diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 00000000..8eff7d35 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,9 @@ +keys: + - &admin_enno_mb4 age1e6gdd6c0nf5p47jhcq8dvrcyu4vmrzvg2kd75thsgyl7pzqemunq9mfl7e + - &admin_enno_tp3 age13em7fsrealzue677tdqejgsafc2sfx62h5w03ynkv0urujuc0g0stw209m +creation_rules: + - path_regex: secrets/tp3-home\.(yaml|json|env|ini)$ + key_groups: + - age: + - *admin_enno_mb4 + - *admin_enno_tp3 diff --git a/flake.lock b/flake.lock index e943f0e0..8f352c40 100644 --- a/flake.lock +++ b/flake.lock @@ -89,11 +89,11 @@ ] }, "locked": { - "lastModified": 1729712798, - "narHash": "sha256-a+Aakkb+amHw4biOZ0iMo8xYl37uUL48YEXIC5PYJ/8=", + "lastModified": 1729942962, + "narHash": "sha256-xzt7tb4YUw6VZXSCGw4sukirJSfYsIcFyvmhK5KMiKw=", "owner": "nix-community", "repo": "disko", - "rev": "09a776702b004fdf9c41a024e1299d575ee18a7d", + "rev": "58cd832497f9c87cb4889744b86aba4284fd0474", "type": "github" }, "original": { @@ -295,11 +295,11 @@ ] }, "locked": { - "lastModified": 1729826725, - "narHash": "sha256-w3WNlYxqWYsuzm/jgFPyhncduoDNjot28aC8j39TW0U=", + "lastModified": 1729982130, + "narHash": "sha256-HmLLQbX07rYD0RXPxbf3kJtUo66XvEIX9Y+N5QHQ9aY=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "7840909b00fbd5a183008a6eb251ea307fe4a76e", + "rev": "2eb472230a5400c81d9008014888b4bff23bcf44", "type": "github" }, "original": { @@ -315,11 +315,11 @@ ] }, "locked": { - "lastModified": 1729394935, - "narHash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=", + "lastModified": 1729999765, + "narHash": "sha256-LYsavZXitFjjyETZoij8usXjTa7fa9AIF3Sk3MJSX+Y=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "04f8a11f247ba00263b060fbcdc95484fd046104", + "rev": "0e3a8778c2ee218eff8de6aacf3d2fa6c33b2d4f", "type": "github" }, "original": { @@ -355,11 +355,11 @@ ] }, "locked": { - "lastModified": 1729667848, - "narHash": "sha256-hxFdfGViezhIWvfZoN16PAZUILnsE4CHK2cDjHUFLHI=", + "lastModified": 1729947339, + "narHash": "sha256-2KjfNaOeXnEF9BT6selMuFDaFDpqoVO4L7JuCHk+beE=", "owner": "elohmeier", "repo": "nixcfg", - "rev": "f884a0f08d5a76d75b8ac560e535fe82c778b9b1", + "rev": "121b1356e08f0ea613b6bcfc1feeb7ee8b6a9fb1", "type": "github" }, "original": { @@ -386,11 +386,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729902363, - "narHash": "sha256-HWeds5ORD7dZZPco7qKrQHCKt1arH21UYPDvOi9THZI=", + "lastModified": 1730004163, + "narHash": "sha256-0gwVNy7vsLg44tXwI8pPqftW9wx/r8dVzE7v9wh+oY0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "54830391487253422f0ccab55fc557b2e725ace0", + "rev": "3fc5b34329b4dcaac606bd109dea05058227a9ed", "type": "github" }, "original": { @@ -431,11 +431,11 @@ ] }, "locked": { - "lastModified": 1729791159, - "narHash": "sha256-i5TKYCs9tJ2qaYTsjQh3WwExmj4O0EU+L1jq6ZBVMfM=", + "lastModified": 1729956896, + "narHash": "sha256-uQwoEyi0P5MHi1EamlYO516szGjiLhP/qxV/1Z0vZO0=", "owner": "nix-community", "repo": "nixvim", - "rev": "4726334e4413ff55f1db3768c8d08722abbf09cf", + "rev": "bb0e3892a27efdc6f9c1771927f513577cb1c671", "type": "github" }, "original": { @@ -455,11 +455,11 @@ ] }, "locked": { - "lastModified": 1729809697, - "narHash": "sha256-r3jMdRyG1ozydtmaze2Ah4OL81Y7567kbWvvME8Js/Q=", + "lastModified": 1729992468, + "narHash": "sha256-zzGpWx64+/TfZdF5TjzUIV4ESFWCsscapK5Smx9bexk=", "owner": "NuschtOS", "repo": "search", - "rev": "b35c0b1cbbcc42161c07c77419c2801d461f1401", + "rev": "3c246cc08ffa8e61956e506dd6689bc6e9d5aa20", "type": "github" }, "original": { @@ -566,6 +566,7 @@ "nuschtosSearch": "nuschtosSearch", "nvim-config": "nvim-config", "pre-commit-hooks": "pre-commit-hooks", + "sops-nix": "sops-nix", "systems": "systems", "treefmt-nix": "treefmt-nix" } @@ -595,6 +596,29 @@ "type": "github" } }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729999681, + "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index bf36d839..0cbd698a 100644 --- a/flake.nix +++ b/flake.nix @@ -105,6 +105,11 @@ inputs.gitignore.follows = "gitignore"; inputs.nixpkgs-stable.follows = "nixpkgs"; }; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs-stable.follows = "nixpkgs"; + }; systems = { url = "github:nix-systems/default"; }; diff --git a/modules/home/default.nix b/modules/home/default.nix index ac1df2e2..2bcfb7ab 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -120,14 +120,15 @@ inputs.nixcfg.hmModules.cli-git inputs.nixcfg.hmModules.cli-lazygit inputs.nixcfg.hmModules.cli-tmux + inputs.sops-nix.homeManagerModules.sops self.homeModules.fish self.homeModules.fonts self.homeModules.git self.homeModules.gpg self.homeModules.neovim + self.homeModules.pass self.homeModules.ssh self.homeModules.tp3 - self.homeModules.pass { home.stateVersion = "23.05"; } ]; }; diff --git a/modules/home/tp3.nix b/modules/home/tp3.nix index e3d1631d..e71d58e3 100644 --- a/modules/home/tp3.nix +++ b/modules/home/tp3.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { nixpkgs.config = { @@ -9,8 +9,12 @@ home = { username = "gordon"; homeDirectory = "/home/gordon"; + sessionPath = [ + "${config.home.homeDirectory}/.local/bin" # uv-managed + ]; packages = with pkgs; [ + age aichat bchunk firefox @@ -21,11 +25,12 @@ libreoffice-fresh lutris nix-update + podman ripgrep samba - transmission_4-gtk - podman skopeo + sops + transmission_4-gtk uv wine winetricks @@ -33,6 +38,16 @@ ]; }; + sops = { + age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; + defaultSopsFile = ../../secrets/tp3-home.yaml; + secrets."aichat-config.yaml" = { }; + }; + + home.file.".config/aichat/config.yaml".source = + config.lib.file.mkOutOfStoreSymlink + config.sops.secrets."aichat-config.yaml".path; + programs.mpv = { enable = true; # package = pkgs.wrapMpv (pkgs.mpv-unwrapped.override { ffmpeg_5 = pkgs.ffmpeg_5-full; }) { }; diff --git a/secrets/tp3-home.yaml b/secrets/tp3-home.yaml new file mode 100644 index 00000000..525ef4cf --- /dev/null +++ b/secrets/tp3-home.yaml @@ -0,0 +1,21 @@ +aichat-config.yaml: ENC[AES256_GCM,data:jEAMbUg1hx+KgNY/WWM2dN+kzyR2wOpLFLG9BpAOELqJgdb+qxE+yhTN/QVnv4t+Vr5Ebdu0BwGSDOYgLTCYblXTEeT0wFswOMUCcPHETtDhf19KDMMLu+x6S73pdeP6SX/+pxQdTwz37Hd6GpjdXwKf6+Ue1Z/38eFghOgzq0wOIwGuZMA3QUBwjAMskDi/czta0gfBi6ODhtPXaDCXQq6SLSg+JA==,iv:eTv1Q3Q+k0+rYEMcqUA27G/ZMLPfTawXr0eaOvKT6yg=,tag:CcYl8eP0UjBJ77K3D3RFOw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age13em7fsrealzue677tdqejgsafc2sfx62h5w03ynkv0urujuc0g0stw209m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbnlxcllHWS9UdmswOXRh + eXBTcmFtem1jdXUxamtRWlZyek5KRTVXQ1NnCmRTK3dGaVR6U1drdDJnMTF1WFpO + ejZZSFpjbFBPTjB0N1hPRGUzVlo5TUEKLS0tIE1TdmJiZnh3ZnFocVgzQ29aNFl4 + WjdCNHZvcVlBU2t2UUU4cmIxdm9adVUKUJvYSGIZmuQGzPSwNE8ygMVniRmzM3UH + ZrR4HVR+scNeM6fo4wLVwfkhJa8BXRXnB0Ngnuuwk1Fe0zyFR325jQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-27T05:11:01Z" + mac: ENC[AES256_GCM,data:tQOI313R2g3jIqxkRy+xIA1rDhtF/1tOtG4YaiNipdxpyRkt/WH+f/6B/IjlsrrF65XjQuu3hIzo+Y3J77LREImtxvhDJfwGIX1mLZ/vZP6x+8uNuzjkPOXwVZBSVUDibe28TtFyLjU9RVcryxyDBWeOd2avPA9ogRfF1lK46DI=,iv:UzjoCa/OpXDczioWVFmnKyDE5fM00yt7DJBBKOon2Ig=,tag:2KdchQN2ZLag6CMfnE61rQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1