irl/nix-configs
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: set irl's password

Browse source
This commit is contained in:
Iain Learmonth 2025-06-13 18:57:19 +01:00
parent b40c4d8d57
commit 6224c55ab4
5 changed files with 105 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
.sops.yaml Normal file
View file

@ -0,0 +1,13 @@
keys:
- &users:
- &irl age1uhp600xemepn27l0vxnt7hmuvk53wmw5peh9d3wy4ma2apsympmqxm8jxq
- &hosts:
- &homeserver age1y9v37jc3kxuygw042qrsvseac5krhh3skp88ewlqlja00uslpyss62e4nd
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *irl
- *homeserver

37
flake.lock generated
View file

@ -110,6 +110,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1744868846,
"narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
@ -138,7 +154,26 @@
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nur": "nur" "nur": "nur",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1749592509,
"narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=",
"owner": "mic92",
"repo": "sops-nix",
"rev": "50754dfaa0e24e313c626900d44ef431f3210138",
"type": "github"
},
"original": {
"owner": "mic92",
"repo": "sops-nix",
"type": "github"
} }
}, },
"systems": { "systems": {

5
flake.nix
View file

@ -16,6 +16,10 @@
url = "github:nix-community/NUR"; url = "github:nix-community/NUR";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
url = "github:mic92/sops-nix";
inputs.nix.follows = "nixpkgs";
};
}; };
outputs = outputs =
{ {
@ -24,6 +28,7 @@
flake-utils, flake-utils,
home-manager, home-manager,
nur, nur,
sops-nix,
... ...
}@inputs: }@inputs:
let let

27
nixos/common.nix
View file

@ -1,8 +1,30 @@
{ pkgs, ... }: {
pkgs,
config,
sops-nix,
...
}:
{ {
imports = [
sops-nix.nixosModules.sops
];
nix.settings.experimental-features = "nix-command flakes"; nix.settings.experimental-features = "nix-command flakes";
sops = {
defaultSopsFile = ../secrets.yaml;
validateSopsFiles = false;
age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
secrets.irl-password.neededForUsers = true;
};
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.UTF-8"; i18n.defaultLocale = "en_GB.UTF-8";
@ -19,9 +41,12 @@
LC_TIME = "en_GB.UTF-8"; LC_TIME = "en_GB.UTF-8";
}; };
users.mutableUsers = false;
users.users.irl = { users.users.irl = {
isNormalUser = true; isNormalUser = true;
description = "irl"; description = "irl";
hashedPasswordFile = config.sops.secrets.irl-password.path;
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"wheel" "wheel"

25
secrets.yaml Normal file
View file

@ -0,0 +1,25 @@
irl-password: ENC[AES256_GCM,data:8DcPiZ9Ui40MaOaPJ5XmZI3M7XDqLtBqJKLEUnolMYuNoa6dDBF/IicokQO6zvNVw0G2DPVQwbKzgEaWtvnj+5rXm+QbyEVIKw==,iv:+qsf6VzsMzAj6A5B6TCQ/ZaYDt0EiZYwQ7gZg0sw2TM=,tag:3Xi5bSJ7rYEUUVIDuynHag==,type:str]
sops:
age:
- recipient: age1uhp600xemepn27l0vxnt7hmuvk53wmw5peh9d3wy4ma2apsympmqxm8jxq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZmJkMlpoN2RRUEVVUCtS
cVl4T0grTit5TGtGUEM2MTlBRnQ2OWlWaEVrClErVm5uRzQySzNDM3J6dDFQY2U0
cjlVS1NpTzdBQzgvSHJndmlxMWRmbUkKLS0tIHBtTkhSU1BTZHhMaXdZT0xiWWZD
ZXlLNjAzSVkxZWtDRjlUMHV5bnJXK3MKNGKAW7iq/Qfo1dAt3Zxjzu+PsjdtaYPG
a5Zvnazkm2dmuajldII/+xk4r/JewBZmeWdd37n2lUpbSisgcw0X5A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y9v37jc3kxuygw042qrsvseac5krhh3skp88ewlqlja00uslpyss62e4nd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQTcxWkphbngrK3RMaEZF
UHU4ZURiVmNZdDhoR1l5YWVDZ1YvdlZWbndJCnRZd0tmR2lXcnA0V0dRaDZzZkg5
YitPd01mbFc1VHVyTDl3Sk9UTGptclEKLS0tIEtWb0VNZWFLUmNZRDh3S0N4WmN0
SlVKUDZWVEp2YmR4V3ArRW1GR1lXeTAKRJoawuTKrgrz6qeOSTmYLXO6n66QNPLA
C5UI4yB0WLeRxdqxU84a3rS2ZjgTh22RR0WwRe6siOaKOdS1G96DXw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-13T17:56:08Z"
mac: ENC[AES256_GCM,data:YjTPJ69gNE3MOxUq8X1H4ucqiJxIwRFBBLz0pu6nJgx64XDKe96qeiy7NLAnyJuzOgXpZxb6bm+ecf4E288Bq5NyqpWyrICXC37mSMMXTIoi+HZMHk/GYOAezfCHCBzJBKlJjTZhmslF1zu/4jGtUf/VTOCm+WTPDTUjVkzvwJ8=,iv:vsiDWLir7b/DmOgJFs9iuNxJxJAipdriP/XSPbm4MKU=,tag:aBXeQdetTepLNj/kl45McQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2