From 60f9246dd9485fc226304cb71c1057bc93e8ac4a Mon Sep 17 00:00:00 2001 From: vancycles-knak Date: Fri, 10 Jan 2025 09:53:46 -0800 Subject: [PATCH 1/5] more improvement on the mac --- nix-darwin/home-modules/programs/bat.nix | 1 - nix-darwin/home-modules/programs/btop.nix | 1 - nix-darwin/home-modules/programs/devops.nix | 2 ++ .../home-modules/programs/modern_unix.nix | 5 ---- .../home-modules/programs/spacemacs.nix | 2 ++ .../users/henri.vandersleyen/.sops.yaml | 7 +++++ nix-darwin/users/henri.vandersleyen/home.nix | 8 +++-- .../henri.vandersleyen/secrets/secrets.yaml | 29 +++++++++++++++++++ nix-darwin/users/henri.vandersleyen/sops.nix | 29 +++++++++++++++++++ nix-darwin/users/henri/sops.nix | 3 +- 10 files changed, 77 insertions(+), 10 deletions(-) create mode 100644 nix-darwin/users/henri.vandersleyen/.sops.yaml diff --git a/nix-darwin/home-modules/programs/bat.nix b/nix-darwin/home-modules/programs/bat.nix index 327ed0e3..af6b3eec 100644 --- a/nix-darwin/home-modules/programs/bat.nix +++ b/nix-darwin/home-modules/programs/bat.nix @@ -5,7 +5,6 @@ ... }: { - options = { bat.enable = lib.mkOption { type = lib.types.bool; diff --git a/nix-darwin/home-modules/programs/btop.nix b/nix-darwin/home-modules/programs/btop.nix index d8d885e6..dc897e74 100644 --- a/nix-darwin/home-modules/programs/btop.nix +++ b/nix-darwin/home-modules/programs/btop.nix @@ -5,7 +5,6 @@ ... }: { - options = { btop.enable = lib.mkOption { type = lib.types.bool; diff --git a/nix-darwin/home-modules/programs/devops.nix b/nix-darwin/home-modules/programs/devops.nix index e8ae3eec..e7001234 100644 --- a/nix-darwin/home-modules/programs/devops.nix +++ b/nix-darwin/home-modules/programs/devops.nix @@ -20,6 +20,7 @@ let insomnia # not supported on aarch64-darwin # dns dogdns + dive ]; } // lib.mkIf (currentSystem == "aarch64-linux") { @@ -29,6 +30,7 @@ let postman # dns dogdns + dive ]; }; in diff --git a/nix-darwin/home-modules/programs/modern_unix.nix b/nix-darwin/home-modules/programs/modern_unix.nix index 9adff3f5..dd28e233 100644 --- a/nix-darwin/home-modules/programs/modern_unix.nix +++ b/nix-darwin/home-modules/programs/modern_unix.nix @@ -24,11 +24,6 @@ enableFishIntegration = true; enableZshIntegration = true; }; - - bat = { - enable = true; - catppuccin.enable = true; - }; jq.enable = true; fd.enable = true; ripgrep.enable = true; diff --git a/nix-darwin/home-modules/programs/spacemacs.nix b/nix-darwin/home-modules/programs/spacemacs.nix index 8e6b7089..663089b9 100644 --- a/nix-darwin/home-modules/programs/spacemacs.nix +++ b/nix-darwin/home-modules/programs/spacemacs.nix @@ -13,6 +13,8 @@ }; }; + # common issue on MacOs when getting ="Creating pipe" "too many open files"= + # https://gist.github.com/tombigel/d503800a282fcadbee14b537735d202c config = lib.mkIf config.spacemacs.enable { home = { sessionVariables = { diff --git a/nix-darwin/users/henri.vandersleyen/.sops.yaml b/nix-darwin/users/henri.vandersleyen/.sops.yaml new file mode 100644 index 00000000..9d0be311 --- /dev/null +++ b/nix-darwin/users/henri.vandersleyen/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &primary age17jgvjp9u4wa6799e3utfqxfrq9mgkfhxxed02cpp642tm6cna9gqg4yafw +creation_rules: + - path_regex: secrets/.*\.yaml$ + key_groups: + - age: + - *primary diff --git a/nix-darwin/users/henri.vandersleyen/home.nix b/nix-darwin/users/henri.vandersleyen/home.nix index 955107f2..b32029d9 100644 --- a/nix-darwin/users/henri.vandersleyen/home.nix +++ b/nix-darwin/users/henri.vandersleyen/home.nix @@ -43,7 +43,11 @@ # starus-bars # ../../home-modules/status-bars/sketchybar + + # secrets (home-manager) + ./sops.nix ]; + # wm wm.aerospace = { enable = false; @@ -60,8 +64,8 @@ keychain.enable = true; keychain.keys = "/home/henri/.ssh/knak"; - git.userEmail = "henri-vandersleyen@protonmail.com"; - git.userName = "vanderscycle"; + git.userEmail = "henri.vandersleyen@knak.com"; + git.userName = "vancycles-knak"; git.signingKey = "~/.ssh/knak.pub"; home = { diff --git a/nix-darwin/users/henri.vandersleyen/secrets/secrets.yaml b/nix-darwin/users/henri.vandersleyen/secrets/secrets.yaml index e69de29b..5aaaef4e 100644 --- a/nix-darwin/users/henri.vandersleyen/secrets/secrets.yaml +++ b/nix-darwin/users/henri.vandersleyen/secrets/secrets.yaml @@ -0,0 +1,29 @@ +hello: ENC[AES256_GCM,data:uXMTjhexxMSj1SF5FfV4p+WoOGy04xHmxhFBM8LwIWxFAwghDwCO+MyHTpwdPA==,iv:BKt3xz0YoSNjyEusXWGveIdWHHeuce9/a2MyHEST8S0=,tag:taD/85+9kCgFEoLzdmRzgg==,type:str] +example_key: ENC[AES256_GCM,data:jDPBfh1B6haUSmrWFg==,iv:btbp5PYOHB3P3JlIsD9OUq7mj5ZCjzgT2FHBTBqzpzQ=,tag:3ru8H51ZrsjCmzvrvQmS2w==,type:str] +example_array: + - ENC[AES256_GCM,data:WCc/N7Xj3UF7N9VZJVk=,iv:Y7OxOEPOKres0E+RQSYEMNMPGfLozKthSzhj5Wm3o6g=,tag:U+yrb57bx6yC+xTONCvehw==,type:str] + - ENC[AES256_GCM,data:vDOVZI0KsoHA3E2wsqw=,iv:jIBLKFaUcm9f7p08BuwZ9mu5YFTpCd5oD/oplIujCTM=,tag:IIESdjpHjsgxeRTWyk+n3g==,type:str] +example_number: ENC[AES256_GCM,data:9jSoMBnTN1Ijxw==,iv:8NlCtZLyQzh0hRCCxsKdFuaVA6OVlfdqZXVJr3Awxdo=,tag:3O9leYEMpRpvhIFlhOKPcA==,type:float] +example_booleans: + - ENC[AES256_GCM,data:ALU6SA==,iv:iq+T0SzvcdIz/TVU43Z8WuM4uqoYkGEMXWV79OpugKI=,tag:z7MG5XwqHh69qipwlaqVZw==,type:bool] + - ENC[AES256_GCM,data:cInUBOc=,iv:z8yIKupVM3Z0PHao1O9Jgeoh13pHksVfoc9zYdRR1JM=,tag:21an6BMu3MeQaJJnEL4amw==,type:bool] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age17jgvjp9u4wa6799e3utfqxfrq9mgkfhxxed02cpp642tm6cna9gqg4yafw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmeEZIZ1RxVjd2Z0xEZ2pa + QnovanpSV0lUMmpqaUJlREVjbTE5MGpHa1JvCm5zenFtMXVjejRIWFhNVVpWcUtX + S0x4aUpkU0pJSUYzR1hGUSsyNnovbzAKLS0tIG5jeHZnbWxWUzZWQVpoOTRHZzk1 + YzAzN1FjT1RxVTZOaHJaVGtWb1p6czgK7iHvbrJ0lH3Sn4NV8iWR2RrrATHX8v1A + tgjBjlMR10aTg3GXBv+ylmDi4YWh1K0g1QknrAmHfKS9FOapPxDceQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-07T20:32:48Z" + mac: ENC[AES256_GCM,data:KyAwQYDteDaTbv37E3Ah9k39leyfdqhAp77VuZb15bYQ3J0Qa+TJWiM69mM7C4Atq7RhklWF+EgpMGyZDimYQVw3t8PEqGSL6RtQke/+Df8WYEQKGE4dN/r9wz+7N7ZccB9mKhhQC06mlskcwizgh4FeETHIJts/lz8BvO6Yqnw=,iv:dALmdDJxLWRnw2R4SyBqu1MOPWqCpfcczLeOJyebCD8=,tag:voieV1Q6aNBflehdgkuYqg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/nix-darwin/users/henri.vandersleyen/sops.nix b/nix-darwin/users/henri.vandersleyen/sops.nix index e69de29b..df2ff26c 100644 --- a/nix-darwin/users/henri.vandersleyen/sops.nix +++ b/nix-darwin/users/henri.vandersleyen/sops.nix @@ -0,0 +1,29 @@ +{ + pkgs, + inputs, + username, + config, + ... +}: +{ + imports = [ + inputs.sops-nix.homeManagerModule.sops + ]; + environment.systemPackages = [ + pkgs.sops + ]; + sops.defaultSopsFile = ./secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/User/${username}/.config/sops/age/keys.txt"; + + sops.secrets."knak/email" = { + owner = username; + }; + sops.secrets."knak/git/userName" = { + owner = username; + }; + sops.secrets."knak/git/keyName" = { + owner = username; + }; +} diff --git a/nix-darwin/users/henri/sops.nix b/nix-darwin/users/henri/sops.nix index c12e4f22..5d9d01f3 100644 --- a/nix-darwin/users/henri/sops.nix +++ b/nix-darwin/users/henri/sops.nix @@ -2,6 +2,7 @@ pkgs, inputs, config, + username, ... }: @@ -18,7 +19,7 @@ in sops.defaultSopsFile = ./secrets/secrets.yaml; sops.defaultSopsFormat = "yaml"; - sops.age.keyFile = "/home/henri/.config/sops/age/keys.txt"; + sops.age.keyFile = "/home/${username}/.config/sops/age/keys.txt"; # Maggit Forge sops.secrets."emacs/forge/gh_api" = { From bd502d4be73c510d8ce9dca00acda3bd5e955103 Mon Sep 17 00:00:00 2001 From: vancycles-knak Date: Fri, 10 Jan 2025 10:43:10 -0800 Subject: [PATCH 2/5] sops kinds works --- .../henri.vandersleyen/configuration.nix | 11 ++++-- nix-darwin/users/henri.vandersleyen/home.nix | 36 +++++++++++-------- .../henri.vandersleyen/secrets/secrets.yaml | 18 ++++------ nix-darwin/users/henri.vandersleyen/sops.nix | 34 +++++++++--------- 4 files changed, 55 insertions(+), 44 deletions(-) diff --git a/nix-darwin/users/henri.vandersleyen/configuration.nix b/nix-darwin/users/henri.vandersleyen/configuration.nix index 6ecac12c..4ca436f2 100644 --- a/nix-darwin/users/henri.vandersleyen/configuration.nix +++ b/nix-darwin/users/henri.vandersleyen/configuration.nix @@ -50,9 +50,16 @@ # (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) ]; - environment.variables = { - # XDG_CONFIG_HOME = "/users/henri.vandersleyen"; # issue with nushell + environment = { + systemPackages = [ + pkgs.sops + ]; + variables = { + # XDG_CONFIG_HOME = "/Users/henri.vandersleyen"; # issue with nushell + SOPS_AGE_KEY_FILE = "/Users/${username}/.config/sops/age/keys.txt"; + }; }; + security.sudo.extraConfig = '' Defaults timestamp_timeout=3600 ''; diff --git a/nix-darwin/users/henri.vandersleyen/home.nix b/nix-darwin/users/henri.vandersleyen/home.nix index b32029d9..c6b6b054 100644 --- a/nix-darwin/users/henri.vandersleyen/home.nix +++ b/nix-darwin/users/henri.vandersleyen/home.nix @@ -64,28 +64,36 @@ keychain.enable = true; keychain.keys = "/home/henri/.ssh/knak"; - git.userEmail = "henri.vandersleyen@knak.com"; - git.userName = "vancycles-knak"; - git.signingKey = "~/.ssh/knak.pub"; + git = { + userEmail = "henri.vandersleyen@knak.com"; + userName = "vancycles-knak"; + signingKey = "~/.ssh/knak.pub"; + }; + + # git = { + # userEmail = config.sops.secrets."knak/email".path; + # userName = config.sops.secrets."knak/git/userName".path; + # signingKey = config.sops.secrets."knak/git/keyName".path; + # }; home = { - username = "henri.vandersleyen"; - homeDirectory = "/Users/henri.vandersleyen"; + username = username; + homeDirectory = "/Users/${username}"; stateVersion = "23.05"; # Please read the comment before changing. - }; - # Makes sense for user specific applications that shouldn't be available system-wide - home.packages = [ ]; + # Makes sense for user specific applications that shouldn't be available system-wide + packages = [ ]; - home.file = { }; + file = { }; - home.sessionVariables = { + sessionVariables = { }; + + sessionPath = [ + "/run/current-system/sw/bin" + "$HOME/.nix-profile/bin" + ]; }; - home.sessionPath = [ - "/run/current-system/sw/bin" - "$HOME/.nix-profile/bin" - ]; programs.home-manager.enable = true; # theme diff --git a/nix-darwin/users/henri.vandersleyen/secrets/secrets.yaml b/nix-darwin/users/henri.vandersleyen/secrets/secrets.yaml index 5aaaef4e..c71496fc 100644 --- a/nix-darwin/users/henri.vandersleyen/secrets/secrets.yaml +++ b/nix-darwin/users/henri.vandersleyen/secrets/secrets.yaml @@ -1,12 +1,8 @@ -hello: ENC[AES256_GCM,data:uXMTjhexxMSj1SF5FfV4p+WoOGy04xHmxhFBM8LwIWxFAwghDwCO+MyHTpwdPA==,iv:BKt3xz0YoSNjyEusXWGveIdWHHeuce9/a2MyHEST8S0=,tag:taD/85+9kCgFEoLzdmRzgg==,type:str] -example_key: ENC[AES256_GCM,data:jDPBfh1B6haUSmrWFg==,iv:btbp5PYOHB3P3JlIsD9OUq7mj5ZCjzgT2FHBTBqzpzQ=,tag:3ru8H51ZrsjCmzvrvQmS2w==,type:str] -example_array: - - ENC[AES256_GCM,data:WCc/N7Xj3UF7N9VZJVk=,iv:Y7OxOEPOKres0E+RQSYEMNMPGfLozKthSzhj5Wm3o6g=,tag:U+yrb57bx6yC+xTONCvehw==,type:str] - - ENC[AES256_GCM,data:vDOVZI0KsoHA3E2wsqw=,iv:jIBLKFaUcm9f7p08BuwZ9mu5YFTpCd5oD/oplIujCTM=,tag:IIESdjpHjsgxeRTWyk+n3g==,type:str] -example_number: ENC[AES256_GCM,data:9jSoMBnTN1Ijxw==,iv:8NlCtZLyQzh0hRCCxsKdFuaVA6OVlfdqZXVJr3Awxdo=,tag:3O9leYEMpRpvhIFlhOKPcA==,type:float] -example_booleans: - - ENC[AES256_GCM,data:ALU6SA==,iv:iq+T0SzvcdIz/TVU43Z8WuM4uqoYkGEMXWV79OpugKI=,tag:z7MG5XwqHh69qipwlaqVZw==,type:bool] - - ENC[AES256_GCM,data:cInUBOc=,iv:z8yIKupVM3Z0PHao1O9Jgeoh13pHksVfoc9zYdRR1JM=,tag:21an6BMu3MeQaJJnEL4amw==,type:bool] +knak: + email: ENC[AES256_GCM,data:DSz11pLyb4V3rZBKV/PTG02e7FZRVg6o2mMW,iv:gLZc96A2wwqJaAHVpgfEQpq/0nmFq4A+PihGHhcvHKE=,tag:LY2fmH0btJwydgo51WCwUQ==,type:str] + git: + userName: ENC[AES256_GCM,data:e3IOP07AkDNGbD7uXFE=,iv:0chdgiQB8EwE1gilbDuQ+2wBpIIKDwvPz7CwjbvsCcY=,tag:WoPv630zMydxNbyuZcztVQ==,type:str] + keyName: ENC[AES256_GCM,data:L7UKoDGQ5tWb01Fo8aZR,iv:Fmjs0Ke31I5ToRvnPNHkD+zNU3yaqFoRxQUHOZWFgrA=,tag:ITeE0an4oxmpqFKzpwMiSw==,type:str] sops: kms: [] gcp_kms: [] @@ -22,8 +18,8 @@ sops: YzAzN1FjT1RxVTZOaHJaVGtWb1p6czgK7iHvbrJ0lH3Sn4NV8iWR2RrrATHX8v1A tgjBjlMR10aTg3GXBv+ylmDi4YWh1K0g1QknrAmHfKS9FOapPxDceQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-07T20:32:48Z" - mac: ENC[AES256_GCM,data:KyAwQYDteDaTbv37E3Ah9k39leyfdqhAp77VuZb15bYQ3J0Qa+TJWiM69mM7C4Atq7RhklWF+EgpMGyZDimYQVw3t8PEqGSL6RtQke/+Df8WYEQKGE4dN/r9wz+7N7ZccB9mKhhQC06mlskcwizgh4FeETHIJts/lz8BvO6Yqnw=,iv:dALmdDJxLWRnw2R4SyBqu1MOPWqCpfcczLeOJyebCD8=,tag:voieV1Q6aNBflehdgkuYqg==,type:str] + lastmodified: "2025-01-10T18:18:16Z" + mac: ENC[AES256_GCM,data:Q6/R7Fz+XbLTEBkMNlPBJmUIYrQYV748swrrH/o5msz6Wvm4ms90fmr9VtQeLDxkZdjKBxFrxpYI8eoUpzCyl0QXUNeuQ1qtL+fiI7Ehp1znF3QwNTnzvvpwnKVtDQS1sG/3rHa18M3XKyECOZqB49+4xleR88BLg+TD9veOWOk=,iv:MDZkEkTCHqZoqJJxjtgKw0TvVT7mHLDLFtz1UsGPzsY=,tag:UaScfwQPZ8A7A43CWsKSEQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/nix-darwin/users/henri.vandersleyen/sops.nix b/nix-darwin/users/henri.vandersleyen/sops.nix index df2ff26c..e46cc50f 100644 --- a/nix-darwin/users/henri.vandersleyen/sops.nix +++ b/nix-darwin/users/henri.vandersleyen/sops.nix @@ -1,5 +1,4 @@ { - pkgs, inputs, username, config, @@ -7,23 +6,24 @@ }: { imports = [ - inputs.sops-nix.homeManagerModule.sops + inputs.sops-nix.homeManagerModules.sops ]; - environment.systemPackages = [ - pkgs.sops - ]; - sops.defaultSopsFile = ./secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/User/${username}/.config/sops/age/keys.txt"; + sops = { + defaultSopsFile = ./secrets/secrets.yaml; + defaultSopsFormat = "yaml"; - sops.secrets."knak/email" = { - owner = username; - }; - sops.secrets."knak/git/userName" = { - owner = username; - }; - sops.secrets."knak/git/keyName" = { - owner = username; + age.keyFile = "/Users/${username}/.config/sops/age/keys.txt"; + secrets = { + "knak/email" = { + # owner = username; + }; + "knak/git/userName" = { + # owner = username; + }; + "knak/git/keyName" = { + # owner = username; + }; + }; }; + } From dd3280875e39d1b5d2ef0c0b8b64829b0d079ed1 Mon Sep 17 00:00:00 2001 From: "/Users/henri.vandersleyen/.config/sops-nix/secrets/knak/git/userName" Date: Fri, 10 Jan 2025 18:44:31 -0800 Subject: [PATCH 3/5] test --- nix-darwin/nix-modules/services/yubico.nix | 1 - nix-darwin/users/henri.vandersleyen/home.nix | 18 +++++++++--------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/nix-darwin/nix-modules/services/yubico.nix b/nix-darwin/nix-modules/services/yubico.nix index 013eb80d..05264676 100644 --- a/nix-darwin/nix-modules/services/yubico.nix +++ b/nix-darwin/nix-modules/services/yubico.nix @@ -31,7 +31,6 @@ in enable = true; settings = { cue = true; # tell users to push button - # authFile = "${homeDirectory}/.config/Yubico/u2f_keys"; authFile = config.sops.secrets."yubico/u2f_keys".path; }; }; diff --git a/nix-darwin/users/henri.vandersleyen/home.nix b/nix-darwin/users/henri.vandersleyen/home.nix index c6b6b054..3583d38b 100644 --- a/nix-darwin/users/henri.vandersleyen/home.nix +++ b/nix-darwin/users/henri.vandersleyen/home.nix @@ -64,18 +64,18 @@ keychain.enable = true; keychain.keys = "/home/henri/.ssh/knak"; - git = { - userEmail = "henri.vandersleyen@knak.com"; - userName = "vancycles-knak"; - signingKey = "~/.ssh/knak.pub"; - }; - # git = { - # userEmail = config.sops.secrets."knak/email".path; - # userName = config.sops.secrets."knak/git/userName".path; - # signingKey = config.sops.secrets."knak/git/keyName".path; + # userEmail = "henri.vandersleyen@knak.com"; + # userName = "vancycles-knak"; + # signingKey = "~/.ssh/knak.pub"; # }; + git = { + userEmail = config.sops.secrets."knak/email".path; + userName = config.sops.secrets."knak/git/userName".path; + signingKey = config.sops.secrets."knak/git/keyName".path; + }; + home = { username = username; homeDirectory = "/Users/${username}"; From 8eb544e6a6ab0fa687d7cd49b94fd8cc6db2db52 Mon Sep 17 00:00:00 2001 From: "/Users/henri.vandersleyen/.config/sops-nix/secrets/knak/git/userName" Date: Fri, 10 Jan 2025 18:47:18 -0800 Subject: [PATCH 4/5] sops-nix working on darwin --- nix-darwin/users/henri.vandersleyen/home.nix | 6 --- nix-darwin/users/henri/sops.nix | 40 +++++++++++--------- 2 files changed, 22 insertions(+), 24 deletions(-) diff --git a/nix-darwin/users/henri.vandersleyen/home.nix b/nix-darwin/users/henri.vandersleyen/home.nix index 3583d38b..e5ce8e9b 100644 --- a/nix-darwin/users/henri.vandersleyen/home.nix +++ b/nix-darwin/users/henri.vandersleyen/home.nix @@ -64,12 +64,6 @@ keychain.enable = true; keychain.keys = "/home/henri/.ssh/knak"; - # git = { - # userEmail = "henri.vandersleyen@knak.com"; - # userName = "vancycles-knak"; - # signingKey = "~/.ssh/knak.pub"; - # }; - git = { userEmail = config.sops.secrets."knak/email".path; userName = config.sops.secrets."knak/git/userName".path; diff --git a/nix-darwin/users/henri/sops.nix b/nix-darwin/users/henri/sops.nix index 5d9d01f3..e3f769c5 100644 --- a/nix-darwin/users/henri/sops.nix +++ b/nix-darwin/users/henri/sops.nix @@ -16,14 +16,30 @@ in environment.systemPackages = [ pkgs.sops ]; - sops.defaultSopsFile = ./secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; + sops = { + defaultSopsFile = ./secrets/secrets.yaml; + defaultSopsFormat = "yaml"; - sops.age.keyFile = "/home/${username}/.config/sops/age/keys.txt"; + age.keyFile = "/home/${username}/.config/sops/age/keys.txt"; + secrets = { + # Maggit Forge + "emacs/forge/gh_api" = { + owner = "henri"; + }; - # Maggit Forge - sops.secrets."emacs/forge/gh_api" = { - owner = "henri"; + # INFO: for values to be available throughout the config your must declare them + "yubico/u2f_keys" = { + }; + + # TruNas SMB access + "home-server/rice/password" = { + owner = "root"; + }; + + "home-server/rice/user" = { + owner = "root"; + }; + }; }; systemd.services."authinfo" = { @@ -39,18 +55,6 @@ in wantedBy = [ "multi-user.target" ]; }; - # INFO: for values to be available throughout the config your must declare them - sops.secrets."yubico/u2f_keys" = { - }; - - # TruNas SMB access - sops.secrets."home-server/rice/password" = { - owner = "root"; - }; - - sops.secrets."home-server/rice/user" = { - owner = "root"; - }; systemd.services."smbcreds_fam" = { script = '' echo "user=$(cat ${config.sops.secrets."home-server/rice/user".path})" > /root/${trueNasFamilyUser} From c14eed31b34b101a7b353a0018c8e3499c7a3864 Mon Sep 17 00:00:00 2001 From: "/Users/henri.vandersleyen/.config/sops-nix/secrets/knak/git/userName" Date: Fri, 10 Jan 2025 18:51:00 -0800 Subject: [PATCH 5/5] kept my email --- nix-darwin/users/henri.vandersleyen/home.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nix-darwin/users/henri.vandersleyen/home.nix b/nix-darwin/users/henri.vandersleyen/home.nix index e5ce8e9b..c5f07e94 100644 --- a/nix-darwin/users/henri.vandersleyen/home.nix +++ b/nix-darwin/users/henri.vandersleyen/home.nix @@ -65,7 +65,8 @@ keychain.keys = "/home/henri/.ssh/knak"; git = { - userEmail = config.sops.secrets."knak/email".path; + # userEmail = config.sops.secrets."knak/email".path; + userEmail = "henri.vandersleyen@knak.com"; userName = config.sops.secrets."knak/git/userName".path; signingKey = config.sops.secrets."knak/git/keyName".path; };