Compare commits

...

1 Commits
master ... sops

Author SHA1 Message Date
David Morgan ae42d53020
Add experimental sops setup 2022-11-24 16:37:10 +00:00
5 changed files with 41 additions and 4 deletions

7
nix-conf/.sops.yaml Normal file
View File

@ -0,0 +1,7 @@
keys:
- &admin_djm age1w7kjp0qdgfyg9cyj5w4qc4fc9qz3w65xw2veazesfgdenqrd3ucqsc5ejv
creation_rules:
- path_regex: secrets/[^/]+\.json$
key_groups:
- age:
- *admin_djm

View File

@ -2,9 +2,10 @@
let
hcr = pkgs.callPackage ./scripts/hm-changes-report.nix { inherit config pkgs; };
scr = pkgs.callPackage ./scripts/system-changes-report.nix { inherit config pkgs; };
secrets = "${config.home.homeDirectory}/dotfiles/nix-conf/secrets/home.json";
email = builtins.exec [ "sops" "-d" "--extract" ''["email"]'' secrets ];
in
{
imports = [
./zsh.nix
];
@ -172,6 +173,7 @@ in
programs.git = {
enable = true;
userName = "David Morgan";
userEmail = email;
aliases = {
# difftastic
logt = "!sh -c 'GIT_EXTERNAL_DIFF=\"difft --background=dark\" git log -p --ext-diff'";

View File

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
let
secrets = "${config.home.homeDirectory}/dotfiles/nix-conf/secrets/home.json";
email = builtins.exec [ "sops" "-d" "--extract" ''["email"]'' secrets ];
otmEmail = builtins.exec [ "sops" "-d" "--extract" ''["otm_email"]'' secrets ];
in
{
imports = [
./includes/darwin.nix
@ -14,9 +19,10 @@
programs.git = {
signing.signByDefault = lib.mkForce false;
userEmail = lib.mkForce otmEmail;
includes = [
{ path = "~/.gitconfig-personal"; condition = "gitdir:~/src/personal/"; }
{ contents = { commit.gpgSign = true; }; condition = "gitdir:~/src/personal/"; }
#{ path = "~/.gitconfig-personal"; condition = "gitdir:~/src/personal/"; }
{ contents = { commit.gpgSign = true; user.email = email; }; condition = "gitdir:~/src/personal/"; }
];
extraConfig = {
github.user = "david-morgan-otm";

View File

@ -0,0 +1,21 @@
{
"email": "ENC[AES256_GCM,data:JucGARLeoO/hyIMJ7lMkuBbOYwKEUOY=,iv:4BLS8UKliUMlaWiozcri/djggBusdKy7ndm6mAL+E40=,tag:/0qaF1ZN7rbxEF6c0doJlg==,type:str]",
"otm_email": "ENC[AES256_GCM,data:TtM2XS6qbZ7aJ/bDUWVmXtMLJ4X0BhVTahuIqrXf,iv:juQg3C7J/1rB70gO2JhaQn/LpNAd4sBxIB0X+HF9Wdg=,tag:FPkR1iFI+Xr+z124054Qvg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1w7kjp0qdgfyg9cyj5w4qc4fc9qz3w65xw2veazesfgdenqrd3ucqsc5ejv",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSREJ0d0ovTG1rNlc5UE1G\ncHRYQXRpVERpc1BRNkYrOE4wUUM3dythd2xJCjhxd1BNbFU3L1FKRlZ6T3Zkc0xp\nOWVGa01vaHU3OVgyNUNKMS8rTTJtd3cKLS0tIEVUbDgvSXNUem9RRks4bldTOTRN\nNUdMWlN5cVlGbUFzWjZMNDdUWStRZGMKcsIyTckmsm1Okuhve7Dyo+yYszKhlt4/\nFEjgvsGC7bffAlQKSWQnXjjXgXUYBipPTtsWJhuud0WW/HSVKoIQgw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2022-11-24T15:02:45Z",
"mac": "ENC[AES256_GCM,data:tQFuairIjOZR25cYW6iZrbEDZiwVqyp4zu5Dm5o83qY8jj4IXqrgzsIjdFjTfPBJzUhpX0JCRz4B/TKXEWX4C+2FL3b1qPQRzOG8zc+oBICmPQkLq9WNlcTzigEzKlcUVuO3wgi72CmSaLPFdiiGVj411v13XJHwmO/7gvRAVL8=,iv:pddUtAK5PdPEN8nx9ZucYQcDNxgGFpewaEWuK5KmBzc=,tag:M2N3daB0WKYQrN29bSl1/A==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}

View File

@ -14,7 +14,8 @@ ln -sf ~/dotfiles/.p10k.zsh ~/
ln -sf ~/dotfiles/.emacs.d ~/
mkdir ~/.config/nix
echo "extra-experimental-features = nix-command flakes" > ~/.config/nix/nix.conf
echo "extra-experimental-features = nix-command flakes
allow-unsafe-native-code-during-evaluation = true" > ~/.config/nix/nix.conf
home-manager switch