aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.sops.yaml4
-rw-r--r--desktop/configuration.nix12
-rw-r--r--desktop/home.nix14
-rw-r--r--flake.nix3
-rw-r--r--secrets/secrets.yaml32
5 files changed, 34 insertions, 31 deletions
diff --git a/.sops.yaml b/.sops.yaml
index 132d7c7..9c91d66 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,7 +1,7 @@
keys:
- - &primary AEC273BF75B6F54D81343A1AC1FE6CED393AE6C1
+ - &primary age165ul43e8rc0qwzz2f2q9cw02psm2mkudsrwavq2e0pxs280p64yqy2z0dr
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- - pgp:
+ - age:
- *primary
diff --git a/desktop/configuration.nix b/desktop/configuration.nix
index 445ad90..aa5290e 100644
--- a/desktop/configuration.nix
+++ b/desktop/configuration.nix
@@ -5,18 +5,6 @@ in
{
imports = [];
- sops = {
- defaultSopsFile = ../secrets/secrets.yaml;
- defaultSopsFormat = "yaml";
- gnupg = {
- home = "/home/${vars.userName}/.gnupg";
- sshKeyPaths = [];
- };
- secrets.mail = {
- format = "yaml";
- };
- };
-
hardware.enableAllFirmware = true;
documentation = {
diff --git a/desktop/home.nix b/desktop/home.nix
index f649145..ddaf573 100644
--- a/desktop/home.nix
+++ b/desktop/home.nix
@@ -3,6 +3,19 @@ let
vars = import ./vars.nix;
in
{
+ sops = {
+ defaultSopsFile = ../secrets/secrets.yaml;
+ age = {
+ keyFile = "${config.home.homeDirectory}/.ssh/keys.txt";
+ };
+ secrets.mail = {
+ format = "yaml";
+ path = "${config.sops.defaultSymlinkPath}/mail";
+ };
+ defaultSymlinkPath = "/run/user/1000/secrets";
+ defaultSecretsMountPoint = "/run/user/1000/secrets.d";
+ };
+
home = {
activation.startup-files = lib.hm.dag.entryAfter [ "installPackages" ] ''
if [ ! -d "${config.home.homeDirectory}/org/website/" ]; then
@@ -45,6 +58,7 @@ in
packages = with pkgs; [
# kicad
+ age
acpilight
alsa-utils
autobuild
diff --git a/flake.nix b/flake.nix
index 0c914f9..69db601 100644
--- a/flake.nix
+++ b/flake.nix
@@ -61,6 +61,9 @@
sops-nix.nixosModules.sops
{
home-manager = {
+ sharedModules = [
+ sops-nix.homeManagerModules.sops
+ ];
useGlobalPkgs = true;
extraSpecialArgs = attrs;
useUserPackages = true;
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index d9fa4b0..a115713 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,24 +1,22 @@
-mail: ENC[AES256_GCM,data:UQ2/uw2hWtYOWqzf3ZV4YT5Zxw==,iv:t3J0kLSHeMtsdc1p7mt7+vuYwxjvWtkOhRUIHRQpCjs=,tag:T0y7DlFBPWNOUk9EaN1ndw==,type:str]
+hello: ENC[AES256_GCM,data:SyGz4JsQGWYBSsn59/iy2jtF5LxcLqvuYlJa9Ng30TYHZLjGHLFnFLCN8H1JLg==,iv:DAtgeXT/nnNDGfayt7GrzDI527CawbF7sLAbw6A5bYs=,tag:zQyCdvFekQW3fhsqzV51Fw==,type:str]
+mail: ENC[AES256_GCM,data:IFJnuVbshByUh5S3HoSnX5AyOg==,iv:gF0JlnBGAMLduMIG/hZtssdkHVL9/RDmDwBw/WoMDwQ=,tag:adDgcz/VrAN6/kfYTKa5XA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
- age: []
- lastmodified: "2025-01-11T03:12:20Z"
- mac: ENC[AES256_GCM,data:vofTpOG8XIKrYASXYvrLCmzTPDDlCe0kN6C4SJ5Zc2C7578wYyybX1m0yXpRFoN4YiQAYhmSiZTm3AdWG4f1aXH03ESSm66bkHbCf+TjZy6LBSxE6C+9TP9/Umavg3irkjMqakBPV06pG+NZkjUXJrumbYwxynvuHHmDnvNxO2c=,iv:Ln9rYcieoiMqHZaK7yLSV7fIwD/5CHKDlAvngt8XZU8=,tag:2Gr6PJOPmLYpWMvrcQK80A==,type:str]
- pgp:
- - created_at: "2025-01-11T03:07:49Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DlbvrYPoKVt0SAQdAzS+sg9o+P9ccCk60TgwP1vVoOxmtX3BHZKaraK4YDB0w
- YAwrxiLNEmtFqTbLx95ILu6GiAsKi8AAf6DvS5303gazNkuwDTzm50/cpCL2ekIe
- 1GgBCQIQuOhj2vPLQDGrEynNMlwd8kd7SR+2iOuNWygnGoybCzbrjDBFogyDlko2
- lsTZVSX7JV0VklE8Pwmd3JALrbJGrIAoiXz3mX0Zlncb5ZsAkjI2h7eO7NAh+x4J
- WZLpY23RGfGgXw==
- =r9w2
- -----END PGP MESSAGE-----
- fp: AEC273BF75B6F54D81343A1AC1FE6CED393AE6C1
+ age:
+ - recipient: age165ul43e8rc0qwzz2f2q9cw02psm2mkudsrwavq2e0pxs280p64yqy2z0dr
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNHJDMllEZkJYQitsTlls
+ WTRkQUdJOWZxRDR1WkFXdWRDUllFVmFGUFZnCmh3Mi9KMGM2aTFxQksxT1cyVDJ1
+ bytaVGVIVnlyY1hacS9BVG1aSVVCOTQKLS0tIGdLTEFORTZsYmFkMGZHUWJ5akFQ
+ OFFNeEtOTk5FSm9RaDFad0UyeWZ2WDgKIwGoB4a5WAIkE93gzqdUzNlo5vgQ1zLy
+ yhEFrE1NbhyItnZIg/yRhqFG0dv7D3pEP3pq2Seew6pKJg/s9UTJ8Q==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2025-01-11T05:44:03Z"
+ mac: ENC[AES256_GCM,data:guq/zTApolx+Jfppi6gfmEXloRksD5q1QW+M1gFb4itTf86pqENqCMkh7Mymyc8vfwKv10QYi8GYHBfBfqT/28jniRURo+Rt0DNZLMVbcxT230FoqaHjGO+bawScARJPk8DROb4N+UeGxsUQ2/XOeLJ2oISH6JcCwptUaJxOBaM=,iv:Cd/nnTlUxQMiaXSUfo9pXOble4N8SwYNrk9WZkB4qHM=,tag:Ast4SYXk51jNHG52GfUYig==,type:str]
+ pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2
generated by cgit (git 2.34.1) at 2025-01-18 07:40:58 +0000