From 5ed881f6942ccae0f54fee63971066341324d030 Mon Sep 17 00:00:00 2001 From: Manuel Thalmann Date: Thu, 2 May 2024 01:08:45 +0200 Subject: [PATCH] Install `sops-nix` --- .sops.yaml | 4 ++++ flake.lock | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 23 +++++++++++++++++++++-- 3 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 .sops.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..2f3eb48 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,4 @@ +keys: +creation_rules: + - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + key_groups: \ No newline at end of file diff --git a/flake.lock b/flake.lock index c369787..bc0ddcf 100644 --- a/flake.lock +++ b/flake.lock @@ -34,10 +34,63 @@ "type": "indirect" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1713638189, + "narHash": "sha256-q7APLfB6FmmSMI1Su5ihW9IwntBsk2hWNXh8XtSdSIk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "74574c38577914733b4f7a775dd77d24245081dd", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1713596654, + "narHash": "sha256-LJbHQQ5aX1LVth2ST+Kkse/DRzgxlVhTL1rxthvyhZc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fd16bb6d3bcca96039b11aa52038fafeb6e4f4be", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1713892811, + "narHash": "sha256-uIGmA2xq41vVFETCF1WW4fFWFT2tqBln+aXnWrvjGRE=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "f1b0adc27265274e3b0c9b872a8f476a098679bd", + "type": "github" + }, + "original": { + "owner": "Mic92", + "ref": "f1b0adc27265274e3b0c9b872a8f476a098679bd", + "repo": "sops-nix", + "type": "github" } }, "systems": { diff --git a/flake.nix b/flake.nix index c32a615..656664a 100644 --- a/flake.nix +++ b/flake.nix @@ -4,19 +4,37 @@ inputs = { nixpkgs.url = "nixpkgs/38c01297e7ec11f7b9e3f2cae7d6fcec6cc767ec"; flake-utils.url = "github:numtide/flake-utils?ref=b1d9ab70662946ef0850d488da1c9019f3a9752a"; + sops-nix.url = "github:Mic92/sops-nix?ref=f1b0adc27265274e3b0c9b872a8f476a098679bd"; }; - outputs = { self, nixpkgs, flake-utils }: ( + outputs = { self, nixpkgs, flake-utils, sops-nix }: ( flake-utils.lib.eachDefaultSystem ( system: let - pkgs = nixpkgs.legacyPackages.${system}; + pkgs = import nixpkgs { + inherit system; + config = {}; + + overlays = [ + sops-nix.overlays.default + ]; + }; in { devShells.default = pkgs.mkShellNoCC ( with pkgs; { + sopsPGPKeyDirs = [ + "${toString ./.}/keys/hosts" + "${toString ./.}/keys/users" + ]; + packages = [ nixos-rebuild + sops-import-keys-hook + ]; + + nativeBuildInputs = [ + sops-import-keys-hook ]; }); } @@ -39,6 +57,7 @@ modules = [ ({ ... }: { config._module.args = { machineConfig = config; }; }) + sops-nix.nixosModules.sops ./lib/configuration.nix (