adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cleanup secrets

Browse source 
move secrets out of the repo

move secrets

cleanup secrets
This commit is contained in:
Adithya 2024-06-16 21:57:31 +05:30
parent efea526d87
commit dcb5d76ff0
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
8 changed files with 31 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
common/default.nix
View file

@ -1,3 +1,3 @@
{ ... }: { { ... }: {
imports = [ ./nix.nix ./secrets.nix ./users.nix ]; imports = [ ./nix.nix ./sops.nix ./users.nix ];
} }

BIN
common/secrets.nix
View file

Binary file not shown.

23
common/sops.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, ... }: {
sops = {
defaultSopsFile = ./secrets.yaml;
age = {
keyFile = "/persist/sops/age/keys.txt";
sshKeyPaths = [ "/persist/system/etc/ssh/keys/ssh_host_ed25519_key" ];
};
secrets = {
"passwd/root" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
neededForUsers = true;
};
"passwd/adtya" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
neededForUsers = true;
};
};
};
}

2
common/users.nix
View file

@ -7,7 +7,7 @@
adtya = { adtya = {
uid = 1000; uid = 1000;
hashedPasswordFile = config.sops.secrets."passwd/adtya".path; hashedPasswordFile = config.sops.secrets."passwd/adtya".path;
description = "Adithya"; description = "Adithya Nair";
isNormalUser = true; isNormalUser = true;
extraGroups = [ "docker" "libvirtd" "networkmanager" "tss" "wheel" ]; extraGroups = [ "docker" "libvirtd" "networkmanager" "tss" "wheel" ];
shell = pkgs.zsh; shell = pkgs.zsh;

12
home/programs/git.nix
View file

@ -1,8 +1,4 @@
{ secrets, ... }: { osConfig, ... }: {
let
user = secrets.users;
in
{
programs.git = { programs.git = {
enable = true; enable = true;
delta = { delta = {
@ -12,10 +8,10 @@ in
syntax-theme = "Dracula"; syntax-theme = "Dracula";
}; };
}; };
userEmail = user.primary.emailAddress; userEmail = "adtya@adtya.xyz";
userName = user.primary.realName; userName = osConfig.users.users.adtya.description;
signing = { signing = {
key = user.primary.pgpFingerprint; key = "51E4F5AB1B82BE45B4229CC243A5E25AA5A27849";
signByDefault = true; signByDefault = true;
}; };
extraConfig = { extraConfig = {

8
hosts/skipper/services/default.nix
View file

@ -1,8 +1,4 @@
{ secrets, ... }: { config, ... }: {
let
user = secrets.users;
in
{
imports = [ imports = [
./btrfs.nix ./btrfs.nix
./dbus.nix ./dbus.nix
@ -15,7 +11,7 @@ in
cpupower-gui.enable = true; cpupower-gui.enable = true;
fstrim.enable = true; fstrim.enable = true;
fwupd.enable = true; fwupd.enable = true;
getty.autologinUser = user.primary.userName; getty.autologinUser = config.users.users.adtya.name;
gnome.gnome-keyring.enable = true; gnome.gnome-keyring.enable = true;
gvfs.enable = true; gvfs.enable = true;
irqbalance.enable = true; irqbalance.enable = true;

BIN
secrets.nix
View file

Binary file not shown.

12
secrets.nix.example
View file

@ -4,16 +4,4 @@
endpoint = "<endpoint>:<port>"; endpoint = "<endpoint>:<port>";
publicKey = "<public key>"; publicKey = "<public key>";
}; };
users = {
root.hashedPassword = "<password hash of root user>";
primary = {
userName = "<primary non-root username>";
realName = "<primary user's full name>";
hashedPassword = "<password hash of primary user>";
pgpFingerprint = "<primary user's pgp fingerprint>";
emailAddress = "<primary user's email>";
sshPublicKey = "<ssh public key>";
};
};
phone.sshPublicKey = "<ssh public key from phone>";
} }