tstarr/dotfiles
1
0
Fork 0
mirror of https://github.com/starr-dusT/dotfiles.git synced 2025-02-19 19:27:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

initial try with github and sops-nix

Browse Source
This commit is contained in:
Tyler Starr 2023-11-19 22:55:56 -08:00
parent 63c0ef83b5
commit 53212c293e
7 changed files with 52 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
home/dot_gitconfig.tmpl
View File

@ -15,7 +15,4 @@
[github] [github]
user = "starr-dusT" user = "starr-dusT"
[core]
sshCommand = "ssh -i ~/.ssh/keys/github_personal"
{{ end }} {{ end }}

4
home/private_dot_ssh/config
View File

@ -1,3 +1,3 @@
Host * Host github.com
AddKeysToAgent yes AddKeysToAgent yes
IdentityFile ~/.ssh/keys/github_personal IdentityFile /run/secrets/github/private

9
provision/.sops.yaml Normal file
View File

@ -0,0 +1,9 @@
# .sops.yaml
keys:
- &primary age12g0gtcnhyaghs9vc5528yrstq4spe8p36fflhpwj79yz8jq9qg2s4v6mms
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- *primary

1
provision/hosts/kestrel/configuration.nix
View File

@ -97,6 +97,7 @@
virt-manager.enable = true; virt-manager.enable = true;
}; };
system = { system = {
secrets.enable = true;
ssh.enable = true; ssh.enable = true;
terminal.enable = true; terminal.enable = true;
wireguard-client = { wireguard-client = {

2
provision/modules/system/default.nix
View File

@ -1,4 +1,4 @@
{ ... }: { ... }:
{ {
imports = [ ./ssh.nix ./backup.nix ./terminal.nix ./wireguard-client.nix ]; imports = [ ./secrets.nix ./ssh.nix ./backup.nix ./terminal.nix ./wireguard-client.nix ];
} }

17
provision/modules/system/secrets.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, user, ... }:
let cfg = config.modules.system.secrets;
in {
options.modules.system.secrets.enable = lib.mkEnableOption "secrets";
config = lib.mkIf cfg.enable {
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
age.keyFile = "/home/${user}/.config/sops/age/keys.txt";
# Github private key
secrets."github/private" = { owner = "${user}"; };
};
};
}

22
provision/secrets/secrets.yaml Normal file
View File

@ -0,0 +1,22 @@
github:
private: ENC[AES256_GCM,data:DIIKWqeqCAKJKCffAEIbPKvYiJ1j/zqIzpeBPwJUEXlDgcKHCb7fdIwuHMGYYocNX7hKwGQQWsI/48Karot6EGJ+TbsTlD6WG3tintS2R9Gw3PFdvuKVKybjQ/3yDvFm/CJlEl0+2XG5sjHoanMtJPXEIIeRbbLxgrH2uu5W6Xt8DgT8R0BR69+rJ6U4tBcfBgrssYNHTOC/aOCAltq2tS5XoZ4i8tv94iZPZPdV5dntoXDiSNnJwFRvofrakVCuCt/8MBZMNzzUPlbkR73gwNUWMJDgr1OZCzJJNDXhl6H+LsW3DRy9/8wFeAlwb0oGOn0j+DR9VmYKSxjJYeS3LxulslEtCFNirLlK1Ht5vKjeMUAVSS8ALHKFw0VeCYitF+IYev8opcWwU7ZLWZgi/iAIP+WzLLzEhYPnTfvindtffSOzBmRLbPmtjwiNe3SJTR8UA/APlilRYDruO7jVgftFB3iAnw5vCEjBsnGYvloe5Q4qBlGsJLSUS1xoeAyvHL2rVh9Pirs3BA==,iv:8WSRbanE8hM1O039BjsXsxnAUKFrvPxyZhFEYpJ7kSk=,tag:34VH6H600ow+B0CV8hQNTA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12g0gtcnhyaghs9vc5528yrstq4spe8p36fflhpwj79yz8jq9qg2s4v6mms
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RTFNMDd5K3Vza0plMFJr
ZFdpZ2VWV2JEdE1yOUdtS1FLbFp3alpIR25NCkN0dVhYaFZkY1pUQWRhaEY0SjYx
MFlaTjlYWFVLSnY1UmtJcmZobUZUUWcKLS0tIHBJb1lPRkJvcHNiVXhZeStuN2c1
ajM3YlJYU21PaHRyaGlUNy84RHN2SE0KAvMFdqnfV0TzfNcBdY7OvRLZrBb9uXSI
3y50yFhYnyXtWKLQFTwjN6S5dLaZgqhaGhEQyNCQxb5RGZJDR6g7Yw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-20T06:27:54Z"
mac: ENC[AES256_GCM,data:U15biwKX1mCmnqqutKTOigSzdF5MyS6WrfpMvAW1n5fx0CGMZY07FWRK52ACHNP/eF5Zayq+BfzIAtkyMVfF37J8q5PO6o/G1F6OvldXagvMY4UbqUIb64kHr1aCeQAp+Yd4tGxmsyprkRDLZsJb0Q9Dj8PX30ZiWKUyoWfSlkE=,iv:GRjli6tHFUXAHoc+K4IRP9iAOWEwUlKHQHcdeNyWV3Y=,tag:kntSZLX/te2o6SCmJxhK9g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3