smg1024/nix-darwin
1
0
Fork 0
mirror of https://github.com/smg1024/nix-darwin.git synced 2026-05-22 20:32:59 +09:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: sops-nix configuration

Browse source 
encrypt personal ssh key for git
This commit is contained in:
Poby 2026-03-14 21:22:56 +09:00
parent f86b032c4c
commit 63a3bb6e98
No known key found for this signature in database
10 changed files with 98 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &poby age1qeyrh6e40nek3da4mnj298cy2l3aswe7432us30d2p93akcvp9zqext63j
creation_rules:
- path_regex: secrets/.*\.yaml$
key_groups:
- age:
- *poby

99
flake.lock generated
View file

@ -1,28 +1,5 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs-darwin"
],
"systems": "systems"
},
"locked": {
"lastModified": 1770165109,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
"owner": "ryantm",
"repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"brew-src": {
"flake": false,
"locked": {
@ -41,28 +18,6 @@
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"darwin_2": {
"inputs": {
"nixpkgs": [
"nixpkgs-darwin"
@ -121,27 +76,6 @@
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs-darwin"
@ -288,7 +222,7 @@
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_2"
"systems": "systems"
},
"locked": {
"lastModified": 1773343795,
@ -306,33 +240,38 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"darwin": "darwin_2",
"home-manager": "home-manager_2",
"darwin": "darwin",
"home-manager": "home-manager",
"homebrew-cask": "homebrew-cask",
"homebrew-core": "homebrew-core",
"nix-homebrew": "nix-homebrew",
"nixpkgs": "nixpkgs",
"nixpkgs-darwin": "nixpkgs-darwin",
"nvf": "nvf"
"nvf": "nvf",
"sops-nix": "sops-nix"
}
},
"systems": {
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs-darwin"
]
},
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"lastModified": 1773096132,
"narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems_2": {
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

14
flake.nix
View file

@ -42,9 +42,9 @@
inputs.nixpkgs.follows = "nixpkgs";
};
# TODO: agenix for secrets
agenix = {
url = "github:ryantm/agenix";
# sops-nix for secrets
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs-darwin";
};
};
@ -56,7 +56,7 @@
darwin,
home-manager,
nvf,
agenix,
sops-nix,
nix-homebrew,
homebrew-core,
homebrew-cask,
@ -99,7 +99,6 @@
homebrew.taps = builtins.attrNames config.nix-homebrew.taps;
}
)
agenix.darwinModules.default
home-manager.darwinModules.home-manager
{
home-manager = {
@ -107,7 +106,10 @@
useUserPackages = true;
backupFileExtension = "backup";
extraSpecialArgs = specialArgs;
sharedModules = [ nvf.homeManagerModules.nvf ];
sharedModules = [
nvf.homeManagerModules.nvf
sops-nix.homeManagerModules.sops
];
users.${username} = import ./home;
};
}

4
home/default.nix
View file

@ -21,8 +21,8 @@
./terminal.nix
./bat.nix
./aerospace.nix
# TODO ./browser.nix
# TODO ./pass.nix
./sops.nix
./ssh.nix
# TODO ./claude-code.nix
# TODO ./codex.nix
# TODO ./gemini-cli.nix

7
home/gh.nix
View file

@ -1,3 +1,8 @@
{
programs.gh.enable = true;
programs.gh = {
enable = true;
settings = {
git_protocol = "ssh";
};
};
}

8
home/nvf/default.nix
View file

@ -1,4 +1,8 @@
{ lib, ... }:
{
lib,
pkgs,
...
}:
let
options = import ./core/options.nix;
autocmds = import ./core/autocmds.nix { inherit lib; };
@ -11,7 +15,7 @@ let
terminal = import ./plugins/terminal.nix;
theme = import ./appearance/theme.nix;
lsp = import ./lsp/lsp.nix;
treesitter = import ./lsp/treesitter.nix;
treesitter = import ./lsp/treesitter.nix { inherit pkgs; };
autocomplete = import ./lsp/autocomplete.nix;
languages = import ./lsp/languages;
in

6
home/nvf/lsp/treesitter.nix
View file

@ -1,7 +1,13 @@
{ pkgs, ... }:
{
# treesitter
enable = true;
addDefaultGrammars = true;
grammars = with pkgs.vimPlugins.nvim-treesitter.builtGrammars; [
nix
lua
yaml
];
fold = true;
highlight = {
enable = true;

12
home/sops.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, ... }:
{
sops = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = ../secrets/poby.yaml;
secrets = {
"github_ssh_key" = { };
};
};
}

16
home/ssh.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, ... }:
{
programs.ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks = {
"*" = { };
"github.com" = {
host = "github.com";
user = "git";
identitiesOnly = true;
identityFile = [ config.sops.secrets."github_ssh_key".path ];
};
};
};
}

16
secrets/poby.yaml Normal file
View file

@ -0,0 +1,16 @@
github_ssh_key: ENC[AES256_GCM,data:nlZoOfyEMRj2U+P2ANao+ATS90zr8h4c+mVCu1JVoNpC50DBjyMl3eZDCDERISLHf0JWbg0wAZZbPI0Xp2KvZ9D4g+59Dd+F2csgAxUbTL0QPNkgFzSWQNINPR+pabf8phfWKFBJpBD66R8CGY0g8qM9oCJVGM2sGevdAKlhEHk5qsKZ48N0XdSzwXDxYpAeSt0Lz5mcuu8ndUZq+VJs744pLNd6Br6X6wgYJ8HpOXnzyequRer/Tp/EiX5Wel+Nu4JnlXa74ziv/AVqVdZS+mLylT1Cr+fnT3rASMHtA3KFokKlnoBzmJKlqKOcC9hCg7JApLn9s/iyWaC9AbFqZzEolwB0C9TkY3UHD6f5Eph0jaZemsI8DA1+CB39La48snLy0FraQ2yBdjQB/SwcO34OwqZaNHy6FaK5vNSMnDmlhC+FZkdHt6XkUMv8EZewLSA4WxkTuDE2fgF+NVoBNiSe4G9Fpmrl4h6Adp5pIxivthJPVEmudkTB1Q8TNp2yS2NLlWarUrgELNbGBgG0KocF3F6CXJKC8KNwI3x5cgW8GOB02h3EQGOmazTBUAOwjkZZ0V/8jzbEhRyEcou0LyhY6Ls/ltLaAAo6mtBaOB0=,iv:PNdvBAlSLsW2SxoiajXD6nCgl9EXFzR2SRfo6Ynj4iQ=,tag:qGMtoaigw1iEMET99PVSbw==,type:str]
sops:
age:
- recipient: age1qeyrh6e40nek3da4mnj298cy2l3aswe7432us30d2p93akcvp9zqext63j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaUt1Y1hFS1N0djNEU3NQ
QjFIMk9GZkxoeks2WUx0WlBNblR6dEpSZ2tBCkl3Wk1xaDlXWEFnYkIzZ2J3bUxw
bTltMDJtWEMrZ0NsbzFtTEQyelJsODQKLS0tIHFCYlZGalp2UVpIWTBRdUVob3JM
QXQ3YUkxWnk2U0hacjBMZDQ5WlNFQTAKzzzcoCZg7iNg5QoajxSpP1ka5qIIfaNE
5VMXcX4qL0OszsO3j3ShYIT02m3XqkSeaOMSz+uty2BWtPCDZoLHrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-14T09:54:27Z"
mac: ENC[AES256_GCM,data:ynguXXBCddmM69U3GMBG6PdLksbljJa2MT3MuQMUVGb7ENQcSc/r9DUrq3XNlV12szK6L1uIf2qhIkLTzN8V2HulfgWZU0l4FY+Ityc0C4NUEVVQrmZPArnWjZ+/p2sUMzZjhUoOWwL7crlUQo1jLzU7s5+p2CsAZGuFppuRfOU=,iv:J+PUT9iFijdNJYpvwamr8q8hYDUxi/hLVs/W+4k/v9o=,tag:znv5HhzpI3TqRso/UDNTQw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.1