add sops support
This commit is contained in:
parent
76c8a8bbbd
commit
b8f99cf3bc
7 changed files with 66 additions and 2 deletions
1
.envrc
Normal file
1
.envrc
Normal file
|
|
@ -0,0 +1 @@
|
|||
use flake
|
||||
3
.gitignore
vendored
3
.gitignore
vendored
|
|
@ -1 +1,2 @@
|
|||
result
|
||||
result
|
||||
.direnv/
|
||||
10
.sops.yaml
Normal file
10
.sops.yaml
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
keys:
|
||||
- &lotte age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
|
||||
- &vf2 age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa
|
||||
|
||||
creation_rules:
|
||||
- path_regex: machine/vf2/secrets\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *vf2
|
||||
- *lotte
|
||||
24
flake.lock
24
flake.lock
|
|
@ -261,9 +261,33 @@
|
|||
"nixpkgs": "nixpkgs",
|
||||
"pre-commit-hooks": "pre-commit-hooks",
|
||||
"riscv-overlay": "riscv-overlay",
|
||||
"sops-nix": "sops-nix",
|
||||
"systems": "systems"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729999681,
|
||||
"narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
|
|
|
|||
15
flake.nix
15
flake.nix
|
|
@ -51,6 +51,11 @@
|
|||
url = "github:DarkKirb/riscv-overlay";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.nixpkgs-stable.follows = "nixpkgs";
|
||||
};
|
||||
systems.url = "github:nix-systems/default";
|
||||
};
|
||||
|
||||
|
|
@ -139,8 +144,16 @@
|
|||
in
|
||||
containers;
|
||||
hydraJobs = {
|
||||
inherit (self) checks;
|
||||
inherit (self) checks devShells;
|
||||
nixosConfigurations = nixpkgs.lib.mapAttrs (_: v: v.config.system.build.toplevel) self.nixosConfigurations;
|
||||
};
|
||||
devShells.x86_64-linux.default = with pkgsFor "x86_64-linux";
|
||||
mkShell {
|
||||
nativeBuildInputs = with pkgs; [
|
||||
age
|
||||
sops
|
||||
ssh-to-age
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,5 +4,6 @@
|
|||
./containers/autoconfig.nix
|
||||
./nix/lix.nix
|
||||
./environment/impermanence.nix
|
||||
./secrets/sops.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
14
modules/secrets/sops.nix
Normal file
14
modules/secrets/sops.nix
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
sops-nix,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
"${sops-nix}/modules/sops"
|
||||
];
|
||||
sops.age = {
|
||||
sshKeyPaths = [
|
||||
"/etc/ssh/ssh_host_ed25519_key"
|
||||
];
|
||||
};
|
||||
}
|
||||
Loading…
Reference in a new issue