teesh/dotfiles
2
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: soaps

Browse source
This commit is contained in:
Teesh 2026-02-02 17:22:40 +02:00
parent 9846d0680a
commit 462c8ea585
7 changed files with 108 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
.sops.yaml Normal file
View file

@ -0,0 +1,11 @@
keys:
- &admin_teesh age1fdrtfvf3ywarc4sq7jjc5d6elas3fr73cfenkkyyj0ck6z9x2d0qlpn92h
- &host_taki age1crm9ztzjuhg8yeudnqnrg9ljzc88x0tr79srjtyvt5vxnevpveaq9ggk7d
- &host_krembo age16yxzdjmlcwhkx3azmczuq9lvwyzsj6xvfpklp09aya2nwl7rfatsd7jcvs
creation_rules:
- path_regex: secrets.(yaml|json|env|ini)$
key_groups:
- age:
- *admin_teesh
- *host_taki
- *host_krembo

21
flake.lock generated
View file

@ -446,10 +446,31 @@
"niri-flake": "niri-flake", "niri-flake": "niri-flake",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"noctalia": "noctalia", "noctalia": "noctalia",
"sops-nix": "sops-nix",
"spicetify-nix": "spicetify-nix", "spicetify-nix": "spicetify-nix",
"stylix": "stylix" "stylix": "stylix"
} }
}, },
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769921679,
"narHash": "sha256-twBMKGQvaztZQxFxbZnkg7y/50BW9yjtCBWwdjtOZew=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "1e89149dcfc229e7e2ae24a8030f124a31e4f24f",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"spicetify-nix": { "spicetify-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_4",

5
flake.nix
View file

@ -32,6 +32,11 @@
}; };
spicetify-nix.url = "github:Gerg-L/spicetify-nix"; spicetify-nix.url = "github:Gerg-L/spicetify-nix";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = inputs@{ flake-parts, ... }: outputs = inputs@{ flake-parts, ... }:

20
modules/base/sops.nix Normal file
View file

@ -0,0 +1,20 @@
{ inputs, ... }:
{
flake.modules.nixos.base = { pkgs, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
];
sops.defaultSopsFile = ../../secrets.yaml;
sops.age = {
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
environment.systemPackages = with pkgs; [
sops
age
];
};
}

6
modules/desktop/apps/halloy.nix
View file

@ -3,6 +3,10 @@
{ {
flake.modules.nixos.desktop = { pkgs, ... }: { flake.modules.nixos.desktop = { pkgs, ... }: {
environment.systemPackages = [ pkgs.halloy ]; environment.systemPackages = [ pkgs.halloy ];
sops.secrets."irc/password" = {
owner = config.flake.meta.user.name;
};
}; };
flake.modules.homeManager.desktop = { lib, ... }: { flake.modules.homeManager.desktop = { lib, ... }: {
@ -25,7 +29,7 @@
sasl.plain = sasl.plain =
lib.mkIf (config.flake.meta.irc.server.isBouncer or false) { lib.mkIf (config.flake.meta.irc.server.isBouncer or false) {
username = config.flake.meta.user.name; username = config.flake.meta.user.name;
password = config.flake.meta.irc.password; # dont commit this yet, please use sops-nix password_file = "/run/secrets/irc/password";
}; };
}; };

12
modules/server/soju.nix
View file

@ -1,4 +1,4 @@
{ ... }: { config, ... }:
{ {
flake.modules.nixos.server = { flake.modules.nixos.server = {
@ -6,5 +6,15 @@
services.soju.listen = [ services.soju.listen = [
"irc+insecure://0.0.0.0:6667" "irc+insecure://0.0.0.0:6667"
]; ];
# we may not use this in the configuration, however
# we still declare this for the sysadmin to then go and
# create the user using:
#
# sojuctl user create -name ${config.flake.meta.user.name} -password $(cat /run/secrets/irc/password)
# or whatever, i dont exactly remember the command
sops.secrets."irc/password" = {
owner = config.flake.meta.user.name;
};
}; };
} }

35
secrets.yaml Normal file
View file

@ -0,0 +1,35 @@
irc:
password: ENC[AES256_GCM,data:2ygTfVViSUw=,iv:Gj/43g2FPStdaxhvPt/cFZYxprmw1GeCPLr1X2hu5JU=,tag:EMMYsLI7az9r3rTc+YzRwA==,type:str]
sops:
age:
- recipient: age1fdrtfvf3ywarc4sq7jjc5d6elas3fr73cfenkkyyj0ck6z9x2d0qlpn92h
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTmJ3TW04SnlKQWcrUy83
YW1NbFZOaXNQODFNUHl2UThkb3dleWZsTjBVClVOWXN1UE81dW1kZmdOTVF5bUxt
NkRidGJzbFVkeXJnV1pUUmhPZTVsQlkKLS0tIExoK2ZxMmFsQlR5UVVlbjdTa2h1
djNyL29KcThBNGRLdFVUWndJb013bncKWHJy/o7WwCofBVDDDcCBlJEO6HN8EIO7
1UiSceMgS/E3dZCf5rDvMvkt98LWpFN9apzvJvVS5FHyksOFT3ZA+w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1crm9ztzjuhg8yeudnqnrg9ljzc88x0tr79srjtyvt5vxnevpveaq9ggk7d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuUEJnY2M2WDcxNlIxUWZX
R3pJSFE3QnJkR2RCSzh6cHJZTVV3ZytJVDFVCjFjWjFIbU81VVVHS2JQcUNjd2sw
c3R0NEtXMmVuTEpsMDg4a2hvZkcrS3MKLS0tIHJqN0dPRTRRUnByRHZTckN5L1Bt
bWdMUjU5SHhicnU5a3lZNTdrMkh6ODgKJJeQx93EN6VbWLQWoZylt62ZLhyRxP6c
zMx8NSmbaCLO+3FrzFK7OUOZV6r9U2T6Ec6yNypstGRjD5JrATwoGg==
-----END AGE ENCRYPTED FILE-----
- recipient: age16yxzdjmlcwhkx3azmczuq9lvwyzsj6xvfpklp09aya2nwl7rfatsd7jcvs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiM2V6eFVvTHVMbFk1QXlC
T3RDWHJWbS8rcW5kTEE5elBtWnoyUExQN2tJClpJNWdWZFRtbXBmZCtVR3RNVGFx
QmpQRkZudk5WOC9CT3BjY0I4UkZnc3MKLS0tIE5GaEJrTDhTWEhMYjRDYXFWMVdX
MFp0UW1HSW9MbmppcHlNM25CaFhqOWcKppF0dE4YNh+mN1tyZju4zxM6ZFBSKx9U
cGYtUemtt4s9ko3hPt8ZM/ysKOeZgnYoeG7QQnwSoF3F+/gurvb0Bg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-02T14:10:01Z"
mac: ENC[AES256_GCM,data:+9LkPoOVneK1k8SionYYVbl/+4Ulxc7xeKKlRWOsERc7uGrnj1ED+yROrhhTcKJuzlNdi/1xjJPpw7Suks3+vArPH2mO1rA5yX5PihSGr8enjLTPYa7gcRD55vJ2HyEhyr1KhbeqZXr98yRZVzrQzG+Zhb4KMpn4qoWWg0glbp4=,iv:AsNYRTWOa1az3eYyPz2IFcqDX4jqtQdbCBbo8o4QXDU=,tag:ExEl0qW4Xab6hSr7jwGq7Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0