sops homemanager

2026-03-24 18:57:04 +01:00
parent aebfb0b480
commit 097078172e
10 changed files with 70 additions and 8 deletions
--- a/home/default.nix
+++ b/home/default.nix
@@ -48,6 +48,7 @@

      # sops
      sops
+      age
    ];

    stateVersion = "23.11";
--- a/home/extras/sops-HM.nix
+++ b/home/extras/sops-HM.nix
@@ -0,0 +1,9 @@
+{ ... }:
+
+{
+  sops = {
+    defaultSopsFile = "./secrets/secrets.yaml";
+    defaultSopsFormat = "yaml";
+    age.keyFile = "/etc/sops/keys.txt";
+  };
+}
--- a/home/extras/sops.nix
+++ b/home/extras/sops.nix
@@ -0,0 +1,10 @@
+{ config, ... }:
+
+{
+  sops = {
+    defaultSopsFile = "./secrets/secrets.yaml";
+    defaultSopsFormat = "yaml";
+    age.keyFile = "/etc/sops/keys.txt";
+    secrets.user_password.neededForUsers = true;
+  };
+}
--- a/home/programs/git.nix
+++ b/home/programs/git.nix
@@ -1,4 +1,9 @@
-{ lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:

 {
  home.packages = with pkgs; [
@@ -15,12 +20,12 @@
          defaultBranch = "main";
        };
        user = {
-          email = "elias.schroeter@e.email";
-          name = "Elias Schröter";
+          email = config.sops.secrets.git.email.path;
+          name = config.sops.secrets.git.name.path;
        };
      };
      signing = {
-        key = "04F3A2ED4B33F254";
+        key = config.sops.secrets.git.signingkey.path;
        format = lib.mkForce "openpgp";
        signByDefault = true;
      };
--- a/home/programs/zsh.nix
+++ b/home/programs/zsh.nix
@@ -13,12 +13,17 @@
    enable = true;
    dotDir = "${config.xdg.configHome}/zsh";
    shellAliases = {
+      encryptSops = "sops --age age1ammls20r5t3dx4cvhpt8n5dejxcpdmpqt37sa9r9fuztd8c43g4sz889zd -e -i secrets/secrets.yaml";
      update = "sudo nixos-rebuild switch";
      conWG = "ssh elias@logout.nonagon.dev -p 6969";
      conWS = "ssh elias@192.168.31.200";
      setupPC = "wlr-randr --output HDMI-A-2 --on --mode 1920x1080 --pos 0,0;wlr-randr --output DVI-D-1 --on --mode 1920x1080 --pos 1920,0;wlr-randr --output DP-2 --on --mode 1920x1080 --pos 3840,0 --primary";
    };
    autosuggestion.enable = true;
+    localVariables = {
+      EDITOR = "nvim";
+      SOPS_AGE_KEY_FILE = "/etc/sops/keys.txt";
+    };
    enableCompletion = true;
    enableVteIntegration = true;
    history = {
--- a/home/services/ssh-agent.nix
+++ b/home/services/ssh-agent.nix
@@ -1,6 +1,5 @@
 { ... }:

 {
-  services.ssh-agent.enable = true;
+  services.ssh-agent.enable = false;
 }
-