Set up sops-nix secrets

2025-11-06 21:45:47 +01:00 · 2025-11-06 21:45:47 +01:00 · 3fb3b1e521
parent 43f5cc701e
commit 3fb3b1e521
3 changed files with 76 additions and 14 deletions
--- a/.config/home-manager/flake.lock
+++ b/.config/home-manager/flake.lock
@ -8,11 +8,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1761710614,
-        "narHash": "sha256-uj3jqMdY8fD8d4gE5jzdJKHCXcOrlAedsE+l2C0WaUE=",
+        "lastModified": 1762315418,
+        "narHash": "sha256-mLJeHkYvojbq/1vot6IXq85l0sN9KlAPbRzYo4Mnc4g=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "31620aefadf6b2ade64195f7be8554c9a49f6a5b",
+        "rev": "ccdfe1d5d7da86941ac363b5bf2b5bc88b15def2",
        "type": "gitlab"
      },
      "original": {
@ -47,11 +47,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1761666354,
-        "narHash": "sha256-fHr+tIYBJccNF8QWqgowfRmEAtAMSt1deZIRNKL8A7c=",
+        "lastModified": 1762351818,
+        "narHash": "sha256-0ptUDbYwxv1kk/uzEX4+NJjY2e16MaAhtzAOJ6K0TG0=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "ca2ab1d877a24d5a437dad62f56b8b2c02e964e9",
+        "rev": "b959c67241cae17fc9e4ee7eaf13dfa8512477ea",
        "type": "github"
      },
      "original": {
@ -60,6 +60,24 @@
        "type": "github"
      }
    },
+    "nix-secrets": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1762463676,
+        "narHash": "sha256-PMNLD8PPcei/1SwNph+CVTBw+3SvlN2R/CnTUFJO5O0=",
+        "ref": "main",
+        "rev": "183554d159e1d8ea1f1d2d626b6686ebcb37a612",
+        "shallow": true,
+        "type": "git",
+        "url": "ssh://git@github.com/hektor/nix-secrets"
+      },
+      "original": {
+        "ref": "main",
+        "shallow": true,
+        "type": "git",
+        "url": "ssh://git@github.com/hektor/nix-secrets"
+      }
+    },
    "nixgl": {
      "inputs": {
        "flake-utils": "flake-utils",
@ -68,11 +86,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752054764,
-        "narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=",
+        "lastModified": 1762090880,
+        "narHash": "sha256-fbRQzIGPkjZa83MowjbD2ALaJf9y6KMDdJBQMKFeY/8=",
        "owner": "nix-community",
        "repo": "nixGL",
-        "rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5",
+        "rev": "b6105297e6f0cd041670c3e8628394d4ee247ed5",
        "type": "github"
      },
      "original": {
@ -83,11 +101,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1761373498,
-        "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=",
+        "lastModified": 1762111121,
+        "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce",
+        "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
        "type": "github"
      },
      "original": {
@ -101,8 +119,30 @@
      "inputs": {
        "firefox-addons": "firefox-addons",
        "home-manager": "home-manager",
+        "nix-secrets": "nix-secrets",
        "nixgl": "nixgl",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1760998189,
+        "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
      }
    },
    "systems": {
--- a/.config/home-manager/flake.nix
+++ b/.config/home-manager/flake.nix
@ -7,6 +7,14 @@
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nix-secrets = {
+      url = "git+ssh://git@github.com/hektor/nix-secrets?shallow=1&ref=main";
+      flake = false;
+    };
    nixgl = {
      url = "github:nix-community/nixGL";
      inputs.nixpkgs.follows = "nixpkgs";
@ -40,7 +48,9 @@
          extraSpecialArgs = {
            inherit inputs;
          };
-          modules = [ ./hosts/work ];
+          modules = [
+            ./hosts/work
+          ];
        };
      };
    };
--- a/.config/home-manager/hosts/work/default.nix
+++ b/.config/home-manager/hosts/work/default.nix
@ -6,6 +6,17 @@
 }:

 {
+
+  imports = [ inputs.sops-nix.homeManagerModules.sops ];
+
+  sops = {
+    defaultSopsFile = "${builtins.toString inputs.nix-secrets}/secrets.yaml";
+    defaultSopsFormat = "yaml";
+    age.keyFile = "/home/hektor/.config/sops/age/keys.txt";
+
+    secrets."test" = { };
+  };
+
  nixGL = {
    packages = inputs.nixgl.packages;
    defaultWrapper = "mesa";
@ -19,6 +30,7 @@
  programs.firefox = import ../../modules/firefox.nix {
    inherit inputs;
    inherit pkgs;
+    inherit config;
  };
  programs.git = import ../../modules/git.nix;
  programs.keepassxc = import ../../modules/keepassxc.nix;