Add the sops module the the main flake file
This commit is contained in:
parent
0e9789cca5
commit
dd87e0a620
|
@ -0,0 +1,7 @@
|
|||
keys:
|
||||
- &main age150sgqcr35yfxypeyfz0f8yxxkcwy55j076qetjpd5zsxen9xnd9qum72py
|
||||
creation_rules:
|
||||
- path_regex: secrets/secrets.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *main
|
87
flake.lock
87
flake.lock
|
@ -73,11 +73,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706798041,
|
||||
"narHash": "sha256-BbvuF4CsVRBGRP8P+R+JUilojk0M60D7hzqE0bEvJBQ=",
|
||||
"lastModified": 1707074442,
|
||||
"narHash": "sha256-+VOe+26+rK6ETNpVvwkFYlfC/skZe2XI2TixbsC6utE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "4d53427bce7bf3d17e699252fd84dc7468afc46e",
|
||||
"rev": "4ab01785b85aac4dd0f0414f7c0ca4c007e64054",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -86,6 +86,42 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1693701915,
|
||||
"narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-generators": {
|
||||
"inputs": {
|
||||
"nixlib": "nixlib",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706085261,
|
||||
"narHash": "sha256-7PgpHRHyShINcqgevPP1fJ6N8kM5ZSOJnk3QZBrOCQ0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "896f6589db5b25023b812bbb6c1f5d3a499b1132",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1706834982,
|
||||
|
@ -103,11 +139,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1706732774,
|
||||
"narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
|
||||
"lastModified": 1706913249,
|
||||
"narHash": "sha256-x3M7iV++CsvRXI1fpyFPduGELUckZEhSv0XWnUopAG8=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
|
||||
"rev": "e92b6015881907e698782c77641aa49298330223",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -117,15 +153,54 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1705957679,
|
||||
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-23.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"home-manager": "home-manager_2",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"sops-nix": "sops-nix",
|
||||
"utils": "utils"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1707015547,
|
||||
"narHash": "sha256-YZr0OrqWPdbwBhxpBu69D32ngJZw8AMgZtJeaJn0e94=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "23f61b897c00b66855074db471ba016e0cda20dd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
|
|
55
flake.nix
55
flake.nix
|
@ -1,9 +1,33 @@
|
|||
# Universe - The big bang to my universe
|
||||
#
|
||||
# Copyright (c) 2023-2024 Sameer Rahmani <lxsameer@gnu.org>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{
|
||||
description = "lxsameer's universe";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
nixos-generators = {
|
||||
url = "github:nix-community/nixos-generators";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
@ -16,7 +40,6 @@
|
|||
|
||||
utils.url = "github:numtide/flake-utils";
|
||||
|
||||
|
||||
# TODO: Checkout hercules
|
||||
# hercules-ci-agent.url = "github:hercules-ci/hercules-ci-agent";
|
||||
# To build and android image
|
||||
|
@ -24,13 +47,12 @@
|
|||
# impermanence.url = "github:nix-community/impermanence";
|
||||
};
|
||||
|
||||
outputs = { self, home-manager, nixpkgs, agenix, nixos-hardware, utils } @ inputs:
|
||||
outputs = { self, nixpkgs, utils, ... } @ inputs:
|
||||
let
|
||||
# I just use linux and currently only x86_64
|
||||
system = "x86_64-linux";
|
||||
pkgs = import nixpkgs { inherit system; };
|
||||
|
||||
|
||||
# Add a command to the shell to create the disk
|
||||
create-disk = pkgs.writeScriptBin "create-disk" ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
|
@ -38,6 +60,13 @@
|
|||
qemu-img create -f qcow2 vdisk1 10G
|
||||
'';
|
||||
|
||||
bootImage = image: (pkgs.writeScriptBin "boot-${image.name}" ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
|
||||
qemu-system-x86_64 -enable-kvm -m 2048 -boot d \
|
||||
-cdrom ${image} -hda vdisk1 -vga std \
|
||||
-net user,hostfwd=tcp::2222-:22 -net nic
|
||||
'');
|
||||
|
||||
scripts = pkgs.symlinkJoin {
|
||||
name = "universe_scripts";
|
||||
|
@ -51,9 +80,14 @@
|
|||
fish
|
||||
zstd
|
||||
scripts
|
||||
sops
|
||||
];
|
||||
|
||||
modules = pkgs.callPackage ./modules { inherit (inputs) nixos-generators; };
|
||||
|
||||
in rec{
|
||||
inherit pkgs;
|
||||
|
||||
images = {
|
||||
majin = (nixosConfigurations.majin.extendModules {
|
||||
modules = [
|
||||
|
@ -65,17 +99,21 @@
|
|||
}).config.system.build.sdImage;
|
||||
};
|
||||
|
||||
packages.${system}.majin = images.majin;
|
||||
packages.${system} = {
|
||||
majin = nixosConfigurations.majin.config.formats.iso;
|
||||
boot-majin = bootImage packages.${system}.majin;
|
||||
inherit create-disk;
|
||||
};
|
||||
|
||||
|
||||
nixosConfigurations = {
|
||||
majin = pkgs.lib.nixosSystem {
|
||||
majin = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
"${pkgs}/nixos/modules/profiles/minimal.nix"
|
||||
"${nixpkgs}/nixos/modules/profiles/minimal.nix"
|
||||
./worlds/majin/configuration.nix
|
||||
home-manager.nixosModules.home-manager
|
||||
agenix.nixosModules.age
|
||||
modules.generator
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
./worlds/base.nix
|
||||
#hercules-ci-agent.nixosModules.multi-agent-service
|
||||
];
|
||||
|
@ -85,7 +123,6 @@
|
|||
|
||||
devShells.${system}.default = pkgs.mkShell {
|
||||
inherit nativeBuildInputs;
|
||||
|
||||
shellHook = ''
|
||||
fish && exit
|
||||
'';
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
{ nixos-generators }:
|
||||
{
|
||||
# A single nixos config outputting multiple formats.
|
||||
# Alternatively put this in a configuration.nix.
|
||||
generator = {config, ...}: {
|
||||
imports = [
|
||||
nixos-generators.nixosModules.all-formats
|
||||
];
|
||||
|
||||
nixpkgs.hostPlatform = "x86_64-linux";
|
||||
|
||||
# customize an existing format
|
||||
formatConfigs.iso = {config, ...}: {
|
||||
services.openssh.enable = true;
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -0,0 +1,23 @@
|
|||
default_user:
|
||||
user: ENC[AES256_GCM,data:tYLQFNvn15A=,iv:NkYD1q1IozC+UBjPG4BWEZ0troWVjGCW9hBCD8n/kk4=,tag:ZDltnGkxOl/VhF89MkR0PA==,type:str]
|
||||
pass: ENC[AES256_GCM,data:75vsOLMuq8wO,iv:tLUFa+yaa518QE1Thp3IQmDDXAp19A2kkm+uyI2twu0=,tag:nkrjmrxCQnZtkUE24uuLOA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age150sgqcr35yfxypeyfz0f8yxxkcwy55j076qetjpd5zsxen9xnd9qum72py
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RFpUN1hVTzh3TFhPQXZz
|
||||
QmU0L203dVdZS0xJMXZJdlJIclpOQXFqZ0hvCmF0Vmc1anFUNENrVWNNK0FXajFn
|
||||
OG12NTlDdE1QNExsZHBBUXpBc2ZuSWMKLS0tIElKK3lsTjBGVEEySEc1Ym43d0Z4
|
||||
WnF5SDJwL2ZXUFBhQUlORGtGMEJ2NE0KMvwSaxIGRTHTP7QFz1ZXTs8IX+07KsUO
|
||||
aCJOFaFwA1Tpm4Dy1yPs2gg0GPU8MCFBJZNCqkcy6hUHTt5kAivxRg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-04T19:10:48Z"
|
||||
mac: ENC[AES256_GCM,data:xLei4WcDjOijVh+9dN1rab8Bgx6Q/SPwZsiskQvbstHKtIPlXahXyOd/qDRNtLn2Evql/+48qnnqXmetGsP2w/FNyQLkPrAS/fkXrVzRGh7xrda60aH/cemMlx2SdJzNrRM1JiGCzCn5HamrBzz+aj/t58qlbKizAB29LXZhMmQ=,iv:IFYgzybJyAJXzRDRu0PbnTHun/yyfloByLQEw9VeYjw=,tag:QiIhpEK2C+je0jlSC4ECbQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -11,8 +11,32 @@
|
|||
fsType = "ext4";
|
||||
};
|
||||
|
||||
users = {
|
||||
users.lxsameer = {
|
||||
password = "123123";
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
};
|
||||
|
||||
time.timeZone = lib.mkDefault "Europe/Dublin";
|
||||
|
||||
# Enter keyboard layout
|
||||
services.xserver.xkb.layout = "us";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
emacs
|
||||
git
|
||||
zsh
|
||||
wget
|
||||
curl
|
||||
];
|
||||
|
||||
environment.variables.EDITOR = "emacs";
|
||||
|
||||
|
||||
boot = {
|
||||
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
||||
loader = {
|
||||
generic-extlinux-compatible.enable = lib.mkDefault true;
|
||||
grub.enable = lib.mkDefault false;
|
||||
|
|
|
@ -1,15 +1,19 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{ pkgs, config, lib, inputs, ... }:
|
||||
{
|
||||
environment.systemPackages = with pkgs; [ emacs git ];
|
||||
environment.systemPackages = with pkgs; [ emacs git zsh ];
|
||||
services.openssh.enable = true;
|
||||
networking.hostName = "majin";
|
||||
users = {
|
||||
users.lxsameer = {
|
||||
password = "123123";
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
};
|
||||
|
||||
imports = [
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ../../secrets/secrets.yaml;
|
||||
sops.defaultSopsFormat = "yaml";
|
||||
|
||||
sops.age.keyFile = "/home/lxsameer/.config/sops/age/keys.txt";
|
||||
sops.secrets."default_user/user" = {};
|
||||
sops.secrets."default_user/pass" = {};
|
||||
# networking = {
|
||||
# interfaces."wlan0".useDHCP = true;
|
||||
# wireless = {
|
||||
|
|
Loading…
Reference in New Issue