Merge remote-tracking branch 'refs/remotes/origin/main'

2025-12-06 08:07:45 +00:00 · 2025-01-17 20:52:55 +00:00 · 2025-01-17 20:52:55 +00:00 · 5eb3ceba99
commit 5eb3ceba99
parent 10dc2af1a2 967becfdc9
10 changed files with 100 additions and 94 deletions
--- a/.envrc
+++ b/.envrc
@ -0,0 +1 @@
+use nix
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,6 @@
 # nixos-rebuild buildvm --flake .#
 result
 *.qcow2
+
+# direnv
+.direnv
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,8 @@
+keys:
+  - &muon age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc
+
+creation_rules:
+  - path_regex: modules/nixos/sops/secrets.ya?ml$
+    key_groups:
+    - age:
+      - *muon
--- a/flake.lock
+++ b/flake.lock
@ -133,24 +133,6 @@
      "inputs": {
        "systems": "systems"
      },
-      "locked": {
-        "lastModified": 1726560853,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_2": {
-      "inputs": {
-        "systems": "systems_2"
-      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
@ -165,9 +147,9 @@
        "type": "github"
      }
    },
-    "flake-utils_3": {
+    "flake-utils_2": {
      "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1681202837,
@ -183,7 +165,7 @@
        "type": "github"
      }
    },
-    "flake-utils_4": {
+    "flake-utils_3": {
      "inputs": {
        "systems": [
          "stylix",
@ -204,21 +186,6 @@
        "type": "github"
      }
    },
-    "flakey-profile": {
-      "locked": {
-        "lastModified": 1712898590,
-        "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
-        "owner": "lf-",
-        "repo": "flakey-profile",
-        "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "lf-",
-        "repo": "flakey-profile",
-        "type": "github"
-      }
-    },
    "fromYaml": {
      "flake": false,
      "locked": {
@ -346,45 +313,10 @@
        "type": "github"
      }
    },
-    "lix": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1729298361,
-        "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
-        "rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
-        "type": "tarball",
-        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
-      }
-    },
-    "lix-module": {
-      "inputs": {
-        "flake-utils": "flake-utils",
-        "flakey-profile": "flakey-profile",
-        "lix": "lix",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1732605668,
-        "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=",
-        "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe",
-        "type": "tarball",
-        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"
-      }
-    },
    "nix-alien": {
      "inputs": {
        "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils",
        "nix-filter": "nix-filter",
        "nix-index-database": "nix-index-database",
        "nixpkgs": "nixpkgs"
@ -442,7 +374,7 @@
    "nix-minecraft": {
      "inputs": {
        "flake-compat": "flake-compat_2",
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_2",
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
@ -526,13 +458,33 @@
    "root": {
      "inputs": {
        "home-manager": "home-manager",
-        "lix-module": "lix-module",
        "nix-alien": "nix-alien",
        "nix-minecraft": "nix-minecraft",
        "nixpkgs": "nixpkgs_3",
+        "sops-nix": "sops-nix",
        "stylix": "stylix"
      }
    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1736808430,
+        "narHash": "sha256-wlgdf/n7bJMLBheqt1jmPoxJFrUP6FByKQFXuM9YvIk=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "553c7cb22fed19fd60eb310423fdc93045c51ba8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
+      }
+    },
    "stylix": {
      "inputs": {
        "base16": "base16",
@ -541,12 +493,12 @@
        "base16-vim": "base16-vim",
        "firefox-gnome-theme": "firefox-gnome-theme",
        "flake-compat": "flake-compat_3",
-        "flake-utils": "flake-utils_4",
+        "flake-utils": "flake-utils_3",
        "git-hooks": "git-hooks",
        "gnome-shell": "gnome-shell",
        "home-manager": "home-manager_2",
        "nixpkgs": "nixpkgs_4",
-        "systems": "systems_4",
+        "systems": "systems_3",
        "tinted-foot": "tinted-foot",
        "tinted-kitty": "tinted-kitty",
        "tinted-tmux": "tinted-tmux",
@ -611,21 +563,6 @@
        "type": "github"
      }
    },
-    "systems_4": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
    "tinted-foot": {
      "flake": false,
      "locked": {
--- a/flake.nix
+++ b/flake.nix
@ -5,6 +5,9 @@
    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";

+    sops-nix.url = "github:Mic92/sops-nix";
+    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
+
    stylix.url = "github:danth/stylix";
    nix-minecraft.url = "git+https://codeberg.org/nix-astral/nix-minecraft.git";
    nix-alien.url = "github:thiagokokada/nix-alien";
--- a/modules/nixos/core/user.nix
+++ b/modules/nixos/core/user.nix
@ -9,9 +9,8 @@
      isNormalUser = true;
      extraGroups = [ "wheel" ];
      initialPassword = "changeme";
-      shell = if config.programs.zsh.enable
-        then pkgs.zsh
-        else pkgs.bash;
+      hashedPasswordFile = config.sops.secrets.muon-password.path;
+      shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
    };
  };
 }
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -5,6 +5,7 @@
    ./desktop
    ./theme
    ./server
+    ./sops

    # </3
    ./unfree
--- a/modules/nixos/sops/default.nix
+++ b/modules/nixos/sops/default.nix
@ -0,0 +1,20 @@
+{ pkgs, lib, config, inputs, system, ... }:
+let cfg = config.mods;
+
+in {
+  # options.mods.home.file = lib.mkOption {
+  #   description = "home-manager configuration file";
+  # };
+
+  # config = {
+
+  # };
+  #
+
+  imports = [ inputs.sops-nix.nixosModules.sops ];
+  sops = {
+    age.keyFile = "/home/muon/.config/sops/age/keys.txt";
+    defaultSopsFile = ./secrets.yaml;
+    secrets.muon-password = { };
+  };
+}
--- a/modules/nixos/sops/secrets.yaml
+++ b/modules/nixos/sops/secrets.yaml
@ -0,0 +1,21 @@
+muon-password: ENC[AES256_GCM,data:K2ifHvs8hQXK4//FXf3vfDliiklx0dTn8gpirTBT07Q1XIMJR1Vgn/f1uo62bu4a/bknAR5gEBfd/cSRUTdBBxd7Lec2k3fxQg==,iv:j1JTzyfjcKEqh+PK5tyCWBMV7MpwvIG9MJ9eiajksxM=,tag:ZcSEVBW1UOCvE40yIsaBFQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4czNjbDZ4aDFsVjVZdmRU
+            bVpVWDh5MnN6U2dWSjJlbWN4QmdJN21lNWxFCmI4aTBFL2lkNlZCbldza0h6U0Z1
+            K1JsbW9raEZscFVvbXNzeTlQMXJwaDAKLS0tIG0yaHF5MTdyZVg3R3ZNWk1tRDFa
+            YXdkR3V3Y25XSks2Y2lsZXJXR2lKUFUKHB6YzHlCj6x5Ron+NwLUi0iFYlVGPaYM
+            bRoIx0S9huJwHI3sNNaiuCVg+H0Mctfw4VFfeefoVYDr3o72wBRIkw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-17T20:33:28Z"
+    mac: ENC[AES256_GCM,data:f0BoA4bG64g1WPcLl9Qd2G3VbA5L5+VTK2/+nxcklQZrDzsr2gOQXK8WpiccuZ0CyU1UaLhSTAEfMb9N2sA3MISGikPyWYFQVA/TM+wfaDCnrnEgbuvtBuEMpNp54bwgF4ME2h9k3e3HcJlNze65z52je3tBCxe6siYEKVgB3yg=,iv:VC8BaJLS46yXCZL1gmSrElmqLM/L+sCqTuUkhhvYUBc=,tag:aK164Iq91mUOx8yVyUZN2Q==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.2
--- a/shell.nix
+++ b/shell.nix
@ -0,0 +1,13 @@
+{ pkgs ? import <nixpkgs> { }, ... }: {
+  default = pkgs.mkShell {
+    NIX_CONFIG =
+      "extra-experimental-features = nix-command flakes ca-derivations";
+    nativeBuildInputs = with pkgs; [
+      nix
+      git
+
+      sops
+      age
+    ];
+  };
+}