cupcakearmy/nix-macos
1
0
Fork 0
mirror of https://github.com/cupcakearmy/nix-macos.git synced 2025-04-04 05:57:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

sops stuff

Browse Source
This commit is contained in:
Niccolo Borgioli 2025-02-03 17:53:28 +01:00
parent 752be0fe82
commit 1e7e973472
11 changed files with 128 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.sops.yaml Normal file
View File

@ -0,0 +1,4 @@
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
age: >-
age1fwwfdh3np846pcwlsre2d8py3a8z5gfltx3jcyghdfx9esn6a40sm60mdj

1
cask.nix
View File

@ -17,7 +17,6 @@
"sloth"
"vscodium"
"hoppscotch"
"tailscale"
"utm"
"balenaetcher"

12
darwin.nix
View File

@ -1,5 +1,10 @@
{ flake }:
{ pkgs, host, ... }:
{
pkgs,
host,
flake,
lib,
...
}:
{
nix.settings.experimental-features = "nix-command flakes";
@ -57,7 +62,8 @@
homebrew = {
enable = true;
casks = import ./cask.nix;
# casks = (if builtins.hasAttr "casks" host then host.casks else [ ]) ++ (import ./cask.nix);
casks = (lib.attrByPath [ "extras" "casks" ] [ ] host) ++ (import ./cask.nix);
taps = [ "lihaoyun6/tap" ];
onActivation = {
autoUpdate = true;

9
files/git/gitconfig
View File

@ -10,12 +10,6 @@
[commit]
gpgsign = false
[includeIf "gitdir:/Users/nicco/"]
path = "~/.dotfiles/files/git/config.personal"
[includeIf "gitdir:/Users/niccoloborgioli/"]
path = "~/.dotfiles/files/git/config.work"
[pull]
rebase = false
@ -25,3 +19,6 @@
sort = -committerdate
[alias]
fpush = push --force-with-lease
[include]
path = ~/.gitconfig.local

61
flake.lock generated
View File

@ -2,16 +2,14 @@
"nodes": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1737762889,
"narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
"lastModified": 1738448366,
"narHash": "sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
"rev": "18fa9f323d8adbb0b7b8b98a8488db308210ed93",
"type": "github"
},
"original": {
@ -27,11 +25,11 @@
]
},
"locked": {
"lastModified": 1737504076,
"narHash": "sha256-/B4XJnzYU/6K1ZZOBIgsa3K4pqDJrnC2579c44c+4rI=",
"lastModified": 1738277753,
"narHash": "sha256-iyFcCOk0mmDiv4ut9mBEuMxMZIym3++0qN1rQBg8FW0=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "65cc1fa8e36ceff067daf6cfb142331f02f524d3",
"rev": "49b807fa7c37568d7fbe2aeaafb9255c185412f9",
"type": "github"
},
"original": {
@ -42,11 +40,27 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1737879851,
"narHash": "sha256-H+FXIKj//kmFHTTW4DFeOjR7F1z2/3eb2iwN6Me4YZk=",
"lastModified": 1737885589,
"narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5d3221fd57cc442a1a522a15eb5f58230f45a304",
"rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1738452225,
"narHash": "sha256-Qmwx3FXM0x0pdjibwTk/uRbayqDrs3EwmRJe7tQWu48=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6c4e0724e0a785a20679b1bca3a46bfce60f05b6",
"type": "github"
},
"original": {
@ -60,7 +74,28 @@
"inputs": {
"home-manager": "home-manager",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1738291974,
"narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
}
},

23
flake.nix
View File

@ -8,7 +8,10 @@
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
# home-manager.inputs.nixpkgs.follows = "nixpkgs";
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
@ -17,6 +20,7 @@
nix-darwin,
nixpkgs,
home-manager,
sops-nix,
}:
let
hosts = import ./hosts;
@ -27,18 +31,17 @@
map (host: {
name = host.hostName;
value = nix-darwin.lib.darwinSystem {
specialArgs = {
inherit sops-nix;
inherit host;
flake = self;
};
modules = [
# Make `host` available as module arg.
(
{ config, ... }:
{
config._module.args = { inherit host; };
}
)
# configuration
(import ./darwin.nix { flake = self; })
(import ./darwin.nix)
sops-nix.darwinModules.sops
home-manager.darwinModules.home-manager
{
home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ];
home-manager.backupFileExtension = "backup";
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;

21
home.nix
View File

@ -1,8 +1,14 @@
{ host }:
{ pkgs, lib, ... }:
{
pkgs,
lib,
config,
sops-nix,
...
}:
{
# https://nix-community.github.io/home-manager
home.stateVersion = "25.05"; # Please read the comment before changing.
home.stateVersion = "25.05";
programs.home-manager.enable = true;
home.username = host.username;
@ -26,6 +32,7 @@
".config/ghostty/config".source = ./files/ghostty/config;
".gitconfig".source = ./files/git/gitconfig;
".gitignore_global".source = ./files/git/gitignore_global;
".gitconfig.local".source = ./files/git/config.work;
".config/nvim".source = ./files/nvim;
};
@ -79,4 +86,14 @@
};
};
# Secrets
sops = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets/ssh.yaml;
secrets.config = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/config";
};
};
}

1
home/sflx.nix
View File

@ -5,4 +5,5 @@ with pkgs;
cocoapods
phrase-cli
boundary
awscli2
]

2
home/shared.nix
View File

@ -25,6 +25,8 @@ with pkgs;
devenv
nixpacks
ollama
colima
lazydocker
# Editor
neovim

8
hosts/mac16.nix
View File

@ -2,4 +2,12 @@
username = "niccoloborgioli";
hostName = "mac16";
platform = "aarch64-darwin";
extras = {
casks = [
"phpstorm"
"datagrip"
"tailscale"
];
};
}

21
secrets/ssh.yaml Normal file
View File

@ -0,0 +1,21 @@
config: ENC[AES256_GCM,data:zbHax9P2aa3gecoWQTrHZ5wtjouYnYJPKnoM1B1bZ/wxV1gEsHIAFu96FBhWEI8dRPgDO7FkjdgI/ip1WVtwqQgasHbFYRoc46UI8kbMYPrWSlIsNLQQJjaMdfn0KqIQJDFD3FL8cwnj6Es/E/Bb62h+ILb2pRU+4pmKdxA/1DWSXHl+BNTx8nLmFrTtm7rMo0b3OOQlNe3cz2BKGbzJBRhmOGAppZIPoRNKtZDbss3qTcb3PHQbOt1dgFQcUCnaQFbjsRGiATSYroszUP4SPbBR9wLeSoBT7rCeTxvN+0tlB3zyMGF42IWVO2SZh160zxb03YKjYUWMVHSEhMLLDLHO4U885AeX45gc2p7UUUjtZdqjAs+0qMH5EAlscQnhR0ioN6L0VRX/KWnJmsfTbdkY/5ldoXVnzx8TauwLsyyr/EymYlTR3DyeR3sbCUXLD6pxDMlAeVzakGuXzYjjBhx2Or4sEtoek2E/50kjtrignG7ADopvM7R43gf1FfRbnneQLk1g81lDEzgU9IlnnqH3ZyRKvPmUBiAcAlgndF1niUuRkdq5quFk0IOxAoDc9XcoA5uUEDs6s+d9Ejp5wWRKT7yKPjzMmTDzb0I++UFu7QRxbIF39UJn73R8rWnlN99pkUCo3LeBmJS1Hz1z+SKmRNrD8qW4ytcwlqkSfzVYb6DBjPq7xAliE6Gk7JPmOCHvq/LJ/dbjGSEqtgBcmzbg6TN4tdmvj7DOxrmch9m4iROiMHpJjUJC7c2uMd/e+bojLgNT8qQavExxGa7gL+8PvemGZO5vAZDEGjgxxeUhMSW9x47MESjTZOfRBwC891IsLTHAAWilvbw0F2ISmzcA/TdweC3jFkp+5wZITENca52vlFYW9WCfRtfYIT8rOsRoTiwDUtIPQfNpgY4+3kYI65vipw==,iv:8BiTj23eULj7Rjw+iWbJ0QR80Xss9xDSla3hSz/9E6M=,tag:OdJIcXwA9P65o2H4Ii6UcQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1fwwfdh3np846pcwlsre2d8py3a8z5gfltx3jcyghdfx9esn6a40sm60mdj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOQng5V1YwTDdWbVBocStY
NXo5OFBBU1krbzFkNU52MDhJR2lkUGcwbndNCkpYMlRQU3NTVWJYN2lPWXhieUtw
R2R2OXV1N1dEQnN5QzgvUjdxR1doV2sKLS0tIFRuTUNYOFZ5YWNlWjR6MmxneTBy
dnowaVoyc0FhTEJLQmJYM1VQTDlKZ0EKBnlbVqp+D6C8Avs39SQr3ESNRCvQKcMO
MFz3pV9ENOaTrY10xuA8J0easXwyqCc3EgMPYp86FQXENpt+9m3efw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-29T11:05:11Z"
mac: ENC[AES256_GCM,data:HYsosS2tyBvU1rQp3xH48YTY2lmA+115ls4ZhxmAm43yjfqvFtHKVQSDIYEeWGANX58GnN3wOj9ANVC6BZX3v4DUoD9VAXqfPc1S8Sb1C7rc1W5vT1V4Qjz5VsSX+jpjzj8dbROxJ+h5kd6II1gpl47ZtMaWynsAd5N6v9lU5s8=,iv:22lMFqrDZ7ctPjbHV/0HWSW1AfGoIn1KcwjcpCnDMno=,tag:hF/361akPsRSoXWFMQQZXQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3