From 6f14b2565a3562845165d0cd0f34f9da9f7c716a Mon Sep 17 00:00:00 2001 From: xqtc Date: Thu, 8 Aug 2024 12:39:38 +0200 Subject: [PATCH] nix flake update; rename secrets since nested secrets seem to be broken --- common/sops.nix | 12 ++++ flake.lock | 114 ++++++++++++++++++------------------- home/modules/default.nix | 2 +- home/modules/home-pkgs.nix | 1 + home/modules/ssh.nix | 2 + secrets.yaml | 10 ++-- 6 files changed, 77 insertions(+), 64 deletions(-) diff --git a/common/sops.nix b/common/sops.nix index e4d9c26..423fb28 100644 --- a/common/sops.nix +++ b/common/sops.nix @@ -18,4 +18,16 @@ generateKey = true; }; }; + sops.secrets = { + xqtc_private = { + path = "/home/xqtc/.ssh/id_ed25519"; + owner = "xqtc"; + mode = "600"; + }; + xqtc_public = { + path = "/home/xqtc/.ssh/id_ed25519.pub"; + owner = "xqtc"; + mode = "640"; + }; + }; } diff --git a/flake.lock b/flake.lock index a576aad..d3c55fe 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1721441154, - "narHash": "sha256-LHZtBq31ViF1lkZ8Hnp2Y0ypUMIhVzgp2ZCVCOmO0Do=", + "lastModified": 1722469787, + "narHash": "sha256-P20oAmbgXHl1E77TXPXiAj1Ntycc1mf7fZMI7X13VYw=", "owner": "tpwrules", "repo": "nixos-apple-silicon", - "rev": "d3fed6f02e05aee529c95efd402ebb259463f1a6", + "rev": "8a665fee82901878edaeb8ee120296a979db2dd2", "type": "github" }, "original": { @@ -28,11 +28,11 @@ "onchg": "onchg" }, "locked": { - "lastModified": 1720429515, - "narHash": "sha256-r73eyaZzaNgysusdaFmanOHcYMVnRxdAYzD4BvkBjmU=", + "lastModified": 1723077491, + "narHash": "sha256-Zdv5L9Uhh84HTppHszAFvTAUzZfvHY+MTEcQwHc6dIk=", "owner": "aksiksi", "repo": "compose2nix", - "rev": "a55aea08f1eb34cc1681c9ea2d7b42b58730df5d", + "rev": "e5f35685dd09435f648ec827335ab307b7c4574d", "type": "github" }, "original": { @@ -104,11 +104,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1722321366, - "narHash": "sha256-9wJm7CJvL7El3SHZ1CPeLKv+7I+UdXN/oFhXCmEn+5o=", + "lastModified": 1723089792, + "narHash": "sha256-vXv+xno/CxWom/MFLz54QV4OYNZ8gJmqV82FtZeH51c=", "owner": "rycee", "repo": "nur-expressions", - "rev": "3ef6393661a32c8fd5e63d636411960cd28b2e4b", + "rev": "cba8af387c1e02cd459f5df427e190d2dbf7db85", "type": "gitlab" }, "original": { @@ -170,11 +170,11 @@ ] }, "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", "type": "github" }, "original": { @@ -317,11 +317,11 @@ ] }, "locked": { - "lastModified": 1721042469, - "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", + "lastModified": 1722857853, + "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", + "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da", "type": "github" }, "original": { @@ -359,11 +359,11 @@ ] }, "locked": { - "lastModified": 1722321190, - "narHash": "sha256-WeVWVRqkgrbLzmk6FfJoloJ7Xe7HWD27Pv950IUG2kI=", + "lastModified": 1723015306, + "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=", "owner": "nix-community", "repo": "home-manager", - "rev": "4fcd54df7cbb1d79cbe81209909ee8514d6b17a4", + "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e", "type": "github" }, "original": { @@ -381,11 +381,11 @@ ] }, "locked": { - "lastModified": 1722119539, - "narHash": "sha256-2kU90liMle0vKR8exJx1XM4hZh9CdNgZGHCTbeA9yzY=", + "lastModified": 1722630065, + "narHash": "sha256-QfM/9BMRkCmgWzrPDK+KbgJOUlSJnfX4OvsUupEUZvA=", "owner": "nix-community", "repo": "home-manager", - "rev": "d0240a064db3987eb4d5204cf2400bc4452d9922", + "rev": "afc892db74d65042031a093adb6010c4c3378422", "type": "github" }, "original": { @@ -434,11 +434,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1721151247, - "narHash": "sha256-m6LmfrUMpt1ZUX3eqB7Gp+ZV6sAWPqkATwZNvA7Bj9U=", + "lastModified": 1723021300, + "narHash": "sha256-Ujo6MQvwolE1eWSkPXCC9WFJeLtRfnMpvxoeAGNcbFI=", "owner": "viperML", "repo": "nh", - "rev": "168c7ceea2b8d6208cf32de9eb8effa9c008b40d", + "rev": "ea9053852f8575f650ca0080b2cac6735c7447f7", "type": "github" }, "original": { @@ -455,11 +455,11 @@ ] }, "locked": { - "lastModified": 1722082646, - "narHash": "sha256-od8dBWVP/ngg0cuoyEl/w9D+TCNDj6Kh4tr151Aax7w=", + "lastModified": 1722924007, + "narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "0413754b3cdb879ba14f6e96915e5fdf06c6aab6", + "rev": "91010a5613ffd7ee23ee9263213157a1c422b705", "type": "github" }, "original": { @@ -511,11 +511,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1722278305, - "narHash": "sha256-xLBAegsn9wbj+pQfbX07kykd5VBV3Ywk3IbObVAAlWA=", + "lastModified": 1722332872, + "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "eab049fe178c11395d65a858ba1b56461ba9652d", + "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", "type": "github" }, "original": { @@ -527,11 +527,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1721379653, - "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=", + "lastModified": 1722185531, + "narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374", + "rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d", "type": "github" }, "original": { @@ -543,11 +543,11 @@ }, "nixpkgs-2405": { "locked": { - "lastModified": 1722087241, - "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", + "lastModified": 1722869614, + "narHash": "sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8c50662509100d53229d4be607f1a3a31157fa12", + "rev": "883180e6550c1723395a3a342f830bfc5c371f6b", "type": "github" }, "original": { @@ -559,11 +559,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1722331680, - "narHash": "sha256-cCEo9wYzOdM1kVG+KL0ALPRk3S5Zjpz7AYDV+5ePvPY=", + "lastModified": 1723111207, + "narHash": "sha256-WanxA10GYQol3RemQewSW1O1n3YjUWnHk6t4kOYQ4/4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ad64fd3c7d31d70107d7979e052717d42ac1969c", + "rev": "fa12935a32af71ab3a8b4ff60ab3c37490eea336", "type": "github" }, "original": { @@ -607,11 +607,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1720954236, - "narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=", + "lastModified": 1722519197, + "narHash": "sha256-VEdJmVU2eLFtLqCjTYJd1J7+Go8idAcZoT11IewFiRg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27", + "rev": "05405724efa137a0b899cce5ab4dde463b4fd30b", "type": "github" }, "original": { @@ -639,11 +639,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1722062969, - "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", + "lastModified": 1722813957, + "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", + "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", "type": "github" }, "original": { @@ -715,11 +715,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1722248209, - "narHash": "sha256-yYoxx5hVrI7JaiPy44sgnr5YIRXWY7ttNoN/l5fJOgI=", + "lastModified": 1723097923, + "narHash": "sha256-DtE5JfdxpPraCuDBFDsOc6typ+t1l4IL1HYiyTLcjYM=", "owner": "nix-community", "repo": "nixvim", - "rev": "2089eb407d8c5dbd6ca6e93d4988a439ca6446fd", + "rev": "78abafe280b1ea102fda879799b590da5d84725f", "type": "github" }, "original": { @@ -737,11 +737,11 @@ ] }, "locked": { - "lastModified": 1722144272, - "narHash": "sha256-olZbfaEdd+zNPuuyYcYGaRzymA9rOmth8yXOlVm+LUs=", + "lastModified": 1722772237, + "narHash": "sha256-3eCYmzeLngX8eutIsTZAG8DIvT/0DWQQxiszTQz8n0s=", "owner": "NuschtOS", "repo": "search", - "rev": "16565307c267ec219c2b5d3494ba66df08e7d403", + "rev": "aa5f6246565cc9b1e697d2c9d6ed2c842b17fff6", "type": "github" }, "original": { @@ -839,11 +839,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1722114803, - "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", + "lastModified": 1722897572, + "narHash": "sha256-3m/iyyjCdRBF8xyehf59QlckIcmShyTesymSb+N4Ap4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", + "rev": "8ae477955dfd9cbf5fa4eb82a8db8ddbb94e79d9", "type": "github" }, "original": { @@ -954,11 +954,11 @@ ] }, "locked": { - "lastModified": 1721769617, - "narHash": "sha256-6Pqa0bi5nV74IZcENKYRToRNM5obo1EQ+3ihtunJ014=", + "lastModified": 1722330636, + "narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "8db8970be1fb8be9c845af7ebec53b699fe7e009", + "rev": "768acdb06968e53aa1ee8de207fd955335c754b7", "type": "github" }, "original": { diff --git a/home/modules/default.nix b/home/modules/default.nix index 5a224fb..bdff2fc 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -22,6 +22,6 @@ ./zoxide.nix ./sops.nix ./spotify-cli.nix - ./ssh.nix + # ./ssh.nix ]; } diff --git a/home/modules/home-pkgs.nix b/home/modules/home-pkgs.nix index e19a3a1..bc83459 100644 --- a/home/modules/home-pkgs.nix +++ b/home/modules/home-pkgs.nix @@ -8,6 +8,7 @@ if pkgs.system == "x86_64-linux" then [ pkgs.steam + pkgs.heroic pkgs.protonup-qt pkgs.via pkgs.telegram-desktop diff --git a/home/modules/ssh.nix b/home/modules/ssh.nix index 0635539..f648815 100644 --- a/home/modules/ssh.nix +++ b/home/modules/ssh.nix @@ -8,10 +8,12 @@ sops.secrets = { "private_keys/xqtc" = { path = "/home/xqtc/.ssh/id_ed25519"; + # owner = "xqtc"; mode = "600"; }; "public_keys/xqtc" = { path = "/home/xqtc/.ssh/id_ed25519.pub"; + # owner = "xqtc"; mode = "640"; }; }; diff --git a/secrets.yaml b/secrets.yaml index 7326f6d..d95f172 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -1,7 +1,5 @@ -private_keys: - xqtc: ENC[AES256_GCM,data:rpdj0jpEL+oI83ML+uVzTIr0zcc7vCrV5jFLUks+tjpR5cGkp3TxJ287ijRAEF17PqDK90t1Sql/Wt/VDriiF8FdwSMZRHIXtuQ2JoxZ7ZF0gI1O5f+RYI7f9YhRWwXWdGi7syhDHOIYuqNv2C3tmeM7vsGn2A7e+k68Dfj2SnP6EbQr3xaEr155YWTdN5VwiWUNRGa0AgKXEnNFjtxZd1rjKvcKSiWeDMoq4kYswpPcIjdcGSgIuh/W9RxaQls79wQ6EB958jwiU0mTRK2quyq4yDAbxocxExdy4ZRdqCj1FfZYtHN4hUwzif+pVihDxspyKu2PG0a+mDZPjG88STUqUSHd1rAVet3TxaHCAXMUNnALzLxV6uXaTZJOCpK5U/hIyRYKcm7NnUzkfrluEPAK1IDP3TiiVZEPHjx2cTxhWuMGc5qtWz7YCzTXP/m2XoLRhgaoP4WkYDdg/X4iMXqU3yTO+WClKJPrqvFzIwdvuioiL1hEJ/sKl3O+XtcipKM89PqL1Jrga+yiEZsS,iv:YZSCbv3+qerH9I1L10OkaId0b25p7Tz/fw0mimjGQ70=,tag:slAoYzANbap1ghkAkGcLIg==,type:str] -public_keys: - xqtc: ENC[AES256_GCM,data:bQ39+TS67ww01qfkhv//AfE3h4od4QgOUMATwKoeI7D7JHzCpM38jZudNlJixbyR8bLOKsBohqB3Pad6Q27dnXLCyZ/XtyZMLyhZuaOBVkx8+4ow1SWEyDxHM/N3WPZxjgM=,iv:FKHKaOknTYKzel3R6AUOb4RvXH04rQd4bHospGrsrUA=,tag:yCtxIdfWdIFjPiFbrFuPKg==,type:str] +xqtc_private: ENC[AES256_GCM,data:Zk0trG64uOw++DLQdG8Fz5oGpY7awQmCPdWJzUjfB/hwJpSkHxnzEyG7OdFNSWvXpRoBLh9G+6wsRLNq/vJ8GyKjE8VqOCAd6Bvfu/2aegQCpBc1VL5e6tP75eSEH8iWblYfN0V+37TTYAugZcGhlr88KqUW7iyqjVVySFMjmdSuX43kPZdHnt0582/CrUZnZjsjNKwrxwOnXnBZcglx3XqYbk4U5fXpqoZEnrobEEdgFFDR7+QvusbFQzaevf979ZMzKpEuy455OJBUeR/ieujWIUSMxIbip3b5a/mnNuRhMCElgqdIVqVMQvdGGAnquxayTDIVpyEbAZdTUlqMGT+cUchLg1U89EVEBnZPcpOIp588JbCD/L5b3Rj9boTMCbEujK/jB3Ir/GdYItDhhLH5NTFw8CUSlPwBFHQme25Izrz71Ax9ypOugQOW5IrVml19z2q6/1OH6dxMumLahXzKTJr11i5mwfE6RtMu4n0DaEELsVS53tifxOeDzGq3wkifrn1Q8NlV5qwWsApH,iv:SJEvOVKOFIYsrhCW3DZoUlYKti4ngzic8OHXKLwl4VI=,tag:c9xGMWyOxXrUXdx/HKgIJw==,type:str] +xqtc_public: ENC[AES256_GCM,data:moaBcihil+YyQe1dRgGmw8FjKKxrYC49WX/Jd1SJoAZmDTKqSlfGLaY2DCpmhqH3x/CoFGIb2yrWYwU/xoQAhsIxlx4OZ1XQ6UdtofM3lfUXNGm0gzIzcvwa7SaaFSLn9Y+a,iv:DSfez1yWiJ2Z71m5gEeN5heTB1ppFgmGKBt3Kv1MkGc=,tag:sZ/kYtbdm/N9Gk9IQa7tlQ==,type:str] nextcloud_password: ENC[AES256_GCM,data:lwqQio1I1xTv07bLRyrvig1HRyCxcueSPgDpPRhXBqCi8d42OJt7rA==,iv:R0JxpCJz9zycph9p7Ewwt4QTEXQxaxJ691aWCXfEsFE=,tag:Qz3dD2cOkmneEWP7tI54Dg==,type:str] nextcloud_user_password: ENC[AES256_GCM,data:fkX/1pOgRLvhHTtoK9i5F0kO+mRKj40BH2s7VD7ifPEnyJhWqy5mvg==,iv:iEnW4Z8vCY9oapOpVZNuLMa50SXT01clYaScUN+q/k8=,tag:0G0Y8XCSj+dBAy6Cw8YOHg==,type:str] paperless_password: ENC[AES256_GCM,data:OCrc00vUb+lgel8TmFm+9Ee4QJZZV7W6+Jl9+R7AfjfDh6v590ibvw==,iv:emM7g0JRcEH4xuYdvZN64drOhduXyQy6HwF1xByaLvE=,tag:D2O1qAeKtYWGf+Zd3RuBTQ==,type:str] @@ -62,8 +60,8 @@ sops: a2ZHZmQ0dEVMZFlJRENmU2lGejFuMzAKOO3kTP/VWRYn5CrwPyjUIGS7kjxPvNYZ HMt+cCG9FYeJdqPpHWiM0TeHYUG0h7XlltIMg7KhE4Qj/GARegmuZQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-05T10:02:03Z" - mac: ENC[AES256_GCM,data:CtwG4akzIgv8WtpX4T/0CUzfnf6OyewOGqjbV7BW3AW23nPdTNqmpOU3b4cgjsEfsQ1JVUlE8k0h1Lo/BABrlIw80aQI1L8o1UOwNidjLpzaAo8cFXkv/ctUhtj3t5BIyFdUmgGQk/yufoGpLCm81Yy7ImwsJnPSy+62tb9U3Wo=,iv:WpTdTrzQYz8Ofa5Yubo6MpRqliSbBsN1K2JQW6bR4EQ=,tag:g9qPiE60V7iO3bdJg99jLQ==,type:str] + lastmodified: "2024-08-08T10:33:53Z" + mac: ENC[AES256_GCM,data:p7mxLDO11Trym20Ferprb6DfHAUYdG7bZ+ojF4IUXidsK0TKcgBrF+Lt+8eIbdb2y1FGRK83rsgPDBrvHNmkE8WscSKJTSbt1quDsI64P0vEiwL7DjabBPxl6/0HG1Zi+Gk6w/PAbJ9YS/iyrz5fJcqD6y5RvY6uiR3ON+n/HNI=,iv:l0wb6EJcSznYORf/9y+1nIiFGtx6f3HJ559Ut1WD7JU=,tag:LZYcS1MlbHg81TX/fstQ8g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0