matt1432/nixos-configs
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

feat: use private sops repo for secrets

Browse source
This commit is contained in:
matt1432 2023-12-05 20:15:27 -05:00
parent 956e845635
commit 117162cd5d
3 changed files with 89 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
devices/oksys/modules/caddy.nix
View file

@ -5,14 +5,14 @@
... ...
}: let }: let
caddy = caddy-plugins.packages.${pkgs.system}.default; caddy = caddy-plugins.packages.${pkgs.system}.default;
# TODO: use agenix?
verySecretToken = "TODO";
in { in {
imports = [caddy-plugins.nixosModules.default]; imports = [caddy-plugins.nixosModules.default];
environment.systemPackages = [caddy]; environment.systemPackages = [caddy];
users.users.${config.vars.user}.extraGroups = ["caddy"]; users.users.${config.vars.user}.extraGroups = ["caddy"];
systemd.services.caddy.serviceConfig.EnvironmentFile =
config.sops.secrets.caddy-cloudflare.path;
services.caddy = { services.caddy = {
enable = true; enable = true;
enableReload = false; enableReload = false;
@ -28,7 +28,7 @@ in {
serverAliases = ["*.nelim.org"]; serverAliases = ["*.nelim.org"];
extraConfig = '' extraConfig = ''
tls { tls {
dns cloudflare ${verySecretToken} dns cloudflare {$TLS}
resolvers 1.0.0.1 resolvers 1.0.0.1
} }
''; '';

100
flake.lock
View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1701731887, "lastModified": 1701806563,
"narHash": "sha256-xgfThireUGD8/X6OYKXOpdGAkTUgPbpwW2FySBIjURc=", "narHash": "sha256-HItBkG0whb7nVxBPSHm6ChD92Ua7i6YQQ9GU3skKaak=",
"owner": "Aylur", "owner": "Aylur",
"repo": "ags", "repo": "ags",
"rev": "93af4d4cbbc190c1116a02cdea99d327b0c5cec2", "rev": "909b3011de4dc9a89fe7055766d47d48f00df28c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -27,16 +27,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1701596842, "lastModified": 1701823507,
"narHash": "sha256-QUtozR8Bp/kZ1zlTsnR7rDtFEqEfhmuR93a3tprsEhQ=", "narHash": "sha256-C56+hIpWjM5wVZZJRY+jGSJWAXs2rUimbZRITyjJk3I=",
"owner": "matt1432", "owner": "matt1432",
"repo": "nixos-caddy-patched", "repo": "nixos-caddy-cloudflare",
"rev": "7f996b07912ac4ce592de89a4a434da427b0ede9", "rev": "aed7715b5c4961c3eb1d741a6ee92cd71a754234",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "matt1432", "owner": "matt1432",
"repo": "nixos-caddy-patched", "repo": "nixos-caddy-cloudflare",
"type": "github" "type": "github"
} }
}, },
@ -358,11 +358,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1701790877, "lastModified": 1701819597,
"narHash": "sha256-xNjSypJirandCE1/OLFwndGYhFdoSqcbjW77rVZ86uI=", "narHash": "sha256-X0K2v/SOMQj18/O9daDlizlnlGRDMWuuGoU3jm06b7k=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "37d7a8c64dfabfe81330c819c24fd6b13b292194", "rev": "8bd86cf37e245088433156796f1bc72542ca09ad",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -426,11 +426,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1701734705, "lastModified": 1701821276,
"narHash": "sha256-Zf5xsGvxLXmnDEtF2j9ZQ81Ot03vfM8jFtE2hiU4A+E=", "narHash": "sha256-i7SIJRT3eMmhFTu5BG+uVIeOFUUFVbD6nQtpTf4xqkI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "neovim-nightly-overlay", "repo": "neovim-nightly-overlay",
"rev": "692f9f3cbeaf82824961d9d03ef6322792b2a706", "rev": "103e90e0d34fc97632714d573fa9f1dbb3c8be0d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -449,11 +449,11 @@
}, },
"locked": { "locked": {
"dir": "contrib", "dir": "contrib",
"lastModified": 1701729159, "lastModified": 1701818162,
"narHash": "sha256-RrCbMfSdHO3H04WTX5Eo8EH9c+H5hs7bxgD/BoxEtEs=", "narHash": "sha256-FvPz/66+HcAcD8Xg2BZMEQkStNLEkN0P8miFeSRw0oc=",
"owner": "neovim", "owner": "neovim",
"repo": "neovim", "repo": "neovim",
"rev": "c3836e40a2bffbc1d4e06531145b7825788dd818", "rev": "06ff540e1ca25f4c26670f184d4087f6e3188064",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -630,6 +630,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1701568804,
"narHash": "sha256-iwr1fjOCvlirVL/xNvOTwY9kg3L/F3TC/7yh/QszaPI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc01248a9c946953ad4d438b0a626f5c987a93e4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-wayland": { "nixpkgs-wayland": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
@ -749,11 +765,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1701798379, "lastModified": 1701817202,
"narHash": "sha256-o+uFCoZalr5csUdWD84I2ELd78VGxt9+8PZbJXwaHA8=", "narHash": "sha256-ReuTsHGgs99DIO8Gg32Ho9aIKnW0rcZa42ltdHWfkD8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "e3ef2421e85a36a8b5650cfb3cc9096f53059609", "rev": "36cffb929d12255feafaa6ba4d286e13ba41f8e1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -819,9 +835,53 @@
"nur": "nur", "nur": "nur",
"nurl": "nurl", "nurl": "nurl",
"pihole": "pihole", "pihole": "pihole",
"secrets": "secrets",
"tree-sitter-hypr-flake": "tree-sitter-hypr-flake" "tree-sitter-hypr-flake": "tree-sitter-hypr-flake"
} }
}, },
"secrets": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"sops-nix": "sops-nix"
},
"locked": {
"lastModified": 1701824407,
"narHash": "sha256-+7FB+KP6T1Gdw0pLvxmgAdoP3YDPcD5JGjgCDpiXNcg=",
"ref": "refs/heads/main",
"rev": "7968d9603ac78e87d96f568a7e79020f6c6344d8",
"revCount": 3,
"type": "git",
"url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
},
"original": {
"type": "git",
"url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"secrets",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1701728052,
"narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,

5
flake.nix
View file

@ -3,6 +3,7 @@
self, self,
home-manager, home-manager,
nixpkgs, nixpkgs,
secrets,
... ...
}: let }: let
supportedSystems = ["x86_64-linux" "aarch64-linux"]; supportedSystems = ["x86_64-linux" "aarch64-linux"];
@ -36,6 +37,10 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
secrets = {
url = "git+ssh://git@git.nelim.org/matt1432/nixos-secrets";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland"; nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";