lxsameer
/
Universe
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add the sops module the the main flake file

This commit is contained in:
Sameer Rahmani 2024-02-07 16:17:46 +00:00
parent 0e9789cca5
commit dd87e0a620
Signed by: lxsameer
GPG Key ID: B0A4AF28AB9FD90B
7 changed files with 213 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml Normal file
View File

@ -0,0 +1,7 @@
keys:
- &main age150sgqcr35yfxypeyfz0f8yxxkcwy55j076qetjpd5zsxen9xnd9qum72py
creation_rules:
- path_regex: secrets/secrets.yaml
key_groups:
- age:
- *main

87
flake.lock
View File

@ -73,11 +73,11 @@
]
},
"locked": {
"lastModified": 1706798041,
"narHash": "sha256-BbvuF4CsVRBGRP8P+R+JUilojk0M60D7hzqE0bEvJBQ=",
"lastModified": 1707074442,
"narHash": "sha256-+VOe+26+rK6ETNpVvwkFYlfC/skZe2XI2TixbsC6utE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4d53427bce7bf3d17e699252fd84dc7468afc46e",
"rev": "4ab01785b85aac4dd0f0414f7c0ca4c007e64054",
"type": "github"
},
"original": {
@ -86,6 +86,42 @@
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1693701915,
"narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1706085261,
"narHash": "sha256-7PgpHRHyShINcqgevPP1fJ6N8kM5ZSOJnk3QZBrOCQ0=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "896f6589db5b25023b812bbb6c1f5d3a499b1132",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1706834982,
@ -103,11 +139,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1706732774,
"narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
"lastModified": 1706913249,
"narHash": "sha256-x3M7iV++CsvRXI1fpyFPduGELUckZEhSv0XWnUopAG8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
"rev": "e92b6015881907e698782c77641aa49298330223",
"type": "github"
},
"original": {
@ -117,15 +153,54 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"home-manager": "home-manager_2",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix",
"utils": "utils"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1707015547,
"narHash": "sha256-YZr0OrqWPdbwBhxpBu69D32ngJZw8AMgZtJeaJn0e94=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "23f61b897c00b66855074db471ba016e0cda20dd",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,

55
flake.nix
View File

@ -1,9 +1,33 @@
# Universe - The big bang to my universe
#
# Copyright (c) 2023-2024 Sameer Rahmani <lxsameer@gnu.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 2.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
{
description = "lxsameer's universe";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
@ -16,7 +40,6 @@
utils.url = "github:numtide/flake-utils";
# TODO: Checkout hercules
# hercules-ci-agent.url = "github:hercules-ci/hercules-ci-agent";
# To build and android image
@ -24,13 +47,12 @@
# impermanence.url = "github:nix-community/impermanence";
};
outputs = { self, home-manager, nixpkgs, agenix, nixos-hardware, utils } @ inputs:
outputs = { self, nixpkgs, utils, ... } @ inputs:
let
# I just use linux and currently only x86_64
system = "x86_64-linux";
pkgs = import nixpkgs { inherit system; };
# Add a command to the shell to create the disk
create-disk = pkgs.writeScriptBin "create-disk" ''
#!${pkgs.stdenv.shell}
@ -38,6 +60,13 @@
qemu-img create -f qcow2 vdisk1 10G
'';
bootImage = image: (pkgs.writeScriptBin "boot-${image.name}" ''
#!${pkgs.stdenv.shell}
qemu-system-x86_64 -enable-kvm -m 2048 -boot d \
-cdrom ${image} -hda vdisk1 -vga std \
-net user,hostfwd=tcp::2222-:22 -net nic
'');
scripts = pkgs.symlinkJoin {
name = "universe_scripts";
@ -51,9 +80,14 @@
fish
zstd
scripts
sops
];
modules = pkgs.callPackage ./modules { inherit (inputs) nixos-generators; };
in rec{
inherit pkgs;
images = {
majin = (nixosConfigurations.majin.extendModules {
modules = [
@ -65,17 +99,21 @@
}).config.system.build.sdImage;
};
packages.${system}.majin = images.majin;
packages.${system} = {
majin = nixosConfigurations.majin.config.formats.iso;
boot-majin = bootImage packages.${system}.majin;
inherit create-disk;
};
nixosConfigurations = {
majin = pkgs.lib.nixosSystem {
majin = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
"${pkgs}/nixos/modules/profiles/minimal.nix"
"${nixpkgs}/nixos/modules/profiles/minimal.nix"
./worlds/majin/configuration.nix
home-manager.nixosModules.home-manager
agenix.nixosModules.age
modules.generator
inputs.home-manager.nixosModules.home-manager
./worlds/base.nix
#hercules-ci-agent.nixosModules.multi-agent-service
];
@ -85,7 +123,6 @@
devShells.${system}.default = pkgs.mkShell {
inherit nativeBuildInputs;
shellHook = ''
fish && exit
'';

18
modules/default.nix Normal file
View File

@ -0,0 +1,18 @@
{ nixos-generators }:
{
# A single nixos config outputting multiple formats.
# Alternatively put this in a configuration.nix.
generator = {config, ...}: {
imports = [
nixos-generators.nixosModules.all-formats
];
nixpkgs.hostPlatform = "x86_64-linux";
# customize an existing format
formatConfigs.iso = {config, ...}: {
services.openssh.enable = true;
};
};
}

23
secrets/secrets.yaml Normal file
View File

@ -0,0 +1,23 @@
default_user:
user: ENC[AES256_GCM,data:tYLQFNvn15A=,iv:NkYD1q1IozC+UBjPG4BWEZ0troWVjGCW9hBCD8n/kk4=,tag:ZDltnGkxOl/VhF89MkR0PA==,type:str]
pass: ENC[AES256_GCM,data:75vsOLMuq8wO,iv:tLUFa+yaa518QE1Thp3IQmDDXAp19A2kkm+uyI2twu0=,tag:nkrjmrxCQnZtkUE24uuLOA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age150sgqcr35yfxypeyfz0f8yxxkcwy55j076qetjpd5zsxen9xnd9qum72py
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RFpUN1hVTzh3TFhPQXZz
QmU0L203dVdZS0xJMXZJdlJIclpOQXFqZ0hvCmF0Vmc1anFUNENrVWNNK0FXajFn
OG12NTlDdE1QNExsZHBBUXpBc2ZuSWMKLS0tIElKK3lsTjBGVEEySEc1Ym43d0Z4
WnF5SDJwL2ZXUFBhQUlORGtGMEJ2NE0KMvwSaxIGRTHTP7QFz1ZXTs8IX+07KsUO
aCJOFaFwA1Tpm4Dy1yPs2gg0GPU8MCFBJZNCqkcy6hUHTt5kAivxRg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-04T19:10:48Z"
mac: ENC[AES256_GCM,data:xLei4WcDjOijVh+9dN1rab8Bgx6Q/SPwZsiskQvbstHKtIPlXahXyOd/qDRNtLn2Evql/+48qnnqXmetGsP2w/FNyQLkPrAS/fkXrVzRGh7xrda60aH/cemMlx2SdJzNrRM1JiGCzCn5HamrBzz+aj/t58qlbKizAB29LXZhMmQ=,iv:IFYgzybJyAJXzRDRu0PbnTHun/yyfloByLQEw9VeYjw=,tag:QiIhpEK2C+je0jlSC4ECbQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

26
worlds/base.nix
View File

@ -11,8 +11,32 @@
fsType = "ext4";
};
users = {
users.lxsameer = {
password = "123123";
isNormalUser = true;
extraGroups = [ "wheel" ];
};
};
time.timeZone = lib.mkDefault "Europe/Dublin";
# Enter keyboard layout
services.xserver.xkb.layout = "us";
environment.systemPackages = with pkgs; [
emacs
git
zsh
wget
curl
];
environment.variables.EDITOR = "emacs";
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
loader = {
generic-extlinux-compatible.enable = lib.mkDefault true;
grub.enable = lib.mkDefault false;

22
worlds/majin/configuration.nix
View File

@ -1,15 +1,19 @@
{ pkgs, config, lib, ... }:
{ pkgs, config, lib, inputs, ... }:
{
environment.systemPackages = with pkgs; [ emacs git ];
environment.systemPackages = with pkgs; [ emacs git zsh ];
services.openssh.enable = true;
networking.hostName = "majin";
users = {
users.lxsameer = {
password = "123123";
isNormalUser = true;
extraGroups = [ "wheel" ];
};
};
imports = [
inputs.sops-nix.nixosModules.sops
];
sops.defaultSopsFile = ../../secrets/secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/home/lxsameer/.config/sops/age/keys.txt";
sops.secrets."default_user/user" = {};
sops.secrets."default_user/pass" = {};
# networking = {
# interfaces."wlan0".useDHCP = true;
# wireless = {