diff --git a/.age/yk5ci.txt b/.age/yk5ci.txt new file mode 100644 index 0000000..bd87c94 --- /dev/null +++ b/.age/yk5ci.txt @@ -0,0 +1,7 @@ +# Serial: 17700673, Slot: 1 +# Name: age identity 30be8d70 +# Created: Sun, 02 Jul 2023 11:06:17 +0000 +# PIN policy: Once (A PIN is required once per session, if set) +# Touch policy: Always (A physical touch is required for every decryption) +# Recipient: age1yubikey1qfkn095xth4ukxjye98ew4ul6xdkyz7sek0hd67yfjs5z6tv7q9jgnfchls +AGE-PLUGIN-YUBIKEY-1GYTSUQVZXZLG6UQYHVHNU diff --git a/.editorconfig b/.editorconfig index d86ac02..3ada773 100644 --- a/.editorconfig +++ b/.editorconfig @@ -12,6 +12,10 @@ end_of_line = lf insert_final_newline = true trim_trailing_whitespace = true +[*.age] +end_of_line = unset +insert_final_newline = unset + # go [*.go] indent_style = tab diff --git a/.gitattributes b/.gitattributes index aeebdda..f0385b7 100644 --- a/.gitattributes +++ b/.gitattributes @@ -2,6 +2,9 @@ flake.lock -diff lazy-lock.json -diff +# treat age as binary +*.age -text -diff + # git lfs *.png filter=lfs diff=lfs merge=lfs -text diff --git a/flake.lock b/flake.lock index 9659f13..60261fd 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,28 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1703433843, + "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", + "owner": "ryantm", + "repo": "agenix", + "rev": "417caa847f9383e111d1397039c9d4337d024bf0", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "caarlos0-nur": { "inputs": { "nixpkgs": [ @@ -7,11 +30,11 @@ ] }, "locked": { - "lastModified": 1701864263, - "narHash": "sha256-70nBt0MNya8VPOpUAS3JNUfC4nF6yv/II2+sGmCTiDs=", + "lastModified": 1705371143, + "narHash": "sha256-AYtYccMuUSXLYuasl5jIut5CIlMQR8jtqEnXeTKcROQ=", "owner": "caarlos0", "repo": "nur", - "rev": "fa376e868b14b2661757ceed5ea762d62a1400ec", + "rev": "c2cb844944e47644062463ea38f014df6b400bc0", "type": "github" }, "original": { @@ -43,15 +66,37 @@ "darwin": { "inputs": { "nixpkgs": [ + "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1704277720, - "narHash": "sha256-meAKNgmh3goankLGWqqpw73pm9IvXjEENJloF0coskE=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "0dd382b70c351f528561f71a0a7df82c9d2be9a4", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "darwin_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705915768, + "narHash": "sha256-+Jlz8OAqkOwJlioac9wtpsCnjgGYUhvLpgJR/5tP9po=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "1e706ef323de76236eb183d7784f3bd57255ec0b", "type": "github" }, "original": { @@ -80,14 +125,14 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -98,14 +143,14 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -122,11 +167,11 @@ ] }, "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "lastModified": 1703887061, + "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", "type": "github" }, "original": { @@ -138,15 +183,36 @@ "home-manager": { "inputs": { "nixpkgs": [ + "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1704980804, - "narHash": "sha256-lPNNKdPqIYcjhhYIVwlajNt/HqVWbMOoSdNnwCvOP04=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "93e804e7f8a1eb88bde6117cd5046501e66aa4bd", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706080884, + "narHash": "sha256-qhxisCrSraN5YWVb0lNCFH8ovqnCw5W9ldac4Dzr0Nw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "6b28ab2d798c1c84e24053d95f4ee1dd9d81e2fb", "type": "github" }, "original": { @@ -162,11 +228,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1704956608, - "narHash": "sha256-bpkRWf3eC9mwi74rypUbzPWqBWSF8YK0XRsw1/vB4Og=", + "lastModified": 1706079808, + "narHash": "sha256-+C/G1OV5d8XN0fuXAuArXFfeOf2qRAKZ4MeoZdb2MPU=", "owner": "nekowinston", "repo": "nur", - "rev": "37ceb1158257f3279865c2a541c28732f7f19566", + "rev": "d09ab5e733e44db665d5b89467c20038b2e05ba6", "type": "github" }, "original": { @@ -182,11 +248,11 @@ ] }, "locked": { - "lastModified": 1704596958, - "narHash": "sha256-BK3Ohsz7m8X6qVKFxDtr8KVcHipfr5hYE9PDIJevHbQ=", + "lastModified": 1705806513, + "narHash": "sha256-FcOmNjhHFfPz2udZbRpZ1sfyhVMr+C2O8kOxPj+HDDk=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "f46800ac5a6e9f892fe36e50821c5d85794ecc62", + "rev": "f8e04fbcebcc24cebc91989981bd45f69b963ed7", "type": "github" }, "original": { @@ -206,11 +272,11 @@ ] }, "locked": { - "lastModified": 1704936062, - "narHash": "sha256-S29+KmGZoe+dPI8iqvfg1FEgKcyUHh30r3EfK8+YjMA=", + "lastModified": 1706059331, + "narHash": "sha256-SbBG2DENRMgAGVClEbTH6ZiX7BA0JrkwyoIu5mnJuVc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "7699526d3fb5e34fc02cf4614212cb69901cff76", + "rev": "699e64340b66ff33757e6533150242a6f76029aa", "type": "github" }, "original": { @@ -221,11 +287,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1704194953, - "narHash": "sha256-RtDKd8Mynhe5CFnVT8s0/0yqtWFMM9LmCzXv/YKxnq4=", + "lastModified": 1705677747, + "narHash": "sha256-eyM3okYtMgYDgmYukoUzrmuoY4xl4FUujnsv/P6I/zI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd645e8668ec6612439a9ee7e71f7eac4099d4f6", + "rev": "bbe7d8f876fbbe7c959c90ba2ae2852220573261", "type": "github" }, "original": { @@ -255,11 +321,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1704722960, - "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { @@ -271,11 +337,11 @@ }, "nur": { "locked": { - "lastModified": 1705002794, - "narHash": "sha256-kOd7hd8A1sGFZSYJGn+cEH3RSpGVAQ004Pd1lZabuIo=", + "lastModified": 1706089541, + "narHash": "sha256-hYvDAhzOXFCRV6a7JmLT0YFfCXFQNR5sEJCPtj1wgrk=", "owner": "nix-community", "repo": "nur", - "rev": "753418854902ccec235420cf3ee6b8bb9da3de67", + "rev": "dd8575d44a907f816c799369432dc84cff6bf183", "type": "github" }, "original": { @@ -299,11 +365,11 @@ ] }, "locked": { - "lastModified": 1704913983, - "narHash": "sha256-K/GuHFFriQhH3VPWMhm6bYelDuPyGGjGu1OF1EWUn5k=", + "lastModified": 1705757126, + "narHash": "sha256-Eksr+n4Q8EYZKAN0Scef5JK4H6FcHc+TKNHb95CWm+c=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "b0265634df1dc584585c159b775120e637afdb41", + "rev": "f56597d53fd174f796b5a7d3ee0b494f9e2285cc", "type": "github" }, "original": { @@ -314,19 +380,19 @@ }, "root": { "inputs": { + "agenix": "agenix", "caarlos0-nur": "caarlos0-nur", "catppuccin-vsc": "catppuccin-vsc", - "darwin": "darwin", + "darwin": "darwin_2", "flake-parts": "flake-parts", "flake-utils": "flake-utils", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "nekowinston-nur": "nekowinston-nur", "nix-index-database": "nix-index-database", "nix-vscode-extensions": "nix-vscode-extensions", "nixpkgs": "nixpkgs_2", "nur": "nur", "pre-commit-hooks": "pre-commit-hooks", - "sops": "sops", "swayfx": "swayfx" } }, @@ -342,11 +408,11 @@ ] }, "locked": { - "lastModified": 1704593904, - "narHash": "sha256-nDoXZDTRdgF3b4n3m011y99nYFewvOl9UpzFvP8Rb3c=", + "lastModified": 1705803528, + "narHash": "sha256-nChqKQPRXxmGBEkHse39LjNpkNKk4U1xPQ4a4oYlUdw=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c36fd70a99decfa6e110c86f296a97613034a680", + "rev": "bd7e8f4e122e11c934a576abc04327764f9bf19b", "type": "github" }, "original": { @@ -355,30 +421,6 @@ "type": "github" } }, - "sops": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1691828918, - "narHash": "sha256-p8kvccP/qxUrASzGemRx2MB9Kefd9DzrtmJr5whhOCg=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "1c673ba1053ad3e421fe043702237497bda0c621", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "rev": "1c673ba1053ad3e421fe043702237497bda0c621", - "type": "github" - } - }, "swayfx": { "inputs": { "flake-compat": [], @@ -429,6 +471,21 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index a384c64..6c50bdf 100644 --- a/flake.nix +++ b/flake.nix @@ -59,11 +59,13 @@ }; }; - devShells.default = config.pre-commit.devShell.overrideAttrs (old: { + devShells.default = pkgs.mkShell { + inherit (config.pre-commit.devShell) shellHook; + RULES = "./home/secrets/secrets.nix"; buildInputs = with pkgs; - [alejandra just nil nix-output-monitor nvd] - ++ lib.optionals stdenv.isDarwin [inputs.darwin.packages.${system}.darwin-rebuild]; - }); + [alejandra just nil nix-output-monitor nvd inputs'.agenix.packages.agenix] + ++ lib.optionals stdenv.isDarwin [inputs'.darwin.packages.darwin-rebuild]; + }; legacyPackages.homeConfigurations = let homeLib = import ./home/lib.nix { @@ -131,10 +133,9 @@ nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; nix-index-database.url = "github:nix-community/nix-index-database"; - sops = { - url = "github:Mic92/sops-nix/1c673ba1053ad3e421fe043702237497bda0c621"; + agenix = { + url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.nixpkgs-stable.follows = "nixpkgs"; }; swayfx = { url = "github:willpower3309/swayfx"; diff --git a/home/apps/git.nix b/home/apps/git.nix index 8a313dd..0f0ec44 100644 --- a/home/apps/git.nix +++ b/home/apps/git.nix @@ -1,14 +1,9 @@ -{ - config, - lib, - pkgs, - ... -}: { - sops.secrets."gitconfig-work".path = "${config.xdg.configHome}/git/gitconfig-work"; +{config, ...}: { + age.secrets."gitconfig-work".path = "${config.xdg.configHome}/git/gitconfig-work"; programs.git.includes = [ { condition = "gitdir:~/Code/work/"; - path = config.sops.secrets.gitconfig-work.path; + path = config.age.secrets."gitconfig-work".path; } ]; diff --git a/home/apps/mail.nix b/home/apps/mail.nix index a26379c..06cc59e 100644 --- a/home/apps/mail.nix +++ b/home/apps/mail.nix @@ -1,5 +1,5 @@ {config, ...}: { - sops.secrets."aerc-accounts".path = "${config.xdg.configHome}/aerc/accounts.conf"; + age.secrets."aerc-personal.conf".path = "${config.xdg.configHome}/aerc/accounts.conf"; programs = { aerc = { enable = true; @@ -7,7 +7,7 @@ general = { default-save-path = "~/Downloads"; pgp-provider = "gpg"; - # sops-nix manages the accounts.conf, + # agenix manages the accounts.conf, # so the permissions appear unsafe to aerc unsafe-accounts-conf = true; }; diff --git a/home/default.nix b/home/default.nix index e1f3e47..e77d178 100644 --- a/home/default.nix +++ b/home/default.nix @@ -6,7 +6,7 @@ }: let inherit (pkgs.stdenv.hostPlatform) isDarwin isLinux; in { - imports = [./apps ./secrets/sops.nix ./xdg.nix]; + imports = [./apps ./secrets ./xdg.nix]; home = { packages = with pkgs; ([ @@ -29,7 +29,6 @@ in { nvd ranger ripgrep - sops wakatime watchexec ] @@ -51,5 +50,5 @@ in { taskwarrior.enable = true; }; - sops.secrets."wakatime-cfg".path = "${config.xdg.configHome}/wakatime/.wakatime.cfg"; + age.secrets."wakatime.cfg".path = "${config.home.homeDirectory}/.wakatime.cfg"; } diff --git a/home/lib.nix b/home/lib.nix index 5effada..91ed76f 100644 --- a/home/lib.nix +++ b/home/lib.nix @@ -29,10 +29,10 @@ modules = with inputs; [ - nix-index-database.hmModules.nix-index - sops.homeManagerModules.sops + agenix.homeManagerModules.age caarlos0-nur.homeManagerModules.default nekowinston-nur.homeManagerModules.default + nix-index-database.hmModules.nix-index ./. ] ++ pkgs.lib.optionals (!isNixOS) [hmStandaloneConfig]; diff --git a/home/secrets/aerc-personal.conf.age b/home/secrets/aerc-personal.conf.age new file mode 100644 index 0000000..5972e1b --- /dev/null +++ b/home/secrets/aerc-personal.conf.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> piv-p256 ML6NcA A4mXaV3COp2TW4o1cMv4XKmrckAUDszY32GwefWM/rwZ +fIrr28U6/mqw7VmqvtM5gnhHMBFJ0CSXRMDfbzr2w2o +-> ssh-ed25519 77w9rQ zN8P9J8uPmEnq+dPeAryP3fRJjsplJ2kdOBOP+2Ill8 +RaHYOS1jxgg7OK8q1umvNGkAFZAbcCVnuQR1m5R5Dck +--- vcQ0gKhuBDr6RXf5D+RtysBljaik8LEs/jAK1VlQeV8 +=;{ޫ|=PS?̽ +XDfL\v7wq\U$ۅۺ +R;j;Ɓ.󐔄(.BOɹ(۾Pܶc*|☫՘t1ϫd*"UTYe >@Ee#şoJ1J 0uWlXP)nb# syr[0mޮa$̬š\qVEp֢ke)L-.,[y5ZhqhAqDzWqt1-kCèƽkiy-ET_l/_AĬH&xO﹆U \ No newline at end of file diff --git a/home/secrets/default.nix b/home/secrets/default.nix new file mode 100644 index 0000000..a18984b --- /dev/null +++ b/home/secrets/default.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + ... +}: { + age = { + identityPaths = ["${config.home.homeDirectory}/.ssh/id_ed25519"]; + + secrets = with builtins; + listToAttrs (map (k: { + name = lib.removePrefix "home/secrets/" (lib.removeSuffix ".age" k); + value = {file = ./../.. + "/${k}";}; + }) (attrNames (import ./secrets.nix))); + + secretsDir = "/private/tmp/agenix"; + secretsMountPoint = "/private/tmp/agenix.d"; + }; +} diff --git a/home/secrets/gitconfig-work.age b/home/secrets/gitconfig-work.age new file mode 100644 index 0000000..3ea3641 --- /dev/null +++ b/home/secrets/gitconfig-work.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> piv-p256 ML6NcA AqBNytZUiPR/Qtdhdm6/TDEzFKzEPaNrDm3Yp1t4eRCC +6gLCrwBAMefJkncql1W+WFxSo7gmOoIjxPfS1F8d/60 +-> ssh-ed25519 77w9rQ r5VNI11Va7crZlfRImwJuIFNNrtmtBB7eSxO2rAWhwI +objRSVUnqq5JU66cJMyguFZx6/xH5p0VEb61S3VfSg4 +--- GvRjramTigwFWBbx7b9jWk0V7Nf11M7wSTCxpYZwiM0 +l]sٝsCm@\oŪ4LZ  "@l(dlɾ"r'& P̃p+;$,՟ +"W'nB E*>$"zv~E~(̯UũC-?ANٸⴕBa?鱫żյ \ No newline at end of file diff --git a/home/secrets/main.yaml b/home/secrets/main.yaml deleted file mode 100644 index 96893c4..0000000 --- a/home/secrets/main.yaml +++ /dev/null @@ -1,25 +0,0 @@ -aerc-accounts: ENC[AES256_GCM,data:+/iBC++93F0hPhpY8x18h+1mC5AaYlCfctYRA10S5sWrWCPKVffXi9eFNqqxY/bwJlu5sn1nEvUYyXuQx0XUCB1ToGq6hbnRmivvi8RwVabBVltbujc50j0Pe8IwvyOA3gJIWpBJDwRSwwc9eouyTeJ5YBqiCwEIoFq6Z9yhTwYpNA5+SXM18lWq8lDhHXaV5i2JgLnxjwvd3oGBjBFpQ9hOgySbdFpZmCYPZ6AM6wThJBEbilYuCe9V7P6P5g8PxGSQFyx1f/trqDg3yoEBBz/YcI/Jj2315GqJltdEGdJP+9aevkLEmM4BFYpFl0Hkhvk4Ymu5DZQtVGsdLmfbMqSB9pRn4nOKcY3tG09oIuIiIVNXhrXRrI0QYqyQEzxycTBDRKhAUziGRCwuldIlqNoqbV6eECWVJAwHhgbin7Oe++IkKe2KRe2YfmwDBSoteucxQHpfKXnU0VmC,iv:ERGbzSfowSibJ4glaiTzUg0TaKtbuDH1P7sUno1WfAA=,tag:lrPOSIrEFNnknGKHcYpDyg==,type:str] -gitconfig-work: ENC[AES256_GCM,data:rjq9cKLkgS4to1Yt4NoYey63Rja2Gw03zmnBpnm9xp5O+yQKLiQ5x28cuNeKxa0jJavvwZzLjI9cY+bZk344zT/iepAwhtXu/TSUwxJySznTOd7K7jRfxOuL8e1AzP3kHMqYKKFAr2Ociu7F8YxgT3Ggd7SH5BcWJ+y/752xBeCOL/sOrg==,iv:GOs51bm3nYGh7np18se+Pvpvq8AN+LVQH7T9wcGtj1w=,tag:g3DtlfMef2NGDpe16E/nww==,type:str] -wakatime-cfg: ENC[AES256_GCM,data:qv8pJg0JqzCnOghN3qXtvYHAmUAZ7SLk7fZvAWktQkr/VvwhzZdilLFTkacvvMnlydseVYJKkmWMYdTqxHvit6QAiyujmzOP2H9IRc99vGx8HRB/ooHJPepdXbifMqMz9oE=,iv:0wzTqCM8MxAAP8JFsyrv0m2u83EMraHIfBqhSofbY2Q=,tag:Iz6LCTBoXd0x6d0eSl2nhA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-11-11T16:28:50Z" - mac: ENC[AES256_GCM,data:A77Dy8s77s/i84hqvJHYxMnKnXpfsvdz5tNU9gwYv1ai9UyminrzXxzw4OEnr6COR5fCK3BV+vVzYxSI535WU9Lt0yvrK/DZTFea+xhvsvb+OkXWsFgPB0zMe0JBd8LKa9Z7IEuMrSDy2JRKiZyKDprM33KmfBOsaJde8kFkflI=,iv:b3oZEWtlLgT+eZvnIILGpJ4kgViiNz6xEdkogQZ35Qk=,tag:KZlGdo6RWpRMifDvoM/NHQ==,type:str] - pgp: - - created_at: "2023-01-31T05:46:40Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hF4DAAAAAAAAAAASAQdAVvQXMOXKNhsEhO/niK0+M6eVZOhp5h2xZfRgdKaeDAMw - KUwc9D6b2HdD2kTQpn38gzi97P0NLPNcjHDN6xoYj78kZ55R9NYsd+56e7Ii9KnC - 0l4BfGQPaC5CJv2d8QSr+vWQFYo4KzzWYsO0FJK9iAT097bjIa27RNlGHEbmabHY - iZhD89Vy8V8Gy26craSiuDYLDoZ8FgA916CO5VsFBz1lOQmwX+byqy1EgQDplOqa - =QE21 - -----END PGP MESSAGE----- - fp: a476c39610e53a689a57bd0d0b89bc45007ee9cc - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/home/secrets/secrets.nix b/home/secrets/secrets.nix new file mode 100644 index 0000000..5a972e2 --- /dev/null +++ b/home/secrets/secrets.nix @@ -0,0 +1,9 @@ +let + users.winston = "age1yubikey1qfkn095xth4ukxjye98ew4ul6xdkyz7sek0hd67yfjs5z6tv7q9jgnfchls"; + systems.sashimi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIINxJEAR1Ql8bZqKgGmrnxvu5zwz+znis+RZo8jx0o0f"; + default = [users.winston systems.sashimi]; +in { + "home/secrets/aerc-personal.conf.age".publicKeys = default; + "home/secrets/gitconfig-work.age".publicKeys = default; + "home/secrets/wakatime.cfg.age".publicKeys = default; +} diff --git a/home/secrets/sops.nix b/home/secrets/sops.nix deleted file mode 100644 index 9e177e8..0000000 --- a/home/secrets/sops.nix +++ /dev/null @@ -1,6 +0,0 @@ -{config, ...}: { - sops = { - gnupg.home = config.programs.gpg.homedir; - defaultSopsFile = ./main.yaml; - }; -} diff --git a/home/secrets/wakatime.cfg.age b/home/secrets/wakatime.cfg.age new file mode 100644 index 0000000..6b80615 --- /dev/null +++ b/home/secrets/wakatime.cfg.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> piv-p256 ML6NcA AoSi1hXuwt58WI4cr1nbHB0q5bmCAynsvn0WmLRtapPn +sE1zLn8L5BbL5jkTYTcUfWReFNuCLJaLOzkNHM3ivvg +-> ssh-ed25519 77w9rQ vGgv2nsE+vZt4LbVqyC0yukpaTB3+qji7c0404birEM +IO0ZCeZPLFX6tAzEYrjLJ3+rZoFmBY3nkd2c3pyZX4Q +--- P/DFeVKEfCEJdhTf7n2roAcCXIoFwwVzPMrH8iUBACI +$To˰ +gW[=ofr fJfH/ϯ9.lcw`~|x'OvMK#:eb: +ֶաxaӮd3Њ(\F ^cw +|6zՏ:c \ No newline at end of file diff --git a/home/xdg.nix b/home/xdg.nix index 2f0947a..436ff22 100644 --- a/home/xdg.nix +++ b/home/xdg.nix @@ -27,7 +27,6 @@ in { NPM_CONFIG_USERCONFIG = "${configHome}/npm/npmrc"; RUSTUP_HOME = "${dataHome}/rustup"; W3M_DIR = "${dataHome}/w3m"; - WAKATIME_HOME = "${configHome}/wakatime"; WINEPREFIX = "${dataHome}/wine"; }; sessionPath = [