From 0cecc75e3dacf20c3ad5f01e3ec40e61a897063d Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sat, 15 Jun 2024 18:21:07 +0200 Subject: [PATCH] Clean up secret management Update readme --- README.md | 30 +++++++++++++++++------------- secrets/README.md | 3 --- secrets/secrets.nix | 17 ----------------- secrets/sops-keys.txt.age | Bin 397 -> 0 bytes 4 files changed, 17 insertions(+), 33 deletions(-) delete mode 100644 secrets/README.md delete mode 100644 secrets/secrets.nix delete mode 100644 secrets/sops-keys.txt.age diff --git a/README.md b/README.md index a34dd59..59e9395 100644 --- a/README.md +++ b/README.md @@ -1,22 +1,26 @@ # nixos-laptop -NixOS configuration for my laptop. -My configuration is simple: I have one personal laptop with one user. +NixOS configuration for my personal laptop. + +Currently contains config for three systems: +- **sue**: My current laptop, a Dell XPS 9315 +- **x260**: My previous laptop, a Lenovo Thinkpad x260 which is broken +- **x201**: A Lenovo Thinkpad x201 which I have as a backup system ## Features -- Nixpkgs 23.11 -- Flakes! +- Nixpkgs 24.05 - [Nix User Repository (NUR)](https://github.com/nix-community/NUR) - Currently only used for Firefox Plugins - [Home Manager](https://github.com/nix-community/home-manager) - - For managing my configuration for my user -- [Agenix](https://github.com/ryantm/agenix) - - To deploy global system secrets, like: - - Wireguard private key and shared secret -- [Homeage](https://github.com/jordanisaacs/homeage) - - To deploy secrets in my home directory, like: - - SSH keys - - Syncthing private key + - For managing the configuration for my user +- [sops-nix](https://github.com/Mic92/sops-nix) + - For secret management - [nixos-hardware](https://github.com/NixOS/nixos-hardware) - - To add hardware-specific tweaks to NixOS for my laptop (currently a Levono ThinkPad x260) + - To add hardware-specific tweaks to NixOS for my laptop +- [stylix](https://stylix.danth.me/) + - Apply theming and styling to many programs +- [lanzaboote](https://github.com/nix-community/lanzaboote) + - Secure boot for NixOS +- [disko](https://github.com/nix-community/disko) + - Declarative disk partitioning and formatting; currently only used for my x201 diff --git a/secrets/README.md b/secrets/README.md deleted file mode 100644 index 1111f92..0000000 --- a/secrets/README.md +++ /dev/null @@ -1,3 +0,0 @@ -```bash -nix run github:ryantm/agenix# -- -e secret1.age -``` diff --git a/secrets/secrets.nix b/secrets/secrets.nix deleted file mode 100644 index 3c11e2d..0000000 --- a/secrets/secrets.nix +++ /dev/null @@ -1,17 +0,0 @@ -let - pkgs = import { }; - publicKeysURL = - "https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys - publicKeysFile = builtins.fetchurl { url = publicKeysURL; }; - publicKeys = pkgs.lib.strings.splitString "\n" - (pkgs.lib.strings.fileContents publicKeysFile); -in -{ - "wg-quick-home-privkey.age".publicKeys = publicKeys; - "wg-quick-home-preshared-key.age".publicKeys = publicKeys; - "syncthing-key.pem.age".publicKeys = publicKeys; - "syncthing-cert.pem.age".publicKeys = publicKeys; - "keepassxc.ini.age".publicKeys = - publicKeys; # Secret agent causes private keys in config file. - "sops-keys.txt.age".publicKeys = publicKeys; -} diff --git a/secrets/sops-keys.txt.age b/secrets/sops-keys.txt.age deleted file mode 100644 index fcb41851c3e0149c12c980b234ad9acfd580fc4f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 397 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlaSRA8FIULQ^~nxR zj7ZH(u?%tz^-lFPFe(gk_00%R3Jmkj3iC)b)UQm-Np%S^NanIMEGe`IF7!?bFLo~V zb2jz%C@JwU&I@#O3Nv-jj*M~-4$cj6%r-L1ut2x1%qc3%G+jZvGO*OwFD%bH)JWgO zBqFsk)Z8p7JjvN2EIr3FBGlNs($Uk{Ki56kIGHOmKgB1sC^W|>EWEfVzrd)(&^;-y zGR-f{JKrKaEhwTaC&)|NxilcpFP%$QS63k~*;79(J;gc2FWKG8skkh$)FV5{B0a^h zAl1}6v&5j#Ey$oEsw&$&v6$=m^rNDGO=|pP|1CTyAmtISEYIbI!tS{$ESJc*k#(HoiGOho_FCeo13+%fmZ!&Oc_DmS@uO g|4jd{SN04lahue13$kZipX@MqmzmNb%b!*T0C~`o{r~^~