js0ny/dotfiles
1
0
Fork 0
mirror of https://github.com/js0ny/dotfiles.git synced 2025-12-21 08:43:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

nix: sops-nix

Browse source
This commit is contained in:
js0ny 2025-11-04 08:48:21 +00:00
parent 050799b77f
commit a32917bd22
6 changed files with 118 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

10
nixcfgs/.sops.yaml Normal file
View file

@ -0,0 +1,10 @@
keys:
- &host_zephyrus age1amkejw3q2aqf8yvh9mkqw8ad4g89mkuudyhv5k6k7s722fa85d6skem8vc
- &user_js0ny age1mcvqpg39t32ll684r4m2l8j0l9zag6endg0h6zjw8svkgdwc4pjqkk5fvj
creation_rules:
- path_regex: secrets/.*\.yaml
key_groups:
- age:
- *user_js0ny
- *host_zephyrus

123
nixcfgs/flake.lock generated
View file

@ -1,26 +1,5 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1761656077,
"narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=",
"owner": "ryantm",
"repo": "agenix",
"rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"caelestia-cli": { "caelestia-cli": {
"inputs": { "inputs": {
"caelestia-shell": [ "caelestia-shell": [
@ -67,28 +46,6 @@
"type": "github" "type": "github"
} }
}, },
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@ -112,7 +69,7 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@ -129,27 +86,6 @@
} }
}, },
"home-manager": { "home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -207,16 +143,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1754028485, "lastModified": 1761880412,
"narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "59e69648d345d6e8fef86158c555730fa12af9de", "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.05", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -238,22 +174,6 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1761880412,
"narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1761907660, "lastModified": 1761907660,
"narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=",
@ -272,7 +192,7 @@
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1762155241, "lastModified": 1762155241,
@ -334,34 +254,39 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"caelestia-shell": "caelestia-shell", "caelestia-shell": "caelestia-shell",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager_2", "home-manager": "home-manager",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nix-flatpak": "nix-flatpak", "nix-flatpak": "nix-flatpak",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"nur": "nur", "nur": "nur",
"plasma-manager": "plasma-manager" "plasma-manager": "plasma-manager",
"sops-nix": "sops-nix"
} }
}, },
"systems": { "sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1760998189,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
"owner": "nix-systems", "owner": "Mic92",
"repo": "default", "repo": "sops-nix",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "owner": "Mic92",
"repo": "default", "repo": "sops-nix",
"type": "github" "type": "github"
} }
}, },
"systems_2": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

10
nixcfgs/flake.nix
View file

@ -25,7 +25,10 @@
url = "github:caelestia-dots/shell"; url = "github:caelestia-dots/shell";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
agenix.url = "github:ryantm/agenix"; sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {
@ -38,7 +41,7 @@
plasma-manager, plasma-manager,
nur, nur,
caelestia-shell, caelestia-shell,
agenix, sops-nix,
... ...
} @ inputs: let } @ inputs: let
overlays = [ overlays = [
@ -65,7 +68,7 @@
system = "x86_64-linux"; system = "x86_64-linux";
inherit specialArgs; inherit specialArgs;
modules = [ modules = [
agenix.nixosModules.default sops-nix.nixosModules.sops
./hosts/${hostname} ./hosts/${hostname}
{nixpkgs.overlays = overlays;} {nixpkgs.overlays = overlays;}
]; ];
@ -98,6 +101,7 @@
./users/js0ny/zephyrus.nix ./users/js0ny/zephyrus.nix
plasma-manager.homeModules.plasma-manager plasma-manager.homeModules.plasma-manager
nix-flatpak.homeManagerModules.nix-flatpak nix-flatpak.homeManagerModules.nix-flatpak
sops-nix.homeManagerModules.sops
]; ];
}; };
"js0ny@nixvirt" = home-manager.lib.homeManagerConfiguration { "js0ny@nixvirt" = home-manager.lib.homeManagerConfiguration {

25
nixcfgs/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,25 @@
openrouter_api: ENC[AES256_GCM,data:ceu+FlTNrNoS56rHL9bdGjODfPBYnBd1GL97BgpmLvHz8q2KMXMvGofMTyZVGsLs1BEq4scjr+HN9r52tozLxeVWzkVfumcUMA==,iv:zT2vT94zAoKoutl58pbeOVqHm5nPmoMrA7wlZQcYVLs=,tag:+gS9EPcmfANCUipbeiAi0Q==,type:str]
sops:
age:
- recipient: age1mcvqpg39t32ll684r4m2l8j0l9zag6endg0h6zjw8svkgdwc4pjqkk5fvj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZGIwNlpPUlY2cCttTkJL
cEFDOWJ6TE0vUTQ3czJQTTdJUlpCWWJuRWp3CmJaZS9vbnBUVUpGaDR0MlNOK25q
b2Qvb0FjZlR2R1crTEdJTUFBbnR6ZWsKLS0tIDRkWFFXNkR0dml6eGdOZi9kUE41
djJMZUlQWU5ELyswdkNXTUUwUUZQY1kKRLHcH5mpHyMKBchX/zE1C6CqxGw8Yu6X
efAVToPTbi6f/8a1SiegkxSulnyRrhNkX0NeqU9/8hLky8NHr1yN1g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1amkejw3q2aqf8yvh9mkqw8ad4g89mkuudyhv5k6k7s722fa85d6skem8vc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnWmFrdTNsK1lWZmNBMEZT
T2ZCRktNRldJdXphT0JweldqSTdPUGZLQmpVCnEyT2FnWGNkemZyT05NN3ptcUlW
dnZsdGNwOXlEdjdPcFBCcFBVU0FSRzgKLS0tIHdETzFSVE1YVUd5Q3ZzTWYyRWZK
c3ZZQlRrZDhtT2NFM0lnZTUxWmptQjgK5lZBkR5oSpb90oa+LWinEnvcmdPTF6wP
Q1gJoVoT/krUu22VSTOj/ojKEzS6uamZnJkMBhH31f1w2j4TEtY5Lw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-03T09:13:13Z"
mac: ENC[AES256_GCM,data:1bZT8E/M7CQgfshQV1LKJAqWcyoYomG29y7zSp7THZ9lwA4+FVpBNXV1HLQru4CMs3N1pq8g1ww6KxtGZ92pUo+JxtRdT9GxzqJenCp2qzSo5d2ws5fFvvjLnOtoPcqXlMTchECeA3K/emwbmIfjCH63D5STZmBz7+dNbx5PY20=,iv:Wcv6PNwroQawHkjJpspN5mM0b+PZG5BQTP9jOKH0OTQ=,tag:N/d/O/zbVkkH8kZdlkZErQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

27
nixcfgs/users/js0ny/programs/sops.nix Normal file
View file

@ -0,0 +1,27 @@
{config, ...}: {
sops = {
# enable = true;
defaultSopsFile = ../../secrets/secrets.yaml;
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
age.generateKey = true;
secrets = {
"OPENROUTER_API_KEY" = {
key = "openrouter_api";
};
};
};
# home.sessionVariables = {
# OPENROUTER_API_KEY = config.sops.secrets."OPENROUTER_API_KEY".path;
# };
systemd.user.services.sops-envvar = {
Unit.Description = "[sops-envvar] Auto-source environment variables defined via sops-nix";
Service = {
ExecStart = pkgs.writeShellScript "start" ''
export OPENROUTER_API_KEY=$(cat ${config.sops.secrets."OPENROUTER_API_KEY".path})
'';
};
Install.WantedBy = ["default.target"];
};
}

26
nixcfgs/users/js0ny/zephyrus.nix
View file

@ -1,5 +1,9 @@
# ~/.config/nixcfgs/users/js0ny/default.nix # ~/.config/nixcfgs/users/js0ny/default.nix
{...}: { {
pkgs,
config,
...
}: {
imports = [ imports = [
# General config # General config
./default.nix ./default.nix
@ -56,5 +60,25 @@
../../modules/home/dev/verilog.nix ../../modules/home/dev/verilog.nix
]; ];
home.packages = with pkgs; [
rose-pine-cursor
];
sops = {
# enable = true;
defaultSopsFile = ../../secrets/secrets.yaml;
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
age.generateKey = true;
secrets = {
"OPENROUTER_API_KEY" = {
key = "openrouter_api";
};
};
};
home.sessionVariables = {
OPENROUTER_API_KEY = "$(cat ${config.sops.secrets."OPENROUTER_API_KEY".path})";
};
home.stateVersion = "25.05"; home.stateVersion = "25.05";
} }