don/NixOS-Configs
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Activity

inital support for sops + fomating

Browse source
This commit is contained in:
Don Harper 2025-11-11 20:24:00 -06:00
parent c27f617078
commit b85a924774
26 changed files with 249 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &host_loki age16a4ywf6pycs9l8rn7y34c6y8pqfz9utmwwkr70d0hapknkzdaafsesn0ff
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *host_loki

12
flake.nix
View file

@ -6,6 +6,7 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
sops-nix.url = "github:Mic92/sops-nix";
# nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; # nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
# disko.inputs.nixpkgs.follows = "nixpkgs"; # disko.inputs.nixpkgs.follows = "nixpkgs";
@ -26,13 +27,14 @@
outputs = inputs @ { outputs = inputs @ {
self, self,
nixpkgs,
nix,
nixpkgs-stable,
nixos-hardware,
home-manager,
catppuccin, catppuccin,
colmena, colmena,
home-manager,
nix,
nixos-hardware,
nixpkgs,
nixpkgs-stable,
sops-nix,
... ...
}: let }: let
inherit (self) outputs; inherit (self) outputs;

17
home/default.nix
View file

@ -1,13 +1,20 @@
{ inputs, outputs, pkgs, pkgs-stable, ... }: { {
imports = [ inputs.home-manager.nixosModules.home-manager ]; inputs,
outputs,
pkgs,
pkgs-stable,
...
}: {
imports = [inputs.home-manager.nixosModules.home-manager];
home-manager.extraSpecialArgs = { home-manager.extraSpecialArgs = {
pkgs-stable = import pkgs-stable { config.allowUnfree = true; }; pkgs-stable = import pkgs-stable {config.allowUnfree = true;};
inherit inputs outputs; inherit inputs outputs;
}; };
home-manager = { home-manager = {
# useGlobalPkgs = true; # useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
backupFileExtension = "home-manager-backup"; backupFileExtension = "home-manager-backup";
sharedModules = [inputs.sops-nix.homeManagerModules.sops];
users = { users = {
don = { don = {
imports = [ imports = [
@ -22,8 +29,8 @@
stateVersion = "23.05"; stateVersion = "23.05";
}; };
programs = { programs = {
home-manager = { enable = true; }; home-manager = {enable = true;};
go = { enable = true; }; go = {enable = true;};
}; };
}; };
}; };

12
hosts/ace/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
# ../disko/mmcblk.nix # ../disko/mmcblk.nix
../workstation ../workstation
@ -11,5 +19,5 @@
gui.enable = true; gui.enable = true;
kmscon.enable = true; kmscon.enable = true;
}; };
wm = { sway.enable = true; }; wm = {sway.enable = true;};
} }

1
hosts/book/default.nix
View file

@ -8,6 +8,7 @@
}: { }: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.google-pixelbook inputs.nixos-hardware.nixosModules.google-pixelbook
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
# ../disko/mmcblk.nix # ../disko/mmcblk.nix
../workstation ../workstation

12
hosts/display/default.nix
View file

@ -1,6 +1,14 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4 inputs.nixos-hardware.nixosModules.raspberry-pi-4
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
../pi-server ../pi-server
./kiosk.nix ./kiosk.nix
@ -10,7 +18,7 @@
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: super: { (final: super: {
makeModulesClosure = x: makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; }); super.makeModulesClosure (x // {allowMissing = true;});
}) })
]; ];
} }

10
hosts/dragon/default.nix
View file

@ -1,5 +1,11 @@
{ inputs, config, pkgs, ... }: { {
inputs,
config,
pkgs,
...
}: {
imports = [ imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-gpu-intel inputs.nixos-hardware.nixosModules.common-gpu-intel
@ -15,5 +21,5 @@
kmscon.enable = true; kmscon.enable = true;
auto-cpufreq.enable = true; auto-cpufreq.enable = true;
}; };
wm = { sway.enable = true; }; wm = {sway.enable = true;};
} }

12
hosts/eve/default.nix
View file

@ -1,6 +1,14 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.google-pixelbook inputs.nixos-hardware.nixosModules.google-pixelbook
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
# ../disko/mmcblk.nix # ../disko/mmcblk.nix
../workstation ../workstation
@ -14,5 +22,5 @@
kmscon.enable = true; kmscon.enable = true;
auto-cpufreq.enable = true; auto-cpufreq.enable = true;
}; };
wm = { sway.enable = true; }; wm = {sway.enable = true;};
} }

14
hosts/fred/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
../server ../server
./docker.nix ./docker.nix
@ -9,9 +17,9 @@
networking.hostName = "fred"; networking.hostName = "fred";
variables.address = "100.72.236.170"; variables.address = "100.72.236.170";
boot = { boot = {
binfmt.emulatedSystems = [ "aarch64-linux" ]; binfmt.emulatedSystems = ["aarch64-linux"];
loader = { loader = {
systemd-boot = { enable = true; }; systemd-boot = {enable = true;};
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
efiSysMountPoint = "/boot"; efiSysMountPoint = "/boot";

15
hosts/harper/default.nix
View file

@ -1,5 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
imports = [ ./hardware-configuration.nix ../../server ]; inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../server
];
networking.hostName = "harper"; networking.hostName = "harper";
variables.address = "100.72.0.3"; variables.address = "100.72.0.3";
} }

15
hosts/harper2/default.nix
View file

@ -1,5 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
imports = [ ./hardware-configuration.nix ../../server ]; inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../server
];
networking.hostName = "harper2"; networking.hostName = "harper2";
variables.address = "100.72.0.4"; variables.address = "100.72.0.4";
} }

1
hosts/loki/default.nix
View file

@ -8,6 +8,7 @@
}: { }: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
# ../disko/nvme.nix # ../disko/nvme.nix
../workstation ../workstation

15
hosts/nuwww/default.nix
View file

@ -1,5 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
imports = [ ./hardware-configuration.nix ../../server ]; inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../server
];
networking.hostName = "nuwww"; networking.hostName = "nuwww";
variables.address = "100.72.2.1"; variables.address = "100.72.2.1";
} }

1
hosts/pi-server/default.nix
View file

@ -126,6 +126,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
python313 python313
age
base16-schemes base16-schemes
bash-completion bash-completion
btop btop

16
hosts/pi1/default.nix
View file

@ -1,4 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
imports = [ ./hardware-configuration.nix ../pi-server ./kiosk.nix ]; inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../pi-server
./kiosk.nix
];
networking.hostName = "pi1"; networking.hostName = "pi1";
} }

15
hosts/pihole/default.nix
View file

@ -1,4 +1,15 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
imports = [ ./hardware-configuration.nix ../../server ]; inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../server
];
networking.hostName = "pihole"; networking.hostName = "pihole";
} }

1
hosts/pocket2/default.nix
View file

@ -7,6 +7,7 @@
... ...
}: { }: {
imports = [ imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-gpu-intel inputs.nixos-hardware.nixosModules.common-gpu-intel

1
hosts/server/default.nix
View file

@ -156,6 +156,7 @@ in {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
python-with-my-packages python-with-my-packages
age
aspell aspell
aspellDicts.en aspellDicts.en
base16-schemes base16-schemes

12
hosts/smaug/default.nix
View file

@ -1,8 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x260 inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x260
inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-ssd inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
# ../disko/sda.nix # ../disko/sda.nix
../workstation ../workstation
@ -17,5 +25,5 @@
auto-cpufreq.enable = true; auto-cpufreq.enable = true;
gnome-calendar.enable = true; gnome-calendar.enable = true;
}; };
wm = { sway.enable = true; }; wm = {sway.enable = true;};
} }

10
hosts/template/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
# ../disko/mmcblk.nix # ../disko/mmcblk.nix
../workstation ../workstation

15
hosts/vm/default.nix
View file

@ -1,4 +1,15 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
imports = [ ./hardware-configuration.nix ../server ]; inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../server
];
networking.hostName = "vm"; networking.hostName = "vm";
} }

14
hosts/vm1/default.nix
View file

@ -1,4 +1,14 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
imports = [ ./hardware-configuration.nix ]; inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
];
networking.hostName = "vm1"; networking.hostName = "vm1";
} }

15
hosts/w1/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
./network.nix ./network.nix
../server ../server
@ -10,9 +18,8 @@
variables.address = "100.72.16.240"; variables.address = "100.72.16.240";
boot = { boot = {
initrd = { initrd = {
availableKernelModules = availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
[ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; kernelModules = ["nvme"];
kernelModules = [ "nvme" ];
}; };
loader = { loader = {
grub = { grub = {

15
hosts/w2/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [ imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix ./hardware-configuration.nix
./network.nix ./network.nix
../server ../server
@ -8,9 +16,8 @@
networking.hostName = "w1"; networking.hostName = "w1";
boot = { boot = {
initrd = { initrd = {
availableKernelModules = availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
[ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; kernelModules = ["nvme"];
kernelModules = [ "nvme" ];
}; };
loader = { loader = {
grub = { grub = {

11
hosts/www2/default.nix
View file

@ -1,4 +1,11 @@
{ inputs, outputs, lib, config, pkgs, ... }: { {
imports = [ ./hardware-configuration.nix ../../server ]; inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix ../../server];
networking.hostName = "www2"; networking.hostName = "www2";
} }

28
secrets.yaml Normal file
View file

@ -0,0 +1,28 @@
#ENC[AES256_GCM,data:ZNxS2TSn,iv:29wdug8DNsqXK9gi3+HNSW1eeJGTcMtvccH2nFLk1DY=,tag:S3qAU5HB8Y5595dA6ItCmQ==,type:comment]
root_password: ENC[AES256_GCM,data:T4xaN92i7Q==,iv:dBznOslNEYSv2b90PZbR0G84hJyrI2sYR1YzJuLWPK0=,tag:mXT4ir6t4oOeT0X8S3QTSA==,type:str]
root_sshauth: ENC[AES256_GCM,data:eSxg81u5yRSSev2clW4YL2b6T4ygfUon636T+q2MTnoBQTbZxaknvJxNJemEGQKJRRNmzFQzP2LVWH7WbcNsALt0FQyo8oRJnSlGxebk+1MIlgrFxqFlY8c=,iv:7jyZ9WrKyX5EbbGYunzN/Ez2ULuKGo+FkVHk7hBtEtY=,tag:Gbr/ylA1S/9ZDfvK4xUvGg==,type:str]
don_password: ENC[AES256_GCM,data:LUAJQBmJlQ==,iv:FKmu8y6DuWa/XD0wqb7dxJNxITzrKOZNGZF94pqaaUo=,tag:YZdiWDImCi7AXYoU3uB0vw==,type:str]
don_sshauth: ENC[AES256_GCM,data:No8G1fgYWWKhUbaydGoxHe+fGWI5p0fD9cx2qegI+dZ9DV1ENKiACsJzWd004ZHA2G9PGzSeGb/p8Ay/3zVbSLJccWeblNE+P7e/HlGixZRXmv9BcvXm5cE=,iv:Bd3QLGrctTaBfOHMAnmPys8uViQFbBh4D2cxxhEeQJE=,tag:LD2QStSyEJ5yxQMbHOz3WA==,type:str]
vicky_password: ENC[AES256_GCM,data:XCKBMoOV,iv:swdBKF0STzMFbzYMBI8/nuNTE5B5DN7STkdNVx0w8Ys=,tag:Lw4SkSm3W0xh80M8loD/BQ==,type:str]
vicky_sshauth: ENC[AES256_GCM,data:1ec9IXnH4FSPG+9M2fMuDsDEo2E4PatwZiH8zIAKPCjlLIgvxRlioDO6fd+a9eaoAOoEIRaIwCOyK+VAlAxshrDA72nGH3xT/RmSeX6nVHGNh7gswdYh2Ts=,iv:jyuN5+Yj3Tfzk7h3ASPrNhxaFezJGLE5eWtgKl1SulY=,tag:gsQCp5g1ZpQA/wrWfGODqA==,type:str]
#ENC[AES256_GCM,data:wPhrf7k=,iv:2HQ4jzpjasLF1gZCfVCGv30xajhBUzhAXsi9s5Cy9JM=,tag:aCM86v27N+TAGVrxbuO5tg==,type:comment]
smtp_password: ENC[AES256_GCM,data:UvXraq2vRWejRscrg6ZSTg==,iv:ClAb/8jkLgBQC8FsTfEZNC/D9yzW2jZCCz82ziwF/oM=,tag:XxF4y10Dl7DLhvkCR1hV4A==,type:str]
smtp_server: ENC[AES256_GCM,data:WqiUBqsOvkGTFzMevId6Ug==,iv:ESeB2sKoyacK4nEEULIsCOUKF7WfFPdEcn0AfZ+ENfY=,tag:SgPgSz1ljKR1TynXrcD1Ag==,type:str]
smtp_port: ENC[AES256_GCM,data:9dtc,iv:M8RhdH1BYBQZ4NqoSKbO6UT22MOtNjmCPaz9AL90nF8=,tag:IUI0z4r+CHTJzwkF/99Ykw==,type:int]
#ENC[AES256_GCM,data:SFZglQQ16U0jDBTmBuxHH2TGFRt9rOxZTzc=,iv:MnzSRM4bte5WACvlTDSVTqFTBJMFFv8l8e7p1lu/bZE=,tag:v6JKaBu6dl+1jrK0VmpPBg==,type:comment]
ts_api: ENC[AES256_GCM,data:IkJ2+er8agfcTwPwWriensoEg8CQeNl3ZXUcadm3rbraXNKyqLY5UO6RNZxLk2CAvAY4MB7/fDRryDGZ3Po=,iv:ml9vhPKmKI2PlYjzFrVoUMjHRrPdI69zSY2qBa71ODU=,tag:TXnXEbN7X51PYwu8O8DfKw==,type:str]
sops:
age:
- recipient: age16a4ywf6pycs9l8rn7y34c6y8pqfz9utmwwkr70d0hapknkzdaafsesn0ff
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWkF2Q21TTW9NTE9EVXFI
NlI4Y1pZdWZaUkNDQUZxR0lzS1k5ZTZSb2xvCk9jVE9KQytFQXlZdWZXWGgrM3ZV
dnd2TlZlMDV6RlF6RitTeE9BWnJERzgKLS0tIEdKT0xHaDFpMlR1YmJCRkdnaDBp
em9ZMDljK2tXVnVDN1Q2UnYrZWVwblEKE/z1PQsld/r4AEWFyUgt6zNf7QfcLNYh
Btn5qGBPYizmYzAwleNOq5PDINUAlfT9fTfU6QBdRYkarbVjqDV6Pg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-12T02:13:51Z"
mac: ENC[AES256_GCM,data:ntO/fVmW2w04YQab12rvDa6feFmiNO4CQmi7LA/5wWt+J4z3qTyfYdNfb0mKEMFo5Wu3KhZWKIi97HDOAsKJqhIEgsdLOY9RbKuH+KHC81qjfRhbKC/yK84JHU2mc3K2cTpuFqw+xhJaGsbLNQYsWxi+dot7QvZTEPcC11XskFY=,iv:erleqHDriT1TQ86s1U8znD4s4o3g+mmClfELWtNNuss=,tag:McJZcWDdDb3X/emXvckPPg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0