pim/nixos-laptop
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Clean up secret management

Browse source 
Update readme
This commit is contained in:
Pim Kunis 2024-06-15 18:21:07 +02:00
parent 5d752cb279
commit 0cecc75e3d
4 changed files with 17 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
README.md
View file

@ -1,22 +1,26 @@
# nixos-laptop
NixOS configuration for my laptop.
My configuration is simple: I have one personal laptop with one user.
NixOS configuration for my personal laptop.
Currently contains config for three systems:
- **sue**: My current laptop, a Dell XPS 9315
- **x260**: My previous laptop, a Lenovo Thinkpad x260 which is broken
- **x201**: A Lenovo Thinkpad x201 which I have as a backup system
## Features
- Nixpkgs 23.11
- Flakes!
- Nixpkgs 24.05
- [Nix User Repository (NUR)](https://github.com/nix-community/NUR)
- Currently only used for Firefox Plugins
- [Home Manager](https://github.com/nix-community/home-manager)
- For managing my configuration for my user
- [Agenix](https://github.com/ryantm/agenix)
- To deploy global system secrets, like:
- Wireguard private key and shared secret
- [Homeage](https://github.com/jordanisaacs/homeage)
- To deploy secrets in my home directory, like:
- SSH keys
- Syncthing private key
- For managing the configuration for my user
- [sops-nix](https://github.com/Mic92/sops-nix)
- For secret management
- [nixos-hardware](https://github.com/NixOS/nixos-hardware)
- To add hardware-specific tweaks to NixOS for my laptop (currently a Levono ThinkPad x260)
- To add hardware-specific tweaks to NixOS for my laptop
- [stylix](https://stylix.danth.me/)
- Apply theming and styling to many programs
- [lanzaboote](https://github.com/nix-community/lanzaboote)
- Secure boot for NixOS
- [disko](https://github.com/nix-community/disko)
- Declarative disk partitioning and formatting; currently only used for my x201

3
secrets/README.md
View file

@ -1,3 +0,0 @@
```bash
nix run github:ryantm/agenix# -- -e secret1.age
```

17
secrets/secrets.nix
View file

@ -1,17 +0,0 @@
let
pkgs = import <nixpkgs> { };
publicKeysURL =
"https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
publicKeysFile = builtins.fetchurl { url = publicKeysURL; };
publicKeys = pkgs.lib.strings.splitString "\n"
(pkgs.lib.strings.fileContents publicKeysFile);
in
{
"wg-quick-home-privkey.age".publicKeys = publicKeys;
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
"syncthing-key.pem.age".publicKeys = publicKeys;
"syncthing-cert.pem.age".publicKeys = publicKeys;
"keepassxc.ini.age".publicKeys =
publicKeys; # Secret agent causes private keys in config file.
"sops-keys.txt.age".publicKeys = publicKeys;
}

BIN
secrets/sops-keys.txt.age
View file

Binary file not shown.