Jo/puzzlevision
1
0
Fork 0
mirror of https://github.com/Jokiller230/puzzlevision.git synced 2025-10-31 13:50:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

📝 Add sops-nix configuration and documentation

Browse source
This commit is contained in:
Jo 2025-04-28 00:59:32 +02:00
parent 8a69e60c6f
commit 01367c4222
4 changed files with 46 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

20
.sops.yaml Normal file
View file

@ -0,0 +1,20 @@
keys:
- &jo age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
- &absolutesolver age1ajkq0lalyc75tjhdtpx2yshw5y3wt85fwjy24luf69rvpavg33vqw6c3tc
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini|cfg)$
key_groups:
- age:
- *jo
- *absolutesolver
- path_regex: systems/[^/]+/absolutesolver/secrets/.*\.(yaml|env|json|ini|cfg)$
key_groups:
- age:
- *jo
- *absolutesolver
- path_regex: systems/[^/]+/puzzlevision/secrets/.*\.(yaml|env|json|ini|cfg)$
key_groups:
- age:
- *jo

24
README.md
View file

@ -32,6 +32,30 @@ you may use the following command to build a VM.
sudo nixos-rebuild build-vm --flake .#hostname --accept-flake-config sudo nixos-rebuild build-vm --flake .#hostname --accept-flake-config
``` ```
## 🔑 Secrets Management
Secrets are managed by the [sops-nix](https://github.com/Mic92/sops-nix) nixos/home-manager modules respectively.
- General secrets are stored within the `secrets` directory.
- System specific secrets are stored within their respective `systems/<system_type>/<system_name>/secrets` directory.
The following command may be used to convert the SSH host key of a new machine to an age key:
```sh
nix-shell -p ssh-to-age --run 'ssh-keyscan example.com | ssh-to-age'
```
Additionally, the following command may be used to create a new sops secret file:
```sh
nix-shell -p sops --run "sops secrets/example.yaml"
```
Lastly, when adding new systems, make sure to update any required secret files with the following command:
```sh
nix-shell -p sops --run "sops updatekeys secrets/example.yaml"
```
## 📝 Goals and improvements ## 📝 Goals and improvements
The main goals of this rewritten flake are: The main goals of this rewritten flake are:

1
flake.nix
View file

@ -19,6 +19,7 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
easy-hosts.url = "github:tgirlcloud/easy-hosts"; easy-hosts.url = "github:tgirlcloud/easy-hosts";
sops-nix.url = "github:Mic92/sops-nix";
flake-parts = { flake-parts = {
url = "github:hercules-ci/flake-parts"; url = "github:hercules-ci/flake-parts";

1
modules/flake/systems.nix
View file

@ -16,6 +16,7 @@
modules = modules =
(lib.optionals (class == "nixos") [ (lib.optionals (class == "nixos") [
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops
]) ])
++ (self.lib.dirToModuleList ../${class}); # Import modules based on current classname. ++ (self.lib.dirToModuleList ../${class}); # Import modules based on current classname.
}; };