From b3ab73a336fca4c575bb50af5db632f19db3f559 Mon Sep 17 00:00:00 2001 From: Fuwn Date: Sun, 4 May 2025 22:06:38 -0700 Subject: Nara: Set up SOPS --- .sops.yaml | 2 ++ flake.lock | 9 +++------ hosts/default.nix | 1 - hosts/nara/default.nix | 1 + modules/base/default.nix | 1 + modules/base/sops.nix | 17 +++++++++++++++++ modules/core/default.nix | 1 - modules/core/sops.nix | 17 ----------------- modules/mac/default.nix | 1 + secrets/hosts.yaml | Bin 3760 -> 4256 bytes 10 files changed, 25 insertions(+), 25 deletions(-) create mode 100644 modules/base/sops.nix delete mode 100644 modules/core/sops.nix diff --git a/.sops.yaml b/.sops.yaml index d766302..621834e 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,6 +7,7 @@ keys: - &akashi age1zw2q6fqm8zf6swcdrqxyng08ev5xg0s8m5u93q40h5ul3yu8ddwq9q6vfu - &kioku age1zjdjg900vzaeam4vlr4ah09c6g28h9yzq0zvx4zm0vnl909lfawqfn3pj9 - &hoka age19xlhzf6guy3df2f3m4l3swn539a4cdsl5vct9tmerrfpqukmwvys5y50wn + - &nara age1jq3yx0cmxrcamw9zgljzj0c3dh2m2frdde5ff5j6jqdze0suhg3s5xtj66 creation_rules: - path_regex: secrets/hosts.ya?ml$ @@ -17,6 +18,7 @@ creation_rules: - *akashi - *kioku - *hoka + - *nara - path_regex: secrets/ebisu.ya?ml$ key_groups: - age: diff --git a/flake.lock b/flake.lock index 1fc5ba4..8ebd165 100644 --- a/flake.lock +++ b/flake.lock @@ -2237,17 +2237,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs-stable" ] }, "locked": { - "lastModified": 1729999681, - "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=", + "lastModified": 1745310711, + "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56", + "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", "type": "github" }, "original": { diff --git a/hosts/default.nix b/hosts/default.nix index 6c7a864..43479b0 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -54,7 +54,6 @@ (import ./kansai pcOptions) (import ./kioku minimalOptions) (import ./nara macInherits) - (import ./utm (macInherits // { inherit lib; })) ]; } diff --git a/hosts/nara/default.nix b/hosts/nara/default.nix index 84541af..b2cd9d2 100644 --- a/hosts/nara/default.nix +++ b/hosts/nara/default.nix @@ -15,6 +15,7 @@ in determinate.darwinModules.default nix-homebrew.darwinModules.nix-homebrew home-manager.darwinModules.home-manager + sops-nix.darwinModules.sops "${self}/home/ebisu/nara" ]; diff --git a/modules/base/default.nix b/modules/base/default.nix index bca5d83..f1dedf0 100644 --- a/modules/base/default.nix +++ b/modules/base/default.nix @@ -2,5 +2,6 @@ imports = [ ./nix.nix ./programs.nix + ./sops.nix ]; } diff --git a/modules/base/sops.nix b/modules/base/sops.nix new file mode 100644 index 0000000..7cae1c9 --- /dev/null +++ b/modules/base/sops.nix @@ -0,0 +1,17 @@ +{ pkgs, self, ... }: +{ + environment.systemPackages = [ + pkgs.sops + ]; + + sops = { + gnupg.sshKeyPaths = [ ]; + secrets.tailscale_authentication_key.sopsFile = "${self}/secrets/hosts.yaml"; + + age = { + sshKeyPaths = [ ]; + keyFile = "/var/lib/sops-nix/key.txt"; + generateKey = true; + }; + }; +} diff --git a/modules/core/default.nix b/modules/core/default.nix index 56d8ad9..026c7a3 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -5,6 +5,5 @@ ./access ./networking ./nix - ./sops.nix ]; } diff --git a/modules/core/sops.nix b/modules/core/sops.nix deleted file mode 100644 index fbf1b6f..0000000 --- a/modules/core/sops.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, self, ... }: -{ - environment.systemPackages = [ - pkgs.sops - ]; - - sops = { - gnupg.sshKeyPaths = [ ]; - secrets.tailscale_authentication_key.sopsFile = "${self}/secrets/hosts.yaml"; - - age = { - sshKeyPaths = [ ]; - keyFile = "/var/lib/sops-nix/keys.txt"; - generateKey = true; - }; - }; -} diff --git a/modules/mac/default.nix b/modules/mac/default.nix index 1ed98c7..f0cb03b 100644 --- a/modules/mac/default.nix +++ b/modules/mac/default.nix @@ -1,3 +1,4 @@ +{ lib, ... }: { imports = [ ./programs diff --git a/secrets/hosts.yaml b/secrets/hosts.yaml index c04a6af..7355f85 100644 Binary files a/secrets/hosts.yaml and b/secrets/hosts.yaml differ -- cgit v1.2.3