cupcakearmy/nix-macos
1
0
Fork 0
mirror of https://github.com/cupcakearmy/nix-macos.git synced 2025-09-06 10:50:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: cupcakearmy:69e65afcf6093d532eaaf496cd1c617827634ea8
Branches Tags
cupcakearmy:main cupcakearmy:multi-host
...
compare: cupcakearmy:multi-host
Branches Tags
cupcakearmy:main cupcakearmy:multi-host

21 Commits
69e65afcf6 ... multi-host

Author SHA1 Message Date
Niccolo Borgioli
d9f26485e5 update rlcone 2025-02-14 17:45:41 +01:00
Niccolo Borgioli
26007eda57 update flake 2025-02-10 16:47:56 +01:00
Niccolo Borgioli
d75336f953 update rclone 2025-02-10 16:47:49 +01:00
Niccolo Borgioli
5d46d7f8a6 rclone 2025-02-04 17:18:42 +01:00
Niccolo Borgioli
e1570c6915 move age keys location to repo 2025-02-04 17:15:25 +01:00
Niccolo Borgioli
4aca03d528 sops 2025-02-04 16:12:34 +01:00
Niccolo Borgioli
c7aeaaef8d move pkgs to host config 2025-02-04 15:08:43 +01:00
Niccolo Borgioli
1e7e973472 sops stuff 2025-02-03 17:53:28 +01:00
Niccolo Borgioli
752be0fe82 configure direnv and zoxide with home manager 2025-02-03 17:50:00 +01:00
Niccolo Borgioli
61fa1382f0 optionally include sflx packages 2025-01-28 00:21:35 +01:00
Niccolo Borgioli
928e411040 move home manager config 2025-01-27 23:57:54 +01:00
Niccolo Borgioli
9610667c25 decouple all config from host 2025-01-27 23:46:38 +01:00
Niccolo Borgioli
646aaeefe4 multi host 2025-01-27 22:59:18 +01:00
Niccolo Borgioli
4c0a3b5794 ues hoppscotch 2025-01-21 16:13:40 +01:00
Niccolo Borgioli
f61d7eff44 typo 2025-01-15 23:46:25 +01:00
Niccolo Borgioli
ce8dfa8ca9 remove chime 2025-01-15 19:06:19 +01:00
Niccolo Borgioli
7000d01f6b add some macos config 2025-01-15 19:04:48 +01:00
Niccolo Borgioli
84b5e059b9 update flake 2025-01-14 15:47:38 +01:00
Niccolo Borgioli
5a8ffc855a update flake 2025-01-07 19:28:50 +01:00
Niccolo Borgioli
f9ca5a8461 add utm 2025-01-07 19:28:40 +01:00
Niccolo Borgioli
0783fe9244 save window size ghostty 2025-01-07 19:28:27 +01:00
19 changed files with 416 additions and 217 deletions
Expand all files Collapse all files

2
.envrc Normal file
View File

@@ -0,0 +1,2 @@
# export SOPS_AGE_KEY_FILE=${HOME}/.config/sops/age/keys.txt
export SOPS_AGE_KEY_FILE=$(pwd)/.keys.txt

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.keys.txt

4
.sops.yaml Normal file
View File

@@ -0,0 +1,4 @@
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
age: >-
age1fwwfdh3np846pcwlsre2d8py3a8z5gfltx3jcyghdfx9esn6a40sm60mdj

13
README.md
View File

@@ -13,5 +13,16 @@ curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix
git clone https://github.com/cupcakearmy/nix-macos ~/.config/nix-darwin git clone https://github.com/cupcakearmy/nix-macos ~/.config/nix-darwin
# Installation # Installation
nix run nix-darwin -- switch --flake ~/.config/nix-darwin#sflx nix run nix-darwin -- switch --flake ~/.config/nix-darwin#mbp
```
## Sops
Secrets are managed by sops-nix
```bash
# To edit the secrets files
nix shell nixpkgs#sops
sops ./secrets/foo.yaml
``` ```

5
cask.nix
View File

@@ -16,8 +16,9 @@
"docker" "docker"
"sloth" "sloth"
"vscodium" "vscodium"
"httpie" "hoppscotch"
"tailscale" "utm"
"balenaetcher"
# Apps # Apps
"figma" "figma"

72
darwin.nix Normal file
View File

@@ -0,0 +1,72 @@
{
pkgs,
host,
flake,
lib,
...
}:
{
nix.settings.experimental-features = "nix-command flakes";
# Set Git commit hash for darwin-version.
system.configurationRevision = flake.rev or flake.dirtyRev or null;
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 5;
nixpkgs.hostPlatform = host.platform;
nixpkgs.config.allowUnfree = true;
# Nix Darwin
# https://daiderd.com/nix-darwin/manual/index.html
# Security
system.defaults.screensaver.askForPassword = true;
system.defaults.screensaver.askForPasswordDelay = 0;
system.defaults.loginwindow.GuestEnabled = false;
# Dock
system.defaults.dock.autohide = true;
system.defaults.dock.orientation = "left";
system.defaults.dock.show-recents = false;
system.defaults.dock.persistent-apps = [
"/Applications/Arc.app"
"/Applications/Ghostty.app"
"/Applications/VSCodium.app"
"/Applications/Spotify.app"
"/System/Applications/System Settings.app"
];
system.defaults.dock.persistent-others = [ ];
# Input devices
system.keyboard.enableKeyMapping = true;
system.keyboard.remapCapsLockToEscape = true;
system.defaults.NSGlobalDomain.InitialKeyRepeat = 25;
system.defaults.NSGlobalDomain.KeyRepeat = 2;
system.defaults.NSGlobalDomain."com.apple.mouse.tapBehavior" = 1;
system.defaults.NSGlobalDomain."com.apple.trackpad.scaling" = 0.875;
system.defaults.trackpad.Dragging = true;
# Finder
system.defaults.finder.AppleShowAllExtensions = true;
system.defaults.finder.ShowPathbar = true;
# Other
system.startup.chime = false;
users.users.${host.username} = {
home = "/Users/${host.username}";
shell = pkgs.fish;
};
programs.fish.enable = true;
homebrew = {
enable = true;
casks = (import ./cask.nix) ++ (lib.attrByPath [ "extras" "casks" ] [ ] host);
taps = [ "lihaoyun6/tap" ];
onActivation = {
autoUpdate = true;
cleanup = "zap";
};
};
}

1
files/ghostty/config
View File

@@ -1,3 +1,4 @@
font-family = "JetBrainsMono Nerd Font" font-family = "JetBrainsMono Nerd Font"
quit-after-last-window-closed=true quit-after-last-window-closed=true
theme = "rose-pine" theme = "rose-pine"
window-save-state = "always"

9
files/git/gitconfig
View File

@@ -10,12 +10,6 @@
[commit] [commit]
gpgsign = false gpgsign = false
[includeIf "gitdir:/Users/nicco/"]
path = "~/.dotfiles/files/git/config.personal"
[includeIf "gitdir:/Users/niccoloborgioli/"]
path = "~/.dotfiles/files/git/config.work"
[pull] [pull]
rebase = false rebase = false
@@ -25,3 +19,6 @@
sort = -committerdate sort = -committerdate
[alias] [alias]
fpush = push --force-with-lease fpush = push --force-with-lease
[include]
path = ~/.gitconfig.local

61
flake.lock generated
View File

@@ -2,16 +2,14 @@
"nodes": { "nodes": {
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": "nixpkgs"
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1735774425, "lastModified": 1738878603,
"narHash": "sha256-C73gLFnEh8ZI0uDijUgCDWCd21T6I6tsaWgIBHcfAXg=", "narHash": "sha256-fmhq8B3MvQLawLbMO+LWLcdC2ftLMmwSk+P29icJ3tE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5f6aa268e419d053c3d5025da740e390b12ac936", "rev": "433799271274c9f2ab520a49527ebfe2992dcfbd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -27,11 +25,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735685839, "lastModified": 1738743987,
"narHash": "sha256-62xAPSs5VRZoPH7eRanUn5S5vZEd+8vM4bD5I+zxokc=", "narHash": "sha256-O3bnAfsObto6l2tQOmQlrO6Z2kD6yKwOWfs7pA0CpOc=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "6a1fdb2a1204c0de038847b601cff5012e162b5e", "rev": "ae406c04577ff9a64087018c79b4fdc02468c87c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -42,11 +40,27 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1735617354, "lastModified": 1738680400,
"narHash": "sha256-5zJyv66q68QZJZsXtmjDBazGnF0id593VSy+8eSckoo=", "narHash": "sha256-ooLh+XW8jfa+91F1nhf9OF7qhuA/y1ChLx6lXDNeY5U=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "69b9a8c860bdbb977adfa9c5e817ccb717884182", "rev": "799ba5bffed04ced7067a91798353d360788b30d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1738797219,
"narHash": "sha256-KRwX9Z1XavpgeSDVM/THdFd6uH8rNm/6R+7kIbGa+2s=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1da52dd49a127ad74486b135898da2cef8c62665",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -60,7 +74,28 @@
"inputs": { "inputs": {
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1738291974,
"narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
} }
} }
}, },

96
flake.nix
View File

@@ -1,5 +1,5 @@
{ {
description = "Example nix-darwin system flake"; description = "Personal Nix configuration";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
@@ -8,78 +8,48 @@
nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; # home-manager.inputs.nixpkgs.follows = "nixpkgs";
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs =
inputs@{ {
self, self,
nix-darwin, nix-darwin,
nixpkgs, nixpkgs,
home-manager, home-manager,
sops-nix,
}: }:
let let
configuration = hosts = import ./hosts;
{ pkgs, ... }: inherit (builtins) listToAttrs;
{
nix.settings.experimental-features = "nix-command flakes";
# Set Git commit hash for darwin-version.
system.configurationRevision = self.rev or self.dirtyRev or null;
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 5;
nixpkgs.hostPlatform = "aarch64-darwin";
nixpkgs.config.allowUnfree = true;
# Nix Darwin
# https://daiderd.com/nix-darwin/manual/index.html
environment.systemPackages = [ ];
system.defaults.dock.autohide = true;
system.defaults.dock.orientation = "left";
system.defaults.finder.AppleShowAllExtensions = true;
system.keyboard.enableKeyMapping = true;
system.keyboard.remapCapsLockToEscape = true;
system.defaults.NSGlobalDomain.InitialKeyRepeat = 25;
system.defaults.NSGlobalDomain.KeyRepeat = 2;
system.defaults.NSGlobalDomain."com.apple.mouse.tapBehavior" = 1;
system.defaults.NSGlobalDomain."com.apple.trackpad.scaling" = 0.875;
system.defaults.trackpad.Dragging = true;
users.users."niccoloborgioli" = {
home = "/Users/niccoloborgioli";
shell = pkgs.fish;
};
programs.fish.enable = true;
homebrew.enable = true;
homebrew.casks = import ./cask.nix;
homebrew.taps = [ "lihaoyun6/tap" ];
homebrew.onActivation.autoUpdate = true;
homebrew.onActivation.cleanup = "zap";
# Home Manager
home-manager.backupFileExtension = "backup";
};
in in
{ {
# Build darwin flake using: darwinConfigurations = listToAttrs (
# $ darwin-rebuild build --flake .#Niccolo-Borgioli-s-MacBook-Pro map (host: {
darwinConfigurations."sflx" = nix-darwin.lib.darwinSystem { name = host.hostName;
modules = [ value = nix-darwin.lib.darwinSystem {
configuration specialArgs = {
home-manager.darwinModules.home-manager inherit sops-nix;
{ inherit host;
home-manager.useGlobalPkgs = true; flake = self;
home-manager.useUserPackages = true; };
home-manager.users.niccoloborgioli = import ./home.nix; modules = [
} (import ./darwin.nix)
]; sops-nix.darwinModules.sops
}; home-manager.darwinModules.home-manager
{
# Expose the package set, including overlays, for convenience. home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ];
darwinPackages = self.darwinConfigurations."sflx".pkgs; home-manager.backupFileExtension = "backup";
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.${host.username} = import ./home/home.nix { inherit host; };
}
];
};
}) hosts
);
}; };
} }

132
home.nix
View File

@@ -1,132 +0,0 @@
{ config, pkgs, ... }:
{
# https://nix-community.github.io/home-manager
home.stateVersion = "24.11"; # Please read the comment before changing.
programs.home-manager.enable = true;
home.username = "niccoloborgioli";
home.homeDirectory = "/Users/niccoloborgioli";
home.packages = [
pkgs.tmux
pkgs.oh-my-posh
pkgs.git
pkgs.git-lfs
pkgs.git-crypt
pkgs.bfg-repo-cleaner
pkgs.gnutar
pkgs.gnupg
pkgs.htop
pkgs.rclone
pkgs.rename
pkgs.tmux
pkgs.tree
pkgs.wget
pkgs.woff2
pkgs.bat
pkgs.rsync
pkgs.direnv
pkgs.zoxide
pkgs.devenv
pkgs.bitwarden-cli
# Editor
pkgs.neovim
pkgs.fzf
pkgs.lazygit
pkgs.lua
pkgs.luajitPackages.luarocks
pkgs.ast-grep
pkgs.ripgrep
# Language specific
pkgs.nixfmt-rfc-style
pkgs.fnm
pkgs.bun
pkgs.deno
pkgs.zig
pkgs.uv
pkgs.ruff
pkgs.tectonic
pkgs.tex-fmt
pkgs.rustup
# Codding
pkgs.nixpacks
# sflx
pkgs.vault
pkgs.cocoapods
pkgs.phrase-cli
pkgs.boundary
pkgs.nerd-fonts.jetbrains-mono
];
fonts.fontconfig.enable = true;
home.sessionVariables = {
EDITOR = "nvim";
};
home.file = {
".config/omp/config.yaml".source = ./files/omp/config.yaml;
".config/ghostty/config".source = ./files/ghostty/config;
".gitconfig".source = ./files/git/gitconfig;
".gitignore_global".source = ./files/git/gitignore_global;
".config/nvim".source = ./files/nvim;
};
home.shellAliases = {
l = "ls -hal";
dc = "docker compose";
rsync = "rsync -az --info=progress2";
t = "tmux new-session -A -s main";
e = "nvim";
hms = "home-manager switch --flake ~/nix#root -b backup";
snd = "darwin-rebuild switch --flake ~/.config/nix-darwin#sflx";
};
programs.fish = {
enable = true;
interactiveShellInit = ''
if type -q oh-my-posh
oh-my-posh init fish --config ~/.config/omp/config.yaml | source
end
if type -q fnm
fnm env --use-on-cd | source
end
if type -q direnv
direnv hook fish | source
end
if type -q zoxide
zoxide init fish | source
end
'';
};
programs.bash = {
enable = true;
};
programs.tmux = {
enable = true;
clock24 = true;
mouse = true;
extraConfig = ''
# switch panes using Alt-arrow without prefix
bind -n M-Left select-pane -L
bind -n M-Right select-pane -R
bind -n M-Up select-pane -U
bind -n M-Down select-pane -D
# switch panes using jkhl
bind h select-pane -L
bind l select-pane -R
bind j select-pane -U
bind k select-pane -D
'';
shell = "${pkgs.fish}/bin/fish";
terminal = "tmux-256color";
};
}

97
home/home.nix Normal file
View File

@@ -0,0 +1,97 @@
{ host }:
{
pkgs,
lib,
config,
sops-nix,
...
}:
{
# https://nix-community.github.io/home-manager
home.stateVersion = "25.05";
programs.home-manager.enable = true;
home.username = host.username;
home.homeDirectory = "/Users/${host.username}";
home.packages =
(import ./pkgs.nix { inherit pkgs; })
++ ((lib.attrByPath [ "extras" "pkgs" ] (pkgs: [ ]) host) pkgs);
fonts.fontconfig.enable = true;
home = {
sessionVariables = {
EDITOR = "nvim";
};
file = {
".config/omp/config.yaml".source = ../files/omp/config.yaml;
".config/ghostty/config".source = ../files/ghostty/config;
".gitconfig".source = ../files/git/gitconfig;
".gitignore_global".source = ../files/git/gitignore_global;
".gitconfig.local".source = ../files/git/config.work;
".config/nvim".source = ../files/nvim;
};
shellAliases = {
l = "ls -hal";
dc = "docker compose";
rsync = "rsync -az --info=progress2";
t = "tmux new-session -A -s main";
e = "nvim";
vai = "darwin-rebuild switch --flake ~/.config/nix-darwin#${host.hostName}";
};
};
programs = {
direnv.enable = true;
zoxide.enable = true;
fish = {
enable = true;
interactiveShellInit = ''
if type -q oh-my-posh
oh-my-posh init fish --config ~/.config/omp/config.yaml | source
end
if type -q fnm
fnm env --use-on-cd | source
end
'';
};
bash = {
enable = true;
};
tmux = {
enable = true;
clock24 = true;
mouse = true;
extraConfig = ''
# switch panes using Alt-arrow without prefix
bind -n M-Left select-pane -L
bind -n M-Right select-pane -R
bind -n M-Up select-pane -U
bind -n M-Down select-pane -D
# switch panes using jkhl
bind h select-pane -L
bind l select-pane -R
bind j select-pane -U
bind k select-pane -D
'';
shell = "${pkgs.fish}/bin/fish";
terminal = "tmux-256color";
};
};
# Secrets
sops = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = ../secrets/ssh.yaml;
secrets.config = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/config";
};
};
}

57
home/pkgs.nix Normal file
View File

@@ -0,0 +1,57 @@
{ pkgs }:
with pkgs;
[
# Base
tmux
oh-my-posh
git
git-lfs
git-crypt
bfg-repo-cleaner
gnutar
gnupg
htop
btop
rclone
rename
tmux
tree
wget
woff2
bat
rsync
sops
#bitwarden-cli
# Dev
devenv
nixpacks
ollama
colima
lazydocker
# Editor
neovim
fzf
lazygit
lua
luajitPackages.luarocks
ast-grep
ripgrep
# Language specific
nixfmt-rfc-style
fnm
bun
deno
zig
uv
ruff
tectonic
tex-fmt
rustup
shfmt
# Fonts
nerd-fonts.jetbrains-mono
]

4
hosts/default.nix Normal file
View File

@@ -0,0 +1,4 @@
[
(import ./mac14.nix)
(import ./mac16.nix)
]

5
hosts/mac14.nix Normal file
View File

@@ -0,0 +1,5 @@
{
username = "cupcakearmy";
hostName = "mac14";
platform = "aarch64-darwin";
}

21
hosts/mac16.nix Normal file
View File

@@ -0,0 +1,21 @@
{
username = "niccoloborgioli";
hostName = "mac16";
platform = "aarch64-darwin";
extras = {
casks = [
"phpstorm"
"datagrip"
"tailscale"
];
pkgs =
pkgs: with pkgs; [
vault
cocoapods
phrase-cli
boundary
awscli2
];
};
}

21
secrets/rclone.yaml Normal file
View File

@@ -0,0 +1,21 @@
config: ENC[AES256_GCM,data:zI596VIhEL2L181KfWrjzJuzkC/hrbrtofBmbwkx3VRmlYU4yGHufckrJ3rVEzVRpcva4HJ8/QeVK7PBHI0KBY/ZqDXU58Loc5RtpXE7178WOtmEV50H6TAVIie04wP6RreThA03NoSOpn+pEgOhSUKCsMX0Q9YkrHT7StSLqsQRHfXuNiEkZwWGLfKS0i+OjvKCQYOgAcpF/KLqsWNJdP1lrmTHUlocMX5KQeeaPrk6gK0RF7Ct4wM/CTJWLq+Glc2/Gv3L3jpgFElnzkP2nICja+yT2F2eWGEdbNiVwfiEnhehVXZX+Pb8p3lN59wIma0hvALOQyIP1Xc1r32V0fOXL02ZM7lpgMg5puA+ZC6l/kc6YVJnCDITytA672z5fdXN599YBvT6/m4lGDipRyGzBTLO2pYnQf/KXZTn43AANy7zVwAwM0SmRxoSEU6clOUT5rIA28DY9Q9z3B46RLfwXkJkuBjNVtyzsYNvHi2mBRZxmopvqVB5RTTHnBaTEHsIiuJFctvC/+Mxsjco2lloDCp8sfdnCrDCoCf/SgPGreZ336WFnCA/vZ6yMjeDZqgLrhlRsV5iCuhZ3T7UB1PNExNBFSLhPUBbz8I+EPolU0bYePsZaxUof4FS31EVRwy9hw6exo6JmeG7U6URWwEKviBvilgmUNvmuBqkrdEXgofDNOc1CEJhPMqmpLdGpAkU3EQJz4un+opvybauZ8qWu5+4L0enS+iIbbQBKNL8DcJytjyS2j7xCXxeOqh+MOO88QxUtBpAGvrSQFFO8Dgdv6sd1V3/rBZseNZIJg2DhHWPKAtyfeS+pCwvchqaY3MOaUkuYjaDvQ5P4XQZI1xd3OT/kaebct982m9WTW2Y68OapCe76nx3avsWPyaeakNEGPLCEMPMQHaXmExEd7FXBwst+b2cUwJngUMGm9jVuaCgJKROHo0Fz2oLm6HfEF4y9JtIOIfKpBdb4UYXlXwq8T1RMwxaQk1WYJScZR2EUJGsyLlL7cLYPT16XzbsXkuhSWeRzPDG3JvO8OdCqGbkDHKkxtG1zcyRQSjOQ7tEZWV2kV6mKOok2w20LN7fg3th6KqSsXOUGTKYrkQYyHAZan9+8zl+zJBEIoHlCce4JthS3I+SsXoPmdrBr9LvEk2B7djYARBt1c9C+8mfiCF9X2lmOg32rdXyJKpl66SKtIrlsV0E35pRq7qEVZODWLfSHEs0JbvVVS9Nbf96+nfgXoJca2Uf6saZp/ziu+5egQABX1hASCjrHeQatfjA0QNsz1jGrUNLl1pvO4xT367IpSjhNEuboLt31ml7imXe1v1EhZeQBFeD+SSyGaks/+mejN39eWliO/TcKD8654j7ARI/uV4h6y1jD93ICAkmSATdbmgqoC0eNsmO99gogbG/Dr7+fprAIGMiXmlGlVBFq5SKPzQTUrDzpJMGkDo=,iv:tku1FKoT+483p4f/0ETC/k7YTVpBLEZvZwTBYIByiuE=,tag:vcZTgJnryU+4Q70tYqjpbA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1fwwfdh3np846pcwlsre2d8py3a8z5gfltx3jcyghdfx9esn6a40sm60mdj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTVJuQlA1aXFzeGI5SFZZ
c09USmpJeTRVWG5VR3AxWXVPNWxnMEtmbGljCmFFTTBNaUd5WUQ4aHhyQ29STHhj
eTBtTGhKWXpLWGlURFlrcll4cTRYUVUKLS0tIGFtOGZ3dU5HQ1UyY0NKUnVDaDNP
a0RONm94bWQ5ZXdEUmxRTHJsREJjQk0Kdiuyrb7pcah6HVMQpStFhG4+JUWuLA7F
WD6deMpuxiuLooQhcVVKPrK8jmbCGFvmEoDlRFegaTjofYsBUAnhfg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-14T15:41:40Z"
mac: ENC[AES256_GCM,data:PJX1Sce3MAd/vwQguJKPTjoJb6gRzNjPErEBS3iIY155P3NxdReWwEHHBlOtObYwJlv1DlwalyZkegJVysYC7kueDHO0tCxLfa6uIbxDrJ2hIkEJZ36m0txWSDIx12UaDAPkeQKMH73JogwCnS2AvpyyclKyYqEOhJy0ENQLpTY=,iv:Fcnt+HtwEPbKDCclzOXxtGjtTxlBcXZVGmRQC1kqtZM=,tag:WNifjYJks6bMit1MQxmcOA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

21
secrets/ssh.yaml Normal file
View File

@@ -0,0 +1,21 @@
config: ENC[AES256_GCM,data:zbHax9P2aa3gecoWQTrHZ5wtjouYnYJPKnoM1B1bZ/wxV1gEsHIAFu96FBhWEI8dRPgDO7FkjdgI/ip1WVtwqQgasHbFYRoc46UI8kbMYPrWSlIsNLQQJjaMdfn0KqIQJDFD3FL8cwnj6Es/E/Bb62h+ILb2pRU+4pmKdxA/1DWSXHl+BNTx8nLmFrTtm7rMo0b3OOQlNe3cz2BKGbzJBRhmOGAppZIPoRNKtZDbss3qTcb3PHQbOt1dgFQcUCnaQFbjsRGiATSYroszUP4SPbBR9wLeSoBT7rCeTxvN+0tlB3zyMGF42IWVO2SZh160zxb03YKjYUWMVHSEhMLLDLHO4U885AeX45gc2p7UUUjtZdqjAs+0qMH5EAlscQnhR0ioN6L0VRX/KWnJmsfTbdkY/5ldoXVnzx8TauwLsyyr/EymYlTR3DyeR3sbCUXLD6pxDMlAeVzakGuXzYjjBhx2Or4sEtoek2E/50kjtrignG7ADopvM7R43gf1FfRbnneQLk1g81lDEzgU9IlnnqH3ZyRKvPmUBiAcAlgndF1niUuRkdq5quFk0IOxAoDc9XcoA5uUEDs6s+d9Ejp5wWRKT7yKPjzMmTDzb0I++UFu7QRxbIF39UJn73R8rWnlN99pkUCo3LeBmJS1Hz1z+SKmRNrD8qW4ytcwlqkSfzVYb6DBjPq7xAliE6Gk7JPmOCHvq/LJ/dbjGSEqtgBcmzbg6TN4tdmvj7DOxrmch9m4iROiMHpJjUJC7c2uMd/e+bojLgNT8qQavExxGa7gL+8PvemGZO5vAZDEGjgxxeUhMSW9x47MESjTZOfRBwC891IsLTHAAWilvbw0F2ISmzcA/TdweC3jFkp+5wZITENca52vlFYW9WCfRtfYIT8rOsRoTiwDUtIPQfNpgY4+3kYI65vipw==,iv:8BiTj23eULj7Rjw+iWbJ0QR80Xss9xDSla3hSz/9E6M=,tag:OdJIcXwA9P65o2H4Ii6UcQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1fwwfdh3np846pcwlsre2d8py3a8z5gfltx3jcyghdfx9esn6a40sm60mdj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOQng5V1YwTDdWbVBocStY
NXo5OFBBU1krbzFkNU52MDhJR2lkUGcwbndNCkpYMlRQU3NTVWJYN2lPWXhieUtw
R2R2OXV1N1dEQnN5QzgvUjdxR1doV2sKLS0tIFRuTUNYOFZ5YWNlWjR6MmxneTBy
dnowaVoyc0FhTEJLQmJYM1VQTDlKZ0EKBnlbVqp+D6C8Avs39SQr3ESNRCvQKcMO
MFz3pV9ENOaTrY10xuA8J0easXwyqCc3EgMPYp86FQXENpt+9m3efw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-29T11:05:11Z"
mac: ENC[AES256_GCM,data:HYsosS2tyBvU1rQp3xH48YTY2lmA+115ls4ZhxmAm43yjfqvFtHKVQSDIYEeWGANX58GnN3wOj9ANVC6BZX3v4DUoD9VAXqfPc1S8Sb1C7rc1W5vT1V4Qjz5VsSX+jpjzj8dbROxJ+h5kd6II1gpl47ZtMaWynsAd5N6v9lU5s8=,iv:22lMFqrDZ7ctPjbHV/0HWSW1AfGoIn1KcwjcpCnDMno=,tag:hF/361akPsRSoXWFMQQZXQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3

11
test.nix Normal file
View File

@@ -0,0 +1,11 @@
let
hosts = import ./hosts;
inherit (builtins) listToAttrs;
result = listToAttrs (
map (item: {
name = item.hostName;
value = item;
}) hosts
);
in
result