diff --git a/.sops.yaml b/.sops.yaml index d930bf4..c615603 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,6 +4,7 @@ keys: - &system_nixnuc age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4 - &system_rainbow_planet age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck - &user_airpuppet age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77 + - &user_bigboy age196gl3k9aphy2mh5kgn50wkzn38m35cus8dqhtva6qcfmmxx3acgs6vx2dg - &user_blue_rock age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d - &user_mightymac age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck - &user_mini_watcher age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq @@ -36,6 +37,11 @@ creation_rules: key_groups: - age: - *user_mini_watcher + - path_regex: home-only/secrets.yaml$ + key_groups: + - age: + - *user_bigboy + - *user_mini_watcher - path_regex: modules/system/common/secrets.yaml$ key_groups: - age: @@ -43,6 +49,7 @@ creation_rules: - *system_nixnuc - *system_rainbow_planet - *user_airpuppet + - *user_bigboy - *user_blue_rock - *user_mightymac - *user_mini_watcher diff --git a/flake.nix b/flake.nix index dc2b467..31f6699 100644 --- a/flake.nix +++ b/flake.nix @@ -129,19 +129,20 @@ ]; }; # end nixosSystem - linuxHomeConfig = system: hostname: username: home-manager.lib.homeManagerConfiguration { - extraSpecialArgs = { inherit genebean-omp-themes hostname username; - pkgs = import nixpkgs { - inherit system; - config = { - allowUnfree = true; - permittedInsecurePackages = [ "electron-21.4.4" ]; - }; - overlays = [ nixpkgs-terraform.overlays.default ]; + linuxHomeConfig = system: username: home-manager.lib.homeManagerConfiguration { + extraSpecialArgs = { inherit genebean-omp-themes username; + + }; + pkgs = import nixpkgs { + inherit system; + config = { + allowUnfree = true; + permittedInsecurePackages = [ "electron-21.4.4" ]; }; + overlays = [ nixpkgs-terraform.overlays.default ]; }; modules = [ - ./modules/home-manager/hosts/${hostname}/${username}.nix + ./modules/home-manager/home-only/${username}.nix { home = { username = "${username}"; @@ -166,7 +167,7 @@ }; homeConfigurations = { - gene = linuxHomeConfig "x86_64-linux" "mini-watcher" "gene"; + gene = linuxHomeConfig "x86_64-linux" "gene"; }; }; } diff --git a/modules/home-manager/common/hm-sops.nix b/modules/home-manager/common/hm-sops.nix index 215aa7c..7e965fa 100644 --- a/modules/home-manager/common/hm-sops.nix +++ b/modules/home-manager/common/hm-sops.nix @@ -1,15 +1,15 @@ -{ pkgs, hostname, username, ... }: { +{ pkgs, username, ... }: { home.packages = with pkgs; [ home-manager ]; sops = { age.keyFile = /home/${username}/.config/sops/age/keys.txt; - defaultSopsFile = ../hosts/${hostname}/secrets.yaml; - secrets = { - local_git_config.path = "/home/${username}/.gitconfig-local"; - local_private_env.path = "/home/${username}/.private-env"; - }; + defaultSopsFile = ../home-only/secrets.yaml; +# secrets = { +# local_git_config.path = "/home/${username}/.gitconfig-local"; +# local_private_env.path = "/home/${username}/.private-env"; +# }; }; } diff --git a/modules/home-manager/home-only/gene.nix b/modules/home-manager/home-only/gene.nix new file mode 100644 index 0000000..a5c6d4d --- /dev/null +++ b/modules/home-manager/home-only/gene.nix @@ -0,0 +1,8 @@ +{ pkgs, genebean-omp-themes, ... }: { + home.stateVersion = "23.11"; + imports = [ + ../common/all-cli.nix + ../common/all-linux.nix + ../common/hm-sops.nix + ]; +} diff --git a/modules/home-manager/home-only/secrets.yaml b/modules/home-manager/home-only/secrets.yaml new file mode 100644 index 0000000..a65672b --- /dev/null +++ b/modules/home-manager/home-only/secrets.yaml @@ -0,0 +1,31 @@ +local_git_config: ENC[AES256_GCM,data:v9UdyFMZN0/8KiEqOLIhvoEcx1boE8/8RPjY4c7sdzm3zQ7u7dSWJ/g=,iv:vgM6f7NJTlQ/XNI3KXRxejLWuS8401Q96Jg/ZI02kFs=,tag:QT9w+URHr/DcN2VlkjHgew==,type:str] +local_private_env: ENC[AES256_GCM,data:jr1mLdz1PF1ymodi5kLpQmYlKCoEmLSTeG/U/w==,iv:GBZClzwlXqmdRbQKOUIqxer+C48Fq0jrKitGFe+zWQk=,tag:czaGBidk0ncIzyYaFaURvA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age196gl3k9aphy2mh5kgn50wkzn38m35cus8dqhtva6qcfmmxx3acgs6vx2dg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4UkFBbTMvLzhrY0lYTVk2 + TXc5bW5EWG1yN1B0N3pnd2tBQXUvYWNCUFc0Ck0xWkk0Z2R3SjgzVmRYRFhBdUht + TU92a2V1Ykd4bFlvV09oeVg3dWM5ZjAKLS0tIFRlM1dRc3IyUENwcUtUeWhyM0NQ + T1VZNGEvdTVFOTRMdVBvdithOHh5UzQK1FQ34gys01POPNTWCagzUixhaSvUsUnk + TD6+msT9JkjhA/KNMFUHomz+cQwyaCS+Wuj6MOHV3z0CzJ9hYs4AOQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWlRHQmVHdnphQVJYMlBD + UERGN1pKdnVjMmhPclBoaStuN1h4eHp0dDFnCkgxa2crM1h5L1pNdXJnTjdXZzht + UjhIUHNDa2lBRllXZVJrY01vOWVPUHcKLS0tIFZaMmg4WlU1S2tXQkkrOVg2b1pm + UTBVTTFzRU1TV1pEUjdLeEQ3VU5DOW8KwEpJ0TH66VK4kLE51UYCYH/k9A659u/t + GuogB7xGp0m8TV07PGa7IjT0uxBgLLjX6KuX69Vr46NApUsfLRydgQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-22T02:18:47Z" + mac: ENC[AES256_GCM,data:UrA/8gblw7aKHlTgmhTRihS7RLUgMUxUvJuI0LdCIsasFvcCOT6lpKNfVlIQWorYfKRpHy1+3QXG/TyHnppoBmYwFON7dB2FOJP14v7a7pnVZXTxHNMvrkp+rK/8wBomGwafZGE2Kmdo26VqJSYV2DLOZDUHq8rrUz99/ueK16w=,iv:kc/1MnOruduiY11MytA5tH3kDpC9/VWH69YSTFVJaDs=,tag:z3Q3m7pXr+PN6regQCjCSQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1