
|
||||
ifsr: ENC[AES256_GCM,data:cJT5du8Jwy+rh286H55P2bEIIPtNpg==,iv:1qYzIqSWJ68GTGfl0x0YRZMPQAGAmibI1GKfdDWOrO4=,tag:sbHPs81bL88Ns75Mu+OUnQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -25,8 +20,8 @@ sops:
|
|||
d1J5UHJDYjlZWEV1aEVDSmxhWDB0anMKMNzyd465AdMyX0o9NxF+hcLyROcd8xoJ
|
||||
39K5xIDzcqpu6HfoZk1kZ/TT1DS2Xiw0rDuJHWdfpnS8zNe6DL3a7Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-02-16T20:53:53Z"
|
||||
mac: ENC[AES256_GCM,data:mcQexhVzXr28XF6KyN9MckSpD03q5tJl/IgL1CCeyvBRY4TkxBuTMKld22R9pp46StMfg16A2j2voTc546ayribLgIfn78wxa0sraaYoir+/xaF697EoO8UfthHPdmd8DHru7yoOFx0F4k2jNHGSIEi+FNrflUu+L8PxZ7Kyzms=,iv:HKW9WpufHCpUNSM048g2djj+h1vwB+gnL84hZH1LuJw=,tag:6Hj9ua1wsIvlsIvn5eOvXw==,type:str]
|
||||
lastmodified: "2023-02-25T23:26:47Z"
|
||||
mac: ENC[AES256_GCM,data:nfRwekR/4/trVfZfo0PAPp9aW/9ETHnMYLruACC0JjSTLa6Bfs1nCLwu+ylVX2dPD9LIZZRa9aKKSkCRYJxnqIW/uCs+RMWn+FDq9Cg35tbyEUaBIkhFz09LsSLfZKodqBrVjOGgxgTFfzn075EU0nCho3PRpUesMdIpX9PhTfM=,iv:FJ+rAPTmNXDrAguUJScZnHJ3SOH6/Znx2Mliz+eoR2M=,tag:Fc3CGH9KaPchGH0i9VY1Wg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-02-16T20:53:51Z"
|
||||
enc: |-
|
||||
|
|
|
@ -1,11 +1,5 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
# email passwords
|
||||
sops.secrets."email/tu-dresden".owner = "rouven";
|
||||
sops.secrets."email/rfive".owner = "rouven";
|
||||
sops.secrets."email/google".owner = "rouven";
|
||||
sops.secrets."email/ifsr".owner = "rouven";
|
||||
|
||||
# generate system completions
|
||||
programs.zsh.enable = true;
|
||||
|
||||
|
|
|
@ -3,12 +3,19 @@ let
|
|||
gpg-default-key = "116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09";
|
||||
in
|
||||
{
|
||||
sops.secrets = {
|
||||
"email/rfive" = {};
|
||||
"email/tu-dresden" = {};
|
||||
"email/ifsr" = {};
|
||||
"email/google" = {};
|
||||
};
|
||||
home.packages = with pkgs; [
|
||||
imv
|
||||
w3m
|
||||
urlview
|
||||
];
|
||||
services.mbsync.enable = true;
|
||||
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
|
||||
programs = {
|
||||
neomutt = {
|
||||
enable = true;
|
||||
|
@ -37,7 +44,7 @@ in
|
|||
gpg.key = gpg-default-key;
|
||||
realName = "Rouven Seifert";
|
||||
userName = address;
|
||||
passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/rfive";
|
||||
passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive";
|
||||
imap = {
|
||||
host = "pro1.mail.ovh.net";
|
||||
port = 993;
|
||||
|
@ -96,7 +103,7 @@ in
|
|||
gpg.key = gpg-default-key;
|
||||
realName = "Rouven Seifert";
|
||||
userName = "rose159e";
|
||||
passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/tu-dresden";
|
||||
passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/tu-dresden";
|
||||
imap = {
|
||||
host = "msx.tu-dresden.de";
|
||||
port = 993;
|
||||
|
@ -160,7 +167,7 @@ in
|
|||
gpg.key = gpg-default-key;
|
||||
realName = "Rouven Seifert";
|
||||
userName = "rouven.seifert";
|
||||
passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/ifsr";
|
||||
passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/ifsr";
|
||||
imap = {
|
||||
host = "mail.ifsr.de";
|
||||
port = 143;
|
||||
|
@ -220,7 +227,7 @@ in
|
|||
address = "seifertrouven@gmail.com";
|
||||
realName = "Rouven Seifert";
|
||||
userName = address;
|
||||
passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/google";
|
||||
passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/google";
|
||||
imap = {
|
||||
host = "imap.gmail.com";
|
||||
port = 993;
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
./hyprland
|
||||
./neovim
|
||||
./qutebrowser
|
||||
./sops
|
||||
./ssh
|
||||
./tmux
|
||||
./vifm
|
||||
|
|
8
users/rouven/modules/sops/default.nix
Normal file
8
users/rouven/modules/sops/default.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
sops = {
|
||||
age.sshKeyPaths = [ "/home/${config.home.username}/.ssh/id_ed25519" ];
|
||||
age.generateKey = false;
|
||||
defaultSopsFile = ../../../../secrets/${config.home.username}.yaml;
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue