don/NixOS-Configs
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Activity

inital support for sops + fomating

Browse source
This commit is contained in:
Don Harper 2025-11-11 20:24:00 -06:00
parent c27f617078
commit b85a924774
26 changed files with 249 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &host_loki age16a4ywf6pycs9l8rn7y34c6y8pqfz9utmwwkr70d0hapknkzdaafsesn0ff
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *host_loki

12
flake.nix
View file

@ -6,6 +6,7 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
sops-nix.url = "github:Mic92/sops-nix";
# nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
# disko.inputs.nixpkgs.follows = "nixpkgs";
@ -26,13 +27,14 @@
outputs = inputs @ {
self,
nixpkgs,
nix,
nixpkgs-stable,
nixos-hardware,
home-manager,
catppuccin,
colmena,
home-manager,
nix,
nixos-hardware,
nixpkgs,
nixpkgs-stable,
sops-nix,
...
}: let
inherit (self) outputs;

9
home/default.nix
View file

@ -1,4 +1,10 @@
{ inputs, outputs, pkgs, pkgs-stable, ... }: {
{
inputs,
outputs,
pkgs,
pkgs-stable,
...
}: {
imports = [inputs.home-manager.nixosModules.home-manager];
home-manager.extraSpecialArgs = {
pkgs-stable = import pkgs-stable {config.allowUnfree = true;};
@ -8,6 +14,7 @@
# useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "home-manager-backup";
sharedModules = [inputs.sops-nix.homeManagerModules.sops];
users = {
don = {
imports = [

10
hosts/ace/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
# ../disko/mmcblk.nix
../workstation

1
hosts/book/default.nix
View file

@ -8,6 +8,7 @@
}: {
imports = [
inputs.nixos-hardware.nixosModules.google-pixelbook
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
# ../disko/mmcblk.nix
../workstation

10
hosts/display/default.nix
View file

@ -1,6 +1,14 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../pi-server
./kiosk.nix

8
hosts/dragon/default.nix
View file

@ -1,5 +1,11 @@
{ inputs, config, pkgs, ... }: {
{
inputs,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-gpu-intel

10
hosts/eve/default.nix
View file

@ -1,6 +1,14 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.nixos-hardware.nixosModules.google-pixelbook
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
# ../disko/mmcblk.nix
../workstation

10
hosts/fred/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../server
./docker.nix

15
hosts/harper/default.nix
View file

@ -1,5 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../../server ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../server
];
networking.hostName = "harper";
variables.address = "100.72.0.3";
}

15
hosts/harper2/default.nix
View file

@ -1,5 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../../server ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../server
];
networking.hostName = "harper2";
variables.address = "100.72.0.4";
}

1
hosts/loki/default.nix
View file

@ -8,6 +8,7 @@
}: {
imports = [
inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
# ../disko/nvme.nix
../workstation

15
hosts/nuwww/default.nix
View file

@ -1,5 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../../server ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../server
];
networking.hostName = "nuwww";
variables.address = "100.72.2.1";
}

1
hosts/pi-server/default.nix
View file

@ -126,6 +126,7 @@
environment.systemPackages = with pkgs; [
python313
age
base16-schemes
bash-completion
btop

16
hosts/pi1/default.nix
View file

@ -1,4 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../pi-server ./kiosk.nix ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../pi-server
./kiosk.nix
];
networking.hostName = "pi1";
}

15
hosts/pihole/default.nix
View file

@ -1,4 +1,15 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../../server ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../server
];
networking.hostName = "pihole";
}

1
hosts/pocket2/default.nix
View file

@ -7,6 +7,7 @@
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-gpu-intel

1
hosts/server/default.nix
View file

@ -156,6 +156,7 @@ in {
environment.systemPackages = with pkgs; [
python-with-my-packages
age
aspell
aspellDicts.en
base16-schemes

10
hosts/smaug/default.nix
View file

@ -1,8 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x260
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
# ../disko/sda.nix
../workstation

10
hosts/template/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
# ../disko/mmcblk.nix
../workstation

15
hosts/vm/default.nix
View file

@ -1,4 +1,15 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../server ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../server
];
networking.hostName = "vm";
}

14
hosts/vm1/default.nix
View file

@ -1,4 +1,14 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
];
networking.hostName = "vm1";
}

13
hosts/w1/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
./network.nix
../server
@ -10,8 +18,7 @@
variables.address = "100.72.16.240";
boot = {
initrd = {
availableKernelModules =
[ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
kernelModules = ["nvme"];
};
loader = {

13
hosts/w2/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
./network.nix
../server
@ -8,8 +16,7 @@
networking.hostName = "w1";
boot = {
initrd = {
availableKernelModules =
[ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
kernelModules = ["nvme"];
};
loader = {

11
hosts/www2/default.nix
View file

@ -1,4 +1,11 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../../server ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix ../../server];
networking.hostName = "www2";
}

28
secrets.yaml Normal file
View file

@ -0,0 +1,28 @@
#ENC[AES256_GCM,data:ZNxS2TSn,iv:29wdug8DNsqXK9gi3+HNSW1eeJGTcMtvccH2nFLk1DY=,tag:S3qAU5HB8Y5595dA6ItCmQ==,type:comment]
root_password: ENC[AES256_GCM,data:T4xaN92i7Q==,iv:dBznOslNEYSv2b90PZbR0G84hJyrI2sYR1YzJuLWPK0=,tag:mXT4ir6t4oOeT0X8S3QTSA==,type:str]
root_sshauth: ENC[AES256_GCM,data:eSxg81u5yRSSev2clW4YL2b6T4ygfUon636T+q2MTnoBQTbZxaknvJxNJemEGQKJRRNmzFQzP2LVWH7WbcNsALt0FQyo8oRJnSlGxebk+1MIlgrFxqFlY8c=,iv:7jyZ9WrKyX5EbbGYunzN/Ez2ULuKGo+FkVHk7hBtEtY=,tag:Gbr/ylA1S/9ZDfvK4xUvGg==,type:str]
don_password: ENC[AES256_GCM,data:LUAJQBmJlQ==,iv:FKmu8y6DuWa/XD0wqb7dxJNxITzrKOZNGZF94pqaaUo=,tag:YZdiWDImCi7AXYoU3uB0vw==,type:str]
don_sshauth: ENC[AES256_GCM,data:No8G1fgYWWKhUbaydGoxHe+fGWI5p0fD9cx2qegI+dZ9DV1ENKiACsJzWd004ZHA2G9PGzSeGb/p8Ay/3zVbSLJccWeblNE+P7e/HlGixZRXmv9BcvXm5cE=,iv:Bd3QLGrctTaBfOHMAnmPys8uViQFbBh4D2cxxhEeQJE=,tag:LD2QStSyEJ5yxQMbHOz3WA==,type:str]
vicky_password: ENC[AES256_GCM,data:XCKBMoOV,iv:swdBKF0STzMFbzYMBI8/nuNTE5B5DN7STkdNVx0w8Ys=,tag:Lw4SkSm3W0xh80M8loD/BQ==,type:str]
vicky_sshauth: ENC[AES256_GCM,data:1ec9IXnH4FSPG+9M2fMuDsDEo2E4PatwZiH8zIAKPCjlLIgvxRlioDO6fd+a9eaoAOoEIRaIwCOyK+VAlAxshrDA72nGH3xT/RmSeX6nVHGNh7gswdYh2Ts=,iv:jyuN5+Yj3Tfzk7h3ASPrNhxaFezJGLE5eWtgKl1SulY=,tag:gsQCp5g1ZpQA/wrWfGODqA==,type:str]
#ENC[AES256_GCM,data:wPhrf7k=,iv:2HQ4jzpjasLF1gZCfVCGv30xajhBUzhAXsi9s5Cy9JM=,tag:aCM86v27N+TAGVrxbuO5tg==,type:comment]
smtp_password: ENC[AES256_GCM,data:UvXraq2vRWejRscrg6ZSTg==,iv:ClAb/8jkLgBQC8FsTfEZNC/D9yzW2jZCCz82ziwF/oM=,tag:XxF4y10Dl7DLhvkCR1hV4A==,type:str]
smtp_server: ENC[AES256_GCM,data:WqiUBqsOvkGTFzMevId6Ug==,iv:ESeB2sKoyacK4nEEULIsCOUKF7WfFPdEcn0AfZ+ENfY=,tag:SgPgSz1ljKR1TynXrcD1Ag==,type:str]
smtp_port: ENC[AES256_GCM,data:9dtc,iv:M8RhdH1BYBQZ4NqoSKbO6UT22MOtNjmCPaz9AL90nF8=,tag:IUI0z4r+CHTJzwkF/99Ykw==,type:int]
#ENC[AES256_GCM,data:SFZglQQ16U0jDBTmBuxHH2TGFRt9rOxZTzc=,iv:MnzSRM4bte5WACvlTDSVTqFTBJMFFv8l8e7p1lu/bZE=,tag:v6JKaBu6dl+1jrK0VmpPBg==,type:comment]
ts_api: ENC[AES256_GCM,data:IkJ2+er8agfcTwPwWriensoEg8CQeNl3ZXUcadm3rbraXNKyqLY5UO6RNZxLk2CAvAY4MB7/fDRryDGZ3Po=,iv:ml9vhPKmKI2PlYjzFrVoUMjHRrPdI69zSY2qBa71ODU=,tag:TXnXEbN7X51PYwu8O8DfKw==,type:str]
sops:
age:
- recipient: age16a4ywf6pycs9l8rn7y34c6y8pqfz9utmwwkr70d0hapknkzdaafsesn0ff
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWkF2Q21TTW9NTE9EVXFI
NlI4Y1pZdWZaUkNDQUZxR0lzS1k5ZTZSb2xvCk9jVE9KQytFQXlZdWZXWGgrM3ZV
dnd2TlZlMDV6RlF6RitTeE9BWnJERzgKLS0tIEdKT0xHaDFpMlR1YmJCRkdnaDBp
em9ZMDljK2tXVnVDN1Q2UnYrZWVwblEKE/z1PQsld/r4AEWFyUgt6zNf7QfcLNYh
Btn5qGBPYizmYzAwleNOq5PDINUAlfT9fTfU6QBdRYkarbVjqDV6Pg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-12T02:13:51Z"
mac: ENC[AES256_GCM,data:ntO/fVmW2w04YQab12rvDa6feFmiNO4CQmi7LA/5wWt+J4z3qTyfYdNfb0mKEMFo5Wu3KhZWKIi97HDOAsKJqhIEgsdLOY9RbKuH+KHC81qjfRhbKC/yK84JHU2mc3K2cTpuFqw+xhJaGsbLNQYsWxi+dot7QvZTEPcC11XskFY=,iv:erleqHDriT1TQ86s1U8znD4s4o3g+mmClfELWtNNuss=,tag:McJZcWDdDb3X/emXvckPPg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0