youthlic/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

remove ssh private key and add it to sops.

Browse source
This commit is contained in:
Ulic-youthlic 2025-01-08 20:35:26 +08:00
parent 914c64e982
commit 635f3cec9b
10 changed files with 91 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &admin 4FED5D017062C493E685D35AE5481AFB6545CB90
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin

23
flake.lock generated
View file

@ -822,7 +822,8 @@
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_4",
"nur-xddxdd": "nur-xddxdd", "nur-xddxdd": "nur-xddxdd",
"oskars-dotfiles": "oskars-dotfiles" "oskars-dotfiles": "oskars-dotfiles",
"sops-nix": "sops-nix"
} }
}, },
"rust-overlay": { "rust-overlay": {
@ -888,6 +889,26 @@
"type": "github" "type": "github"
} }
}, },
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736203741,
"narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,

5
flake.nix
View file

@ -56,6 +56,11 @@
url = "git+https://gitlab.com/rycee/nur-expressions.git?dir=pkgs/firefox-addons&ref=master"; url = "git+https://gitlab.com/rycee/nur-expressions.git?dir=pkgs/firefox-addons&ref=master";
flake = false; flake = false;
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = outputs =
{ {

11
home/david/configurations/Tytonidae/default.nix
View file

@ -1,6 +1,7 @@
{ {
pkgs, pkgs,
config, config,
rootPath,
inputs, inputs,
... ...
}: }:
@ -97,4 +98,14 @@
uris = [ "qemu:///system" ]; uris = [ "qemu:///system" ];
}; };
}; };
sops.secrets."ssh-private-key" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519";
};
sops.gnupg = {
home = "${config.home.homeDirectory}/.gnupg";
};
sops.defaultSopsFile = rootPath + "/secrets/general.yaml";
} }

8
home/modules/default.nix
View file

@ -1,6 +1,10 @@
{ lib, ... }: { inputs, lib, ... }:
{ {
imports = [ imports =
(with inputs; [
sops-nix.homeManagerModules.sops
])
++ [
./nix.nix ./nix.nix
]; ];

8
nixos/configurations/Tytonidae/users/tytonidae
View file

@ -1,8 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC2sRS60d
BXX14enHHCynC9AAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIETMs9b4xfFRsgPZ
UzrVce3J27p0LBKLfZwhNMen0Da9AAAAkC3NVadOCQU0sd6qujTsqGPSbuO6iNaEBOj6hl
GVPf/VwoGxadvzyQh7sdcOzr/nybcaNgOya7sjAWN0uClekHp/8ZUewU28xlmv2yXxpOXM
UrDFaUcpWIRegALW8CpJf2ndykI1Y8eY2uwGJSWgWreBoCD81P1V68DSw8i4XVtW2Pad9y
yYvR8TpNxCvyta2w==
-----END OPENSSH PRIVATE KEY-----

2
nixos/modules/default.nix
View file

@ -11,10 +11,12 @@
nixos-cosmic.nixosModules.default nixos-cosmic.nixosModules.default
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
dae.nixosModules.dae dae.nixosModules.dae
sops-nix.nixosModules.sops
]) ])
++ [ ++ [
./nix.nix ./nix.nix
./home.nix ./home.nix
./gpg.nix
]; ];
config = { config = {

11
nixos/modules/gpg.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
config = {
programs.gnupg = {
agent = {
enable = true;
enableSSHSupport = true;
};
};
};
}

2
nixos/modules/home.nix
View file

@ -57,7 +57,7 @@
} }
); );
extraSpecialArgs = { extraSpecialArgs = {
inherit outputs inputs; inherit outputs inputs rootPath;
inherit (cfg) unixName hostName; inherit (cfg) unixName hostName;
inherit (pkgs) system; inherit (pkgs) system;
}; };

24
secrets/general.yaml Normal file
View file

@ -0,0 +1,24 @@
ssh-private-key: ENC[AES256_GCM,data:tG+WYcvaGdMeRiCaAQY6KifoW+xyXKENfx0M6094M9oY/PTnabj1ssakqgn3ujDlckMxf5gZKfGAw0LW7wqWWIKAnVFKFr5fRXWpwROHtHV34BdvQAXtSNsOx9laaw383wWbrrnbblRW6E6GfUQs3YjQa0C+M/6qqpIdDJBbd/AV9OB3B1kiOtBUuHPGBeHvDa5QJUNFLNTO1iJ4rppPZRJ1tG9tTitTuAVRIqlZQZf1hKoz+yB+IakX+AmaXkpnpBOJhfcQWtjdm96Pl/s7pjvVR3f2DAXS8jx+oZT0/7y0xkMi/cvYqGwY/UJZS5w9/2Vk0DQ+I0F17fVZjNsIZKATjl26bRCFaD0Q6Qaw+EwaAaNAhiONbLuQRx3eig3K9KvXhoXKOYVWEnLlgN9gU+dMKD0QOr71u9LScaKkjcI4EpFrOVYET56WeeOP4SEcpkbJ1Qj9GdvGD8cvU281xBRCBxk+nuyazw5PrAmtT+rF16C7+XaHZceeWtMbpALaVL57xFaX+4sab9RVmO6dbtriETUjRHFiVtff1iHln0+aIl2IsSTpHY2v3coBcRMdR9wLeNNUua9b+bu8,iv:tQ6QO0I282jgNaWdc4tuz+ytZ/S4oE/zp5msENc5j5o=,tag:ZHdON06qRJWdl3RUb65jhg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2025-01-08T11:08:01Z"
mac: ENC[AES256_GCM,data:VV5xr8jvj2NiGTGtmFehh7M3iLMe3eKHhmQApCJSo/kMSmnou5+LuMDQfq5zK66Q63bA7MjlDy2vIPLUD1fRr56oHABquIjJdP6g4UjtkinE/a7dISWLXH0u40VOFI0UkSKrcKh+ViXlaOyBVs+uOiZ+WsqUEBVZ3KZi3iFkKmQ=,iv:KzFscpU0Po/mOpzprUpN3UHlIvPS5+stBbR1gsihwWY=,tag:rkIWTlKWIqhcgSEenzn6gQ==,type:str]
pgp:
- created_at: "2025-01-08T11:06:18Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DBSHyuNl/MZkSAQdAiSuiDDZWC7qVMB+UOkOCPfQxtTVfmJCRnXz1dJJNvEsw
/CFsMzi5HevKMcTXhmRp9eNxJMo/kJsAjjlwMUzxxtcbwCN/uukLjnfYFmhCXa4u
1GgBCQIQgWlPc7rngROl+ldoUgffRF8BULgqXgFXn+rXRhyVrIjlLhzRwkY9jAXo
LHKkqi5lKjXX4uUx2oTz352Vu/X6g3qPcRZsjXR/trWhNUkBwwPIKPiyPI/KumQj
g15yhH2tbasKIQ==
=g2ld
-----END PGP MESSAGE-----
fp: 4FED5D017062C493E685D35AE5481AFB6545CB90
unencrypted_suffix: _unencrypted
version: 3.9.2