blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add sops module

Browse Source
This commit is contained in:
blake
2025-10-05 11:28:06 -05:00
parent c6e2c781de
commit 00c6855875
5 changed files with 57 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -1,5 +1,5 @@
secrets/* #secrets/*
!secrets/*.age #!secrets/*.age
.keyring .keyring
.keyring/ .keyring/

23
flake.lock generated
View File

@@ -39,7 +39,28 @@
"root": { "root": {
"inputs": { "inputs": {
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1759635238,
"narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "6e5a38e08a2c31ae687504196a230ae00ea95133",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
} }
} }
}, },

6
flake.nix
View File

@@ -9,8 +9,10 @@
url = "github:nix-community/home-manager/release-25.05"; url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
inputs.sops-nix.url = "github:Mic92/sops-nix"; sops-nix = {
inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { self, nixpkgs, home-manager, ... }@inputs: outputs = { self, nixpkgs, home-manager, ... }@inputs:

4
modules/system/sops.nix
View File

@@ -1,7 +1,7 @@
{ pkgs, config, lib, inputs ... }: { pkgs, config, lib, inputs, ... }:
{ {
imports =[ inputs.sops-nix.nixosModules.sops ]; imports = [ inputs.sops-nix.nixosModules.sops ];
options = { options = {
modules.system.sops.enable = lib.mkEnableOption "enables ssh"; modules.system.sops.enable = lib.mkEnableOption "enables ssh";

27
secrets/secrets.yaml Normal file
View File

@@ -0,0 +1,27 @@
hello: ENC[AES256_GCM,data:ZjhIiTAN/rdHlO3nEVrctNuoS5vFaG8grAqsfnaWfUUVJOtjoi3jlm/s9A8dD7V3VUTrrjljSQ==,iv:3cpM6+cfaAELzDTm4uRM4DAU6rKRfjefXLIhiPT/Jo0=,tag:cXFux4EJ5jWhHB6CJyiCbw==,type:str]
example_key: ENC[AES256_GCM,data:NhzYUlbq19YmVJ2B+A==,iv:YJ3m7mwIozoz/eqNtPoQzqR6kMqyyKabyo4kEkkwWE4=,tag:nC/IoJ2q1Vcrn7+o5xovyA==,type:str]
#ENC[AES256_GCM,data:Z0/zSgdQuyko6bYCwdst0Q==,iv:Xa5LOvSN4YW+IzUVXzDEt0fLqXSZoGDqRb42f39LRSA=,tag:vP2hP3Zs9Kx+OpCUKVvLhQ==,type:comment]
example_array:
- ENC[AES256_GCM,data:Ckt3o09eu2ynouMYtj4=,iv:yvAXPtBiRGUOEQZCpD7vn/aoy8Y1aHlkPBuW49kGlOI=,tag:tPwmSlptK7Z63Jo01XfyKg==,type:str]
- ENC[AES256_GCM,data:k/iGyDQbP0dTMt+A2pc=,iv:XLeSUyqA9AyDhUtW//fcnwsxWgZKk2kc5lxuL5AqqbM=,tag:u3W2UFN6+qDfGl3vtUicfw==,type:str]
example_number: ENC[AES256_GCM,data:ZRuo8oZLx9stAA==,iv:9hXm/5/+GEBNB4ctWMmjTKotcR9uufAjV4FyH1KCq5k=,tag:RD+VuR7nwrUgNWuAjpRIGA==,type:float]
example_booleans:
- ENC[AES256_GCM,data:H9p/ww==,iv:kVMcx6aVQAZj4T2V6z1HWyeottAnX7FFMTRzBfCP4vM=,tag:xVP3rUfNwh7yXW2XNhnfMw==,type:bool]
- ENC[AES256_GCM,data:Fo9fEJA=,iv:nPxly0FQRo5/xY5vP5V2n8gcdbjbDslhFPlmB5MAGyQ=,tag:Gq3/hljDSPbd5BuDtSKdGQ==,type:bool]
#ENC[AES256_GCM,data:9A2p05BEY4NdZQ==,iv:QDSNH1BPOO7zbA1kuxvsAgRCXFGXVTZaFOelbgshONY=,tag:zx4jKl2fDXaU0UX1TDpwiQ==,type:comment]
tailscale_authkey: ENC[AES256_GCM,data:SU0k3asrJd+WZ86VbC4w8TDJp+MqsbyagrzCfDcgTzO5yvBjpWAKbJ7A+VxgQvdu4+S2jMYbdrONPp3YbQ==,iv:VMYmGVk5GpUQApKKQYhdOw/cYCXrXxEZJJwHfQL4MjQ=,tag:7ruaoCDxuFQ7tE/JLJ37Xw==,type:str]
sops:
age:
- recipient: age14gfh682a7m7jfp3qrulql03x5rs7yedwmxwksxrrmgjsunstyuksqx93pz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WkdJMnJ3Y3IvN3lkemJK
RjF0dmgzT2lDcENka3BlK1NQRTBuR1BtSmhnCmI2cnRWdVpIM2t5SWNMOWNWdG84
SWRtMkNOYWZWbXFZYjJEWnVYazljcmMKLS0tIEF3eThDQTRKbEI0VWFLc3BSRVlF
U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg
PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-05T16:02:10Z"
mac: ENC[AES256_GCM,data:OWR0wy6uRBoWoA2ipvNNCJoj5Pkbode5dp69cLZrw9B1OVS6ZZXOBXSHUKwq7sza+2lROKkpG31oHIjAN8RMbszZojjPIRluhwSMcvPbD8K7SqtedYvsFM23wR6EuY9bDjrtSe8keZ37J1Dn25+UvxUJ816s7PRqT2z2RL1NKro=,iv:A/glNiNcprFt2K2+TZuaRyWG2FlTAVG/gM3/FmIk+xY=,tag:KYU8HjfGlRZy/s/VY6mOwg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2