Install sops-nix
This commit is contained in:
parent
018699c7eb
commit
5ed881f694
3 changed files with 79 additions and 3 deletions
4
.sops.yaml
Normal file
4
.sops.yaml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
keys:
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
55
flake.lock
55
flake.lock
|
|
@ -34,10 +34,63 @@
|
|||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1713638189,
|
||||
"narHash": "sha256-q7APLfB6FmmSMI1Su5ihW9IwntBsk2hWNXh8XtSdSIk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "74574c38577914733b4f7a775dd77d24245081dd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1713596654,
|
||||
"narHash": "sha256-LJbHQQ5aX1LVth2ST+Kkse/DRzgxlVhTL1rxthvyhZc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "fd16bb6d3bcca96039b11aa52038fafeb6e4f4be",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs"
|
||||
"nixpkgs": "nixpkgs",
|
||||
"sops-nix": "sops-nix"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1713892811,
|
||||
"narHash": "sha256-uIGmA2xq41vVFETCF1WW4fFWFT2tqBln+aXnWrvjGRE=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "f1b0adc27265274e3b0c9b872a8f476a098679bd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"ref": "f1b0adc27265274e3b0c9b872a8f476a098679bd",
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
|
|
|
|||
23
flake.nix
23
flake.nix
|
|
@ -4,19 +4,37 @@
|
|||
inputs = {
|
||||
nixpkgs.url = "nixpkgs/38c01297e7ec11f7b9e3f2cae7d6fcec6cc767ec";
|
||||
flake-utils.url = "github:numtide/flake-utils?ref=b1d9ab70662946ef0850d488da1c9019f3a9752a";
|
||||
sops-nix.url = "github:Mic92/sops-nix?ref=f1b0adc27265274e3b0c9b872a8f476a098679bd";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, flake-utils }: (
|
||||
outputs = { self, nixpkgs, flake-utils, sops-nix }: (
|
||||
flake-utils.lib.eachDefaultSystem (
|
||||
system:
|
||||
let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
config = {};
|
||||
|
||||
overlays = [
|
||||
sops-nix.overlays.default
|
||||
];
|
||||
};
|
||||
in {
|
||||
devShells.default = pkgs.mkShellNoCC (
|
||||
with pkgs;
|
||||
{
|
||||
sopsPGPKeyDirs = [
|
||||
"${toString ./.}/keys/hosts"
|
||||
"${toString ./.}/keys/users"
|
||||
];
|
||||
|
||||
packages = [
|
||||
nixos-rebuild
|
||||
sops-import-keys-hook
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
sops-import-keys-hook
|
||||
];
|
||||
});
|
||||
}
|
||||
|
|
@ -39,6 +57,7 @@
|
|||
|
||||
modules = [
|
||||
({ ... }: { config._module.args = { machineConfig = config; }; })
|
||||
sops-nix.nixosModules.sops
|
||||
./lib/configuration.nix
|
||||
|
||||
(
|
||||
|
|
|
|||
Loading…
Reference in a new issue