blahai/nyx
1
0
Fork 0
mirror of https://github.com/blahai/nyx.git synced 2025-01-18 11:00:20 +00:00
Code Issues Projects Releases Packages Wiki Activity

sops

Browse source
This commit is contained in:
blahai 2024-10-25 16:45:25 +03:00
parent a14da46660
commit 5598e96a80
Signed by: blahai
SSH key fingerprint: SHA256:ZfCryi+V64yG+vC1ZIIsqgvBCmA31tTi7RJ6M8CvpRc
7 changed files with 76 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &primary age15lv6n403mscyyrfe9a059n5064ncse66taw89mpcf6ut55zfsq0qfh5n02
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- *primary

3
hosts/nyx/configuration.nix
View file

@ -193,6 +193,9 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
age
ssh-to-age
sops
cloudflared cloudflared
inputs.zen-browser.packages."${pkgs.system}".specific inputs.zen-browser.packages."${pkgs.system}".specific
btrfs-progs btrfs-progs

1
modules/nixos/default.nix
View file

@ -2,5 +2,6 @@
imports = [ imports = [
./catppuccin.nix ./catppuccin.nix
./games/default.nix ./games/default.nix
./services/default.nix
]; ];
} }

24
modules/nixos/services/cloudflared.nix Normal file
View file

@ -0,0 +1,24 @@
{ pkgs, inputs, ... }:
let
secrets = import ../../../secrets/secrets.nix;
in
{
users.users.cloudflared = {
group = "cloudflared";
isSystemUser = true;
};
users.groups.cloudflared = { };
systemd.services.my_tunnel = {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" "systemd-resolved.service" ];
serviceConfig = {
ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token=${secrets.cloudflared.nyx.token}";
Restart = "always";
User = "cloudflared";
Group = "cloudflared";
};
};
}

6
modules/nixos/services/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }:
{
imports = [
./cloudflared.nix
];
}

12
secrets/secrets.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, inputs, config, ... }:
{
imports = [
inputs.sops-nix.nixosModules.sops
];
sops = {
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
age.keyFile = "/home/pingu/.config/sops/age/keys.txt";
};
}

23
secrets/secrets.yaml Normal file
View file

@ -0,0 +1,23 @@
cloudflared:
nyx:
token: ENC[AES256_GCM,data:WqwknTZwdxjlGbCbbU2S34L8IjX+qVhTbA6NgPcLdEl6bGOlqZSMVCcICiR/X5R5gikz/iJoTJ4T1ECP+clSKuc124VJrCfB9AggB8CXTEgzdCWXyzpP9svcZjmJlkTwc6pHdeM3SgolXS8E05EY535rt4E2mT4xd9PhUfD4CE7Im9ct8aV917iFc68Zg0JhTXsZtxiciDPakHJfe50Ix/GdDSS1d0CJPK9hOop6rB7f9Qwz0lmIKQ==,iv:MySjVlFbj52J0geGlFBL2GAtRZzb0ImtewADTkgtp6w=,tag:hWccRob0R/n8bbNA3PdADg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age15lv6n403mscyyrfe9a059n5064ncse66taw89mpcf6ut55zfsq0qfh5n02
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVMEMzRGdiQTNXMzFoRi95
QlZ0UTRmQ3JyQktYbzJ2cWxaakhKZzFmaXc4CmRYK1VaamowbnZvTU4yN3ZHTTgx
M1MxMGFSTFl0b1VydnVaZ3RzeUZGYzAKLS0tIGJqRGpSdDVRQzhxZFo5UUhGZWtS
dERTMHFTUHBXNkczcVcrb0lTVXdTcDQKcgynRtVEs27vbtstdYj323Jn85U8o5Fd
fxGFj88mpFaipMU9IT9xXjzJhqKOmKqOVVw/M8tD8oEh8Chtj8y3PQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-25T12:15:03Z"
mac: ENC[AES256_GCM,data:lZhWh6CUtbCV73Iued+i4HcokDUjFb4NpdG3UH2lzOJ+MigYUX7QiRPavjfI5x7hXm0aNB+kKlZvGyklYJJ7yskYR82MfcWaCsZau0j1y/sIQEGSEK7dPoE39PnttG+m2KbH/ln9Df604NiiB4TUu68x6yhXZK53lGUBF9hk+T4=,iv:GpdU/VY+OZmoWap/s404t6xCug7OXBnqHljljXOE2a4=,tag:Q7lSt+MBANzQa202oIjrMA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1