Bladesy/nixos-config
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add sb1 to sv1

Browse Source
This commit is contained in:
Bladesy 2025-01-01 22:36:57 +00:00
parent 5f37f63af2
commit 00872d2086
5 changed files with 59 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml Normal file
View File

@ -0,0 +1,7 @@
keys:
- &sv1 age1zr5m64rzl8r5pk5cnwcfycc8ze09lx4xqa6s0cpkf24gwwxxpy2sltfsug
creation_rules:
- path_regex: library/secrets/.*.yaml
key_groups:
- age:
- *sv1

1
library/default.nix
View File

@ -3,4 +3,5 @@
nixosSystems = lib.callFragment ./nixosSystems.nix {}; nixosSystems = lib.callFragment ./nixosSystems.nix {};
sshKeys = lib.callFragment ./sshKeys.nix {}; sshKeys = lib.callFragment ./sshKeys.nix {};
secrets = lib.callFragment ./secrets.nix {};
} }

3
library/secrets/default.nix Normal file
View File

@ -0,0 +1,3 @@
{
sb1 = ./sb1.yaml;
}

22
library/secrets/sb1.yaml Normal file
View File

@ -0,0 +1,22 @@
sb1-username: ENC[AES256_GCM,data:c5Myt2AdnA==,iv:q36larVwGrBiCHBaUu54QdJggeL22QzOwkfiJfQjsVE=,tag:qsVj/akHjHZwjvnvaJRBEw==,type:str]
sb1-password: ENC[AES256_GCM,data:766xhD3hcwFM9pyu53uYMg==,iv:HYtfnUvl46N/z5UUTIz337rq/kAHJcvgAcMbVnluik0=,tag:1oSSB1UqQIWmh7PJGO+YfQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1zr5m64rzl8r5pk5cnwcfycc8ze09lx4xqa6s0cpkf24gwwxxpy2sltfsug
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdlpSYXhOdndtS0Y0QTRz
N2pxczhIQVBWSnV1dnY3WDVVRlErYnh4OWdnClRUSjVXeWMrTmxWVEVGT0V6YUMr
V2ovSVhpcmRIN3ljWUx0cmJnSnBzMzAKLS0tIHBNalN3emcrbjZZcytoVFgyQTh2
elREcXRxeGdVTW1TZGtKelVURkdlWW8KSWpXIAL0Vb1a3un8WIcjMNbIbR41VcK2
604AZYjooB6OzX2sOkGOOAIvB17S2nesL/nQUobWkM8bQSuH/TgR5g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-01T22:35:24Z"
mac: ENC[AES256_GCM,data:PH0lfE79d1ZuE0YyMZuWhpZNu1OHh+9JMNbr66RJoRRPpLa134Y6mQE+PzZXOZ0PR2mT+VOrkNhNRhzEhr79oScM0d3ahBfKVY8VcNpvP34Llb9PQWPAZpQ5moa9o6g850bLrXl3XolLPEMpZg4BVa5EzFjo9BXNbuSY/zoW2x0=,iv:my+mb+qbjDs3iHdmaEptylgHbNu7a6zwHx2NEhlwi1Q=,tag:YfEYhl4QOulNbKALLB8ylg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

26
modules/sv1.nix
View File

@ -6,6 +6,7 @@
imports = with lib.nixosModules; [ imports = with lib.nixosModules; [
disko disko
impermanence impermanence
sops
]; ];
disko.devices.disk.NixOS = { disko.devices.disk.NixOS = {
@ -98,6 +99,31 @@
fileSystems = { fileSystems = {
"/persist".neededForBoot = true; "/persist".neededForBoot = true;
"/var/log".neededForBoot = true; "/var/log".neededForBoot = true;
"/mnt/sb1" = {
device = "//u424050.your-storagebox.de/backup";
fsType = "cifs";
options = [
"noauto"
"x-systemd.automount"
"credentials=${config.sops.templates.sb1-credentials.path}"
];
};
};
sops = {
gnupg.sshKeyPaths = [];
age = {
sshKeyPaths = [];
keyFile = "/persist/sops.age";
};
secrets = {
sb1-username.sopsFile = lib.secrets.sb1;
sb1-password.sopsFile = lib.secrets.sb1;
};
templates.sb1-credentials.content = ''
username="${config.sops.placeholder.sb1-username}"
password="${config.sops.placeholder.sb1-password}"
'';
}; };
boot = { boot = {