pim/nixos-configs
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Create helper option for deploying sops keys

Browse source 
Update public key of sue-root because I lost the private key
This commit is contained in:
Pim Kunis 2024-11-21 22:27:29 +01:00
parent 544cf42357
commit 0812586942
8 changed files with 102 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -1,6 +1,6 @@
# Public keys are combination of host + user
keys:
- &sue_root age1nhh8v0z758te7ggg4p73mz5p00kum03zwnjr6czeh367xjzvm9dst3ufle
- &sue_root age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
- &sue_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
- &gamepc_root age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u
- &gamepc_pim age1qlldg2c6kptvnmvlkpf9pae3wnczk6eklcmwdvnzyvvnur3aqdcq3c3trt

26
machines/gamepc/configuration.nix
View file

@ -1,15 +1,15 @@
{
self,
pkgs,
config,
lib,
...
}: let
sops = lib.getExe pkgs.sops;
in {
}: {
config = {
pim = {
cinnamon.enable = true;
sopsKeys = {
root = ./nixos.sops.yaml;
pim = ./pim.sops.yaml;
};
};
facter.reportPath = ./facter.json;
@ -30,22 +30,6 @@ in {
targetHost = "gamepc";
targetUser = "root";
tags = ["desktop"];
keys = {
root-sops-age-key = {
keyCommand = ["sudo" sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/gamepc/nixos.sops.yaml"];
name = "keys.txt";
destDir = "/root/.config/sops/age";
};
pim-sops-age-key = {
keyCommand = [sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/gamepc/pim.sops.yaml"];
name = "keys.txt";
destDir = "/home/pim/.config/sops/age";
user = "pim";
group = "users";
};
};
};
services = {

32
machines/gamepc/nixos.sops.yaml
View file

@ -8,29 +8,29 @@ sops:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwTFlYWjZSQkZPczV2cllX
a3RBL3FSbHZGaW5vUFdKVTdSNUJmSEQwdlc4ClBScDZBVk1qYTc4UzFpc3k4Z3N6
VzkwYXVBWVFCYUFqSHAyZjhUck8xY0kKLS0tIDdQdENRaDVKVTRUQ0dLWUNUL0tk
cjJMNG9vU1N4V2dqZWZjN21OMFJUZTAKzunMmG+NR2sFbVsl8qzdv1HEg4Ph5TFw
oIr5WWQ6RTzXTy6CwlTucnok/jwZHUloCTUeXECcSJUadeKE6MZyLA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMkRLNHNYTm55TjA4YWhF
SENVSlVVYWRQUVZNU29iWmk4dVgvSHk3Z1RNClFqcTlUcTlqNjZrMFdUTGQyU2hO
ZktIWXh5VVVsR3d2dUhDQ296RXBJSGsKLS0tIGtWQ1Jwd3U5VmxyMjExMXlQVVZ4
aTNmRFhEaE9nbGduK2tLallTcFBSWVEKMhULgc6jkA+qJ9LrYtxcUO2k78L4LxHl
7Okpr5UJlTVn96swt/aFEEfA1gnzGgPWU6Oir5uETBiqTVVytW16wQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nhh8v0z758te7ggg4p73mz5p00kum03zwnjr6czeh367xjzvm9dst3ufle
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWG0remtrVHloU25PNFVw
eWxMZ3pmUG1YSFVZZ0MzNEFweTJNbDVSUUQ0CklBT1NheGtmZDZkMUo4RTlHM0ow
TTdITzVJbFFQcGNLM0xxUS91K056VTAKLS0tIEpWOTZJQjN2REV0RTB5YWpjWDZa
UUxiazdLa1ZZbTcraWsvYTBsTUNQbmcKKkQnPOkD3vifcQpwzgP9wvNaYtuUZpLE
mbILfB24Ox7dmLmI9ONVDIMM12HfE2lx4cj/xndk0//izPVZgrBTdQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbHp6WkhjdDRkeWpTeTBN
ejRXMUwrSkFTTUlGMC9LNTRwemcxWXVzN1FBCkZlazlBbVM4RlJuTUtZQ1hoWkd3
SUs5RS9Ba2k2cjhsOGkxaUt5TzF5cjQKLS0tIHFRcWFIL1EvcURURmR3a2FSSjRW
OUpUcFJ1N003OUJlMDJha09nQ1l0OWsKuxMX8dZbn75yUs5E5/hu+LjHRslcUldL
YmQl7phWnWMfgwphERpOhdMn2pczVGygriG7c0LOe6SiEiXxnUHiWw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5SDFMS293SUZqTXZtZlRT
Q0JHWmZrSHZVZmlPeUFDRG8wakdSWDF2b3pRCm83NFV1STlqQXdQMTR0Vm52ZEgy
eVlROWt0ZDE0TW1reElGQnplUENZclEKLS0tIG9ITTZiSEE4cDNxdnBQRW5tVFJk
bU9rLzRjVzBObkxocGp4UEJYMGVnckkKDQhr3qLLDrQkXa1Ei9c43irQh3suRNCK
mZPtRJc+kaUmhmF8HxVAHG4S4a5sN6sBHBFGbIGXtQzBajQreg/pYQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArc1pmV1cwTmt1RnFBb1VO
Yzd4OHNwbVBORHU1ZVRpVFpsMHlYM3BSaVhnCm5vbURWZ1kzbVZIdE9FY01Qc2tI
cVFtQTY4WnpNOEI2T1BTYkp4OWQydm8KLS0tIFE0eXpJMWxCMC9yOGNRdGNKUmll
S3I4UmRYZzRBUk5jcGtoUzFjcWdGeEEKGYB4kTpjNaAZWuu/wnBNYcSFwFEtX+pu
zzt9Nd2ahPnTMdcSLz/mwOHxyiAgBDUGsNm60EitKxl+LgmR7mBjnw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-17T21:42:29Z"
mac: ENC[AES256_GCM,data:dFwV6VpyoXRkhfL+uSiiH2EcetAb0qV3AbED2XzNwvbE+TbItcoQ6JQ/2+lItZ4iULxGOxMvD8n0ZO/aASC8fDlqsNMwf2KmNFwjl4sVJBtTLKH4Z1/5rZmECwdiTMKOf/oTv3VNgbzkcrAuKEZywl+c4iXd5w4YaJgA0M6aSWI=,iv:Zxvr8vBcDZavSbAL8Ar+Du546H1Dhp/ZXRtsjcik2RE=,tag:Od08FmjlhNYPEpMC4rQR8A==,type:str]

42
machines/gamepc/pim.sops.yaml
View file

@ -8,38 +8,38 @@ sops:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTTAxNUVSS1BRUTlYc2xm
TFFHRkVHZkwvMS9xOE9GY1BHaXorTHpNWkdJCmlKVzdvb21VYUpwcUZ0SExKbTRj
MkpPcG4rd2I2ZWlsc0VvVDNxNm82TjgKLS0tIDdCNXlMYklNc0EyMmpST1JFSTVy
aW04VUpta2JMKzlRSmVHeUg1ejNrdW8KGsBSzeMkHE2y2TfzTTBdJJ73IankxnR0
dfZmtQyxejH4W1+v2wGTOc9EZ8R4dJX1ZdqncshWJWl2Uq36YMjuZg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWlpYcTV2TEw3TmwyaHhZ
M3hJY3VOT2NwaVZUU1cvNnRHVnhOZFRCd1cwCi8zM09icUZEUlIwTy9jVE9Takhr
T1ZuWWtkOHBGVGpHeU1VdXpvV2RRSE0KLS0tIDNyL24vWmZhRzBBRW5iMW1tSXhs
ZDhDVTcyVzk1bzVOcjJ1aDlOWEt4RzAKCuuSJ/aLZldfysSFhmUNNZULcSiBrNe9
hTRra+FLCbNqsNt2iuImkOQwINqdlUIaC36TtXUucV3C2SyDdLo1rA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nhh8v0z758te7ggg4p73mz5p00kum03zwnjr6czeh367xjzvm9dst3ufle
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQOGUvQ3VWRnBsZ0syTXFh
Nm5TUC8vYkMvdDZ0SjErMjZwOHUrVy9vT1RvCndMa1V4bTJMKy9qMjY3M2FaWWMw
d2RrVDY2UWNLRjVQNTRMdU96TEFmNmMKLS0tIFFTbmhzS3UrS2crTGxlSmczcGUz
QlZQa0R5NHBLMzdVcC9WeEtBUm1tbVUK07gb5E1YyN5Sck1DWeUHQ8oB4CQOFaES
AJ8F+IrGdJ+0nsvm8d9VJ9UiluO74egettQPGDgEt4wdqFnHucmYzA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZXkyN1FxMzFiSzlVYjV4
U0E0TWNkb3VFMjJZYUdxM0QzZmg1cUxuMWxVCnFZNkM0SmFDRFE4aHJuQnNzOHNW
ZVc2MTBMWENYeFpYT3dPZERiMHpRUVEKLS0tIHhFL0JjdURYcldTbVNUYkNKN3VR
aUQ2ckVrb3k0L2hnSUdTb3ZzeE54SkEKzh55hsegd28yvwI93xQUYCFBHz7LFQ60
mrkrWHDBjzxH0VnKT/59YFI1QitLgxI2db6PGQl5i5LYzeBVzG58LQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDS1dkMUFiSlc2ZzVzRWts
ZGxIejgwZkd2NHd1elhGL1p5ZDF0OWpuRkV3ClpNRkhuQ2dNazh3dG9lSUVCVTBz
RU9yaFhTc1dmMVg3bUlhMXNLU1RDTncKLS0tIHdVNUxTOEh2Mmk0eHFFNnQ5dU1l
S1pXZDVDbm5Za3dPUWR2SnlGekNuYkkKHvcAOL6khPmcAQYj+15lVHepLUnFQdAp
UyhJ12OohAuqfFTG6QxytdA1u648IaAZyj5qcm7z2bpV/F7Oy7i8WQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUTR2enVtK3hEcExSL0lL
VWVHQ290WTB1cmlWbFB4TTRQaVdPRjQ2bGlRClNWeWtWMSsvL2NMbE54aDNTMmhJ
aWNSazdMMlJUaE5teDh1SWlBMFFMbVkKLS0tIG5QaktGZitaem1DaU5mL2hDZUUr
RW5RNXhpQklCQ3B5K0VoRUFZK3JEQUkKRCGn35rQOpgwxxUSvpWVxJG3gMu+aTnW
B3a/0I0QqAgcPZ3Lj/HIUDN5GUDxdmZhuMdBRKtm5uHMPzDDOXJOKA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qlldg2c6kptvnmvlkpf9pae3wnczk6eklcmwdvnzyvvnur3aqdcq3c3trt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWS9IeFVBVEVqcWZBNDlz
QUpGSGs2Q01CVXZmQ3N0VCtFNW5RT0JTaG5nCnJFQzg0Z2VHN25GYlRXVllYRDd2
bFZ4L202cjRyWlpLbUxMTDJyaTQ4ajgKLS0tIGF2UUY5MVFsbG1RL3drbERKeFd2
dnhVMXBnYjlxWWxYcm03N094a0cxWm8KDsLFtfF8ZVels+3Dnb8x6DuUBmckRkhe
t3PWOci4IzNbMBCnrUCDrBPPi6Lm/k+gp0i/U1hvPyHvbPujztT/RQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSzhDb29pUmNvZ2Q5a3hO
R09lRThlNFpTd1FiZjdFajNMekxvQ3gvekQ0Cnd0SytUVi9JZUcvZGt4YjU3MENX
RWxMcUlRR3ZiUnVacGhBUTVseTQ4dkUKLS0tIDFabnNQbDlUcHRjUVRTVTFkTkJE
SURWUVdNYVdNRXpXYVpBVDZRS204ZVUK9DcgnwXI4cBcnl2xZWrJ1uLY8GHqL6HG
1cGGG6WEI/EyRH0x80/Djj1d3mEUs7H66uVjbNgid6vOjLi4qTS83g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-17T21:42:43Z"
mac: ENC[AES256_GCM,data:0qHov3SY7SM0+kp4HqPi/AxnI2k2oDDmRkqFTEsqe7pJ793ldu/io027GOlmg9ZHs+aZflSl6tzMKXWAb0FR3ZCUi4pap5ZLANTYbnHN+X5/dhxoUwCwJxdhyFYntmfaFjxhPiPbhRfs/CGDhij8KyQASA/G1C2rFdH7xCYJIOA=,iv:AjnOkA9/d5+/X1Z0+if/jUBBnqFnK9by58C99VghI9I=,tag:u6EDtD2NK6dvFs6FIbur1Q==,type:str]

34
machines/sue/configuration.nix
View file

@ -1,11 +1,4 @@
{
self,
pkgs,
lib,
...
}: let
sops = lib.getExe pkgs.sops;
in {
{pkgs, ...}: {
config = {
pim = {
lanzaboote.enable = true;
@ -14,6 +7,14 @@ in {
stylix.enable = true;
wireguard.enable = true;
compliance.enable = true;
sopsKeys = {
# This is the root of our secret system.
# Don't deploy this though; if it fails,
# the key will be wiped.
# root = ./nixos.sops.yaml;
pim = ./pim.sops.yaml;
};
};
users.users.pim = {
@ -25,23 +26,6 @@ in {
allowLocalDeployment = true;
targetHost = null;
tags = ["desktop"];
keys = {
# TODO: Create macro for this
root-sops-age-key = {
keyCommand = ["sudo" sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/nixos.sops.yaml"];
name = "keys.txt";
destDir = "/root/.config/sops/age";
};
pim-sops-age-key = {
keyCommand = [sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/pim.sops.yaml"];
name = "keys.txt";
destDir = "/home/pim/.config/sops/age";
user = "pim";
group = "users";
};
};
};
services.tailscale.enable = true;

24
machines/sue/nixos.sops.yaml
View file

@ -1,25 +1,25 @@
sops_age_key: ENC[AES256_GCM,data:3PebFyNHLlycKPN0L/MAL5NpKWqUiEFxivqnPtuavnET13NEEgPvyD9ZyuSYlQRefgKNHuKaAgaMNULOyL+mWF+AV+YYiVyrp14=,iv:gvxb6BK+i270b4Pr/dwRpwno+vqVplyyWdxEQIEVjmc=,tag:5LJ609yQOBkLCCwluI3AUg==,type:str]
sops_age_key: ENC[AES256_GCM,data:xKGTAF5cVgysZPbcDgs0QF92Bw6wW78n9fm2RMdeLtywn0ga4qBO8YlrIQWCc2SfFQOTZUlz0e7QWsnbZpxN4p03XF1zusU0ceM=,iv:cDjqDYR3PKx3AbLQL5QbeFK26+Cnsk2m74mHPHIozNs=,tag:C2MzZLR2cQY/gHQNTId8UA==,type:str]
wireguard:
home:
presharedKey: ENC[AES256_GCM,data:TXCvGNW0iU74TnC2tlYBGhGfiuQmscVq6EPRr8dcRVI23au7nm2xQU5Ubfo=,iv:drGxozD/d0kqxJckJNKo0U7trgjAOMpztCqCxX+IJx8=,tag:liDTEqzrN48UslLMSgn6iQ==,type:str]
privateKey: ENC[AES256_GCM,data:YQZvCfXR3Gc21SDFmypBonTaVZztJm9RtO/Aaiy51PV5BfPg4Rgw5+bCuGg=,iv:K6hMqcgmhJPOfT/DGWpDb+5n2CB2nblZrIKxfRZGRek=,tag:UNsrY+WzSnh2Mh6GlY7p0A==,type:str]
presharedKey: ENC[AES256_GCM,data:nFOqWcdo8zG83v1ceod8Uy4wX3w2LHmDPp2PaAAJ/lUexU4DhY9RZ4wtgC8=,iv:UvzQSZZ62I+QVFHMkHczC2KPeqX8z+DodS7nxLmXr4U=,tag:otwdNc2636DJdkzg22puqQ==,type:str]
privateKey: ENC[AES256_GCM,data:RCQ3hvrnxCerTmKYfZFV7c9smMj5tbP+iFWouo1oxfhbec5K3uXipkL+KSg=,iv:zKSPvtDH3WcuxVpQydGScX6m0isZzLKk/F+/Wlpt/YQ=,tag:BDag2DSoHQDzg8xTS3SX3A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1nhh8v0z758te7ggg4p73mz5p00kum03zwnjr6czeh367xjzvm9dst3ufle
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bDRqNDNqYnRDZno2QnFo
MjlvNWpZNjhabDBFV2VJSGFCaWlvd21Ybmc4ClhOS3VRQ1VySFJYZWZ5ZHV4RUFs
NVo4WlFrai9CTi9uTWJGUExKWnpGN2cKLS0tIFc0UStVRGpHR3hsQUR3elFIK3Nu
ekZEZEZVTzJJYXRIT2k0OVJmZUhzN1EKVK307/rhSMQA89hHUD0MH/vhzKnmWF7K
QoTpJ20WxzLfNuGqqv9IpdRTKOrxCDbj3MUEv6d6k+X4sSEaOGVQ1A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWEc5K3p3QytpZ1pxeEJy
TUtENXdnT3ZJUGNXaHo0ZktwK21OMVJmNzA4CjdlMUtWY2hBc3U1UVZQZEllK2xC
NGZSK2VyQVdBRmZYejBWM0FIeFE5K2MKLS0tIEQ3MHhOcW92dlo4NUdBdFlKdEM0
N1Rab3RNZ00vd0xPOVBYRHphaldWU1EKNKnKPWO1l8NwWXG2e15Y3td9I0rN9Wwn
QdoeVf2+cPJOO5g9stZpl2DBF3QxJojt+dQhwjuEbP9nQtlVQPAlMQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-17T21:25:05Z"
mac: ENC[AES256_GCM,data:qgPbH0i6difL063Nmy9EIAdkv9mq/ztGk8S8OAahDTddoUbJkC3EQUgS6lsd3KHbFBGopn1yMpuWkkOgNFc7nGy4QP0Mm8DpRaawA4vq5+QOh91CRTvQDujDw4EXEHqa27iR5dnbscU5zYMmta4Dl5FnK3ujraifdp67H1RCH0I=,iv:IZvXt93K54xshv5YcXur5MeDGPq+ROTxuFSC/B7eheM=,tag:ZFhh/yMfEMFqlerQNvMhCg==,type:str]
lastmodified: "2024-11-21T21:16:17Z"
mac: ENC[AES256_GCM,data:Z2mYTek91FLKgMpAFdRl8s2eE6r/03f9/E/XDvkwJZutI40qN6tFrDmhdPIb1U96oPGekcK9WkShIQekQIK6CiDhOAr048x2kSXvrHMZ1hg1hwO7H6jBJiFSRxM1BVBAlbcvZp5IW7e3CqfibVOgXOQvMl0CDS41ucQWV7odO6Y=,iv:7rb/VemE+cFhJ+8XUeLyp+K7FmY0XdAbgs6XWHLrV7M=,tag:vmPRTB9+EYjPLgX4qiFlXw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.8.1

22
machines/sue/pim.sops.yaml
View file

@ -12,20 +12,20 @@ sops:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTENnd2J2VXFoeHhWZE5Q
MEU2Mi9hM1p3SWpRbzZNY2Zja2tFN0ZVTkVRCnVIckx3Qlo5c3M0alJPVjZaa1Y3
RW5mamV6bmdIZ2pJZzB5KzBLTGtuUlEKLS0tIFFtT2JmZDI5V0RsL0ZxenlpWGlr
dmdiRmlxMWdmTmZUUTM1alRrMGdzYTAKbViJnEFIO3dpHYWyJxqXRkWqqpDCKV/L
jwNbatnwksT2RW6ecHUF6R/kL7YQJ5Vv3iTdCHfpcW7qRQvl0ZJEzQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSDNyUW9aSmVIcWdnSWFw
cWdwekVzQkdjcTVRVGRzWVpHT00vZHFjRVY4Ck1OREhEN3FMQXdrQ0pjUXR3ZllY
ekhpQVJCbnZCVUNBeGVscEZPTFFqQTQKLS0tIFVVaTdOa2dxbHVGSzUyblpneXd0
MUd4RGczTkIwRVZ6WVRQVFJSQ250SnMKhCjTAatvqkVBNcAE5lBERReKkFqlOfEG
UHzOOM+gJ6khu3Pe2+PAZbLMxkm4a+ZHruPRIl4qxzDSwQmlih1P3Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nhh8v0z758te7ggg4p73mz5p00kum03zwnjr6czeh367xjzvm9dst3ufle
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MTlnM2VyeDhPR0lkUGtB
d0hJSHdEYUptTjBySUhUYUpVOU00QWh5ams0CkJrYWRNMFZDRkZZUGFWbnlFcXdH
dzhwZGdNU1BYWnJLUFpodzBWcHJZV1UKLS0tICtiUVVqY0loQlpTYjUzRk5YR2Vo
RkVRSHQ2cVJRdWNpZzZCd2laL1R2NjgKhaY90NYGLTuYs4hJs1so24WFvFhquD4V
KwVKoyFdni0jWOaULvA0+xausV2Hx4C1xk7b4SsuT3YkDZdOT41gHA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2UzgycnJEMTcrYXcxSXMy
VnViVFZSbVZVNnN0V3AwVXBtRW1CT2hvTDBNCkQ1MUtPRmYvWmtTRVBiWGtaMWxM
TTN3U3ZFMDRJZmtvQW5ONmsyNTlSWjgKLS0tIG1RRWI1aGpYR1hTUEd0K0JtYk5Z
TFdneXZpaVZKdUsrWnludHpCQW9Mc2cKElhSussywXB3XAEN5cE6QVqXpQsebMqF
t4CmpKyxzi+JSX1S5Jy2RgHCSHafW4WFeQTt9qseBKQOQPVdwGWVhQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-17T21:12:25Z"
mac: ENC[AES256_GCM,data:m9TJL1G7D0l5f6ZIC6NfKvRDuHY1l0cp9hFbsFy9f2f/ixCRM2JFuAZ4muL6eyvZqAiGgB76u26hFU+yO/E3vtnAYSrLCk1JaRe3rajZIpu+Dwe4zht7ysJ/NeybWB7KzetS8BijDjp8YDHDcX35xwT8ScWBVqj/hjxls4JRe/c=,iv:Z3tRizJNpVHyErL2iFo6ALGO97IarZPiKzyBDPm7sQA=,tag:1sH+wHJoAHfsIju+OWMTHQ==,type:str]

27
nixos/default.nix
View file

@ -22,11 +22,38 @@
./desktop.nix
];
options = {
pim.sopsKeys = lib.mkOption {
type = lib.types.attrsOf lib.types.path;
default = {};
};
};
config = {
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
hardware.pulseaudio.enable = false;
deployment.keys =
lib.mapAttrs' (user: sopsFile: let
homeDirectory =
if user == "root"
then "/root"
else "/home/${user}";
maybeSudo = lib.optional (user == "root") "sudo";
sops = lib.getExe pkgs.sops;
in {
name = "${user}-sops-age-key";
value = {
keyCommand = maybeSudo ++ [sops "--extract" "[\"sops_age_key\"]" "-d" (builtins.toString sopsFile)];
name = "keys.txt";
destDir = "${homeDirectory}/.config/sops/age";
inherit user;
group = "users";
};
})
config.pim.sopsKeys;
systemd = {
services.NetworkManager-wait-online.enable = lib.mkForce false;
network.wait-online.enable = lib.mkForce false;