sops-nix for bw secrets
This commit is contained in:
parent
8e4e9c16fa
commit
4f4d38ed1e
5 changed files with 81 additions and 6 deletions
|
|
@ -1,4 +1,4 @@
|
|||
{ nix-flatpak, lib, pkgs, inputs, outputs, ... }:
|
||||
{ nix-flatpak, lib, config, pkgs, inputs, outputs, ... }:
|
||||
{
|
||||
|
||||
nixpkgs = {
|
||||
|
|
@ -68,6 +68,9 @@
|
|||
alsa-oss
|
||||
powertop
|
||||
|
||||
age
|
||||
sops
|
||||
|
||||
nix-du
|
||||
|
||||
usbutils
|
||||
|
|
@ -369,8 +372,8 @@
|
|||
WINEFSYNC = 1;
|
||||
PKG_CONFIG_PATH = "/home/emenel/.nix-profile/lib/pkgconfig:/home/emenel/.nix-profile/lib64/pkgconfig:/home/emenal/.nix-profile/share/pkgconfig";
|
||||
GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0";
|
||||
BW_CLIENTID = "***REMOVED***";
|
||||
BW_CLIENTSECRET = "***REMOVED***";
|
||||
BW_CLIENTID = "$(cat ${config.sops.defaultSymlinkPath}/bw_client_id)";
|
||||
BW_CLIENTSECRET = "$(cat ${config.sops.defaultSymlinkPath}/bw_api_key)";
|
||||
NIXOS_OZONE_WL = "1";
|
||||
};
|
||||
|
||||
|
|
@ -381,6 +384,22 @@
|
|||
enable = true;
|
||||
};
|
||||
|
||||
sops = {
|
||||
age.keyFile = "/home/emenel/.config/sops/age/keys.txt"; # must have no password!
|
||||
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
defaultSymlinkPath = "/run/user/1000/secrets";
|
||||
defaultSecretsMountPoint = "/run/user/1000/secrets.d";
|
||||
|
||||
secrets.bw_client_id = {
|
||||
path = "${config.sops.defaultSymlinkPath}/bw_client_id";
|
||||
};
|
||||
|
||||
secrets.bw_api_key = {
|
||||
path = "${config.sops.defaultSymlinkPath}/bw_api_key";
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
home-manager.enable = true;
|
||||
direnv = {
|
||||
|
|
@ -393,6 +412,7 @@
|
|||
"ls" = "eza";
|
||||
".j" = "just -g";
|
||||
"em" = "emacsclient -n -r";
|
||||
"mkdir" = "mkdir -pv";
|
||||
};
|
||||
plugins = [
|
||||
{
|
||||
|
|
@ -620,8 +640,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
# Service to start
|
||||
|
||||
# moving files!
|
||||
home.file.".npmrc".source = ../dotfiles/dot_npmrc;
|
||||
# xdg.configFile."kmonad".source = ../dotfiles/dot_config/kmonad;
|
||||
|
|
|
|||
22
home/secrets.yaml
Normal file
22
home/secrets.yaml
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
bw_client_id: ENC[AES256_GCM,data:7ssBRUFfYW7CNsDwntS6S+2p68DpSaivUFAXY1GaTUuxOc81QzEdqtY=,iv:8CaYkM/mv1tqunhQZ/YdNQS64d9PEjSKelI5S7pVZWU=,tag:WO006QqK0oyiG4zN+SglmQ==,type:str]
|
||||
bw_api_key: ENC[AES256_GCM,data:Dwb++djM0lrkkmfVDNq46uhMxjbj1grmDwykk2v4,iv:JPy6fOwaMAL31tk/yU6n9CMKhXV1WrGNV9dgOVIdbS4=,tag:v/IIZ9qCaCoimrxdNRsrWw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age10k8v6pfm3p7cmsgn6wu5ufpcquqgpvqh76l23xf326et55dacc0qlr8fe8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxM0J2TnF5ZHNETnNrWTlj
|
||||
SEViczZqOHRuNThhUHF0bllVZTNnZDdtWnhVCnZxTkVGczRRTzlDUDF2TmtjUVMw
|
||||
QVV2cTYxS1d5QXU3aUNyajZWelUyQmcKLS0tIG1oYjU3M0pBL2lBUmN1cFoyTXdB
|
||||
RTk5RGdrZ3dGaXJIait5VG45bTFpQVkKFvq2714fyXnUlQ2ovZGVl55Wq9m/uvpC
|
||||
Q7k9SEOdSMNqioG5TR7yhGS+cCbcO+zV7WXxKB+mpwUmhkc13H0w5A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-01-01T18:01:40Z"
|
||||
mac: ENC[AES256_GCM,data:hvRBNR5zYgAYbXYkGmijFRrl9dS98RqxMUIeMbI4KFopw61vLVG4sR2aIKD5UAVGNKb4tyv+PfW17VD1grGZXuSJbrks3ic0sbHVr4G3xh2w++/koiD3V+Mh0H1j3aEBX1UD13ThUpzPuwgSG5KUlp/naOQ8I63GNJL+LzgpK74=,iv:gQndjsTvVpD6EAgwwuEAfO1GiWmZsF05+ZpDGGmRtd8=,tag:hb/UEz7DQXH9obzm0OKnyQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
Loading…
Add table
Add a link
Reference in a new issue