SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 14:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:435a70a4e926cc646ff1095c967409c3eda125d2
Branches Tags
SebastianStork:main
SebastianStork:develop
...
compare: SebastianStork:c8db179bda254cb03b9c713e2bf4e690f3475051
Branches Tags
SebastianStork:main
SebastianStork:develop

2 commits
435a70a4e9 ... c8db179bda

Author SHA1 Message Date
SebastianStork
c8db179bda
nebula: Add laptop to network 2025-12-24 01:10:51 +01:00
SebastianStork
f845b093f1
sops: Streamline bitwarden integration 2025-12-24 01:03:15 +01:00
6 changed files with 24 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

6
flake-parts/install-anywhere.nix
View file

@ -8,9 +8,7 @@ _: {
runtimeInputs = [ runtimeInputs = [
pkgs.sops pkgs.sops
pkgs.ssh-to-age pkgs.ssh-to-age
pkgs.bitwarden-cli pkgs.bitwarden-cli
pkgs.jq
]; ];
text = '' text = ''
@ -40,10 +38,10 @@ _: {
sed -i -E "s|(agePublicKey\s*=\s*\")[^\"]*(\";)|\1$new_age_key\2|" "hosts/$host/default.nix" sed -i -E "s|(agePublicKey\s*=\s*\")[^\"]*(\";)|\1$new_age_key\2|" "hosts/$host/default.nix"
echo "==> Updating SOPS secrets..." echo "==> Updating SOPS secrets..."
if BW_SESSION="$(bw login --raw)"; then if BW_SESSION="$(bw unlock --raw || bw login --raw)"; then
export BW_SESSION export BW_SESSION
fi fi
SOPS_AGE_KEY="$(bw get item 'admin age-key' | jq -r '.notes')" SOPS_AGE_KEY="$(bw get notes 'admin age-key')"
export SOPS_AGE_KEY export SOPS_AGE_KEY
SOPS_CONFIG="$(nix build .#sops-config --print-out-paths)" SOPS_CONFIG="$(nix build .#sops-config --print-out-paths)"
export SOPS_CONFIG export SOPS_CONFIG

9
flake-parts/sops.nix
View file

@ -47,15 +47,12 @@
pkgs.ssh-to-age pkgs.ssh-to-age
]; ];
nativeBuildInputs = [ nativeBuildInputs = [ pkgs.bitwarden-cli ];
pkgs.bitwarden-cli
pkgs.jq
];
shellHook = '' shellHook = ''
if BW_SESSION="$(bw login --raw)"; then if BW_SESSION="$(bw unlock --raw || bw login --raw)"; then
export BW_SESSION export BW_SESSION
fi fi
SOPS_AGE_KEY="$(bw get item 'admin age-key' | jq -r '.notes')" SOPS_AGE_KEY="$(bw get notes 'admin age-key')"
export SOPS_AGE_KEY export SOPS_AGE_KEY
SOPS_CONFIG="${self'.packages.sops-config}" SOPS_CONFIG="${self'.packages.sops-config}"
export SOPS_CONFIG export SOPS_CONFIG

4
hosts/laptop/default.nix
View file

@ -36,6 +36,10 @@
enable = true; enable = true;
ssh.enable = true; ssh.enable = true;
}; };
nebula.node = {
enable = true;
address = "10.254.250.3";
};
syncthing = { syncthing = {
enable = true; enable = true;
deviceId = "Q4YPD3V-GXZPHSN-PT5X4PU-FBG4GX2-IASBX75-7NYMG75-4EJHBMZ-4WGDDAP"; deviceId = "Q4YPD3V-GXZPHSN-PT5X4PU-FBG4GX2-IASBX75-7NYMG75-4EJHBMZ-4WGDDAP";

6
hosts/laptop/keys/nebula.crt Normal file
View file

@ -0,0 +1,6 @@
-----BEGIN NEBULA CERTIFICATE V2-----
MIGloD+ABmxhcHRvcKEHBAUK/voDGIUEaUsu2oYEayh99IcgFUP+GVuq3tcsxWoM
TgOEhDMlEFpe1AjCbmBFMjtzRWiCIDQsjID+DOXgSXkAkkIySZqpe8qDwc/RSe9/
rUqoGr07g0DDH0+/63YpveHA2JKKvl8T5/1kPm2Tp4SKLLy6i5g01dw4QSwaRGlW
nrPxsi9gbci2Jdw2AiOZmshHA7tJOpoL
-----END NEBULA CERTIFICATE V2-----

3
hosts/laptop/keys/nebula.pub Normal file
View file

@ -0,0 +1,3 @@
-----BEGIN NEBULA X25519 PUBLIC KEY-----
NCyMgP4M5eBJeQCSQjJJmql7yoPBz9FJ73+tSqgavTs=
-----END NEBULA X25519 PUBLIC KEY-----

9
hosts/laptop/secrets.json
View file

@ -14,6 +14,9 @@
"cert": "ENC[AES256_GCM,data:laxunEiRygs7Bq2TYCQSakI2piTb2Qwat+ltKT6bjd3RdZ7/HGJOkP+ogubH07VEzebL3KMUFzTL+q3Nuo39wzprktAtgX1bF46p2HEf5eIHwYwzPMOS7pKilCLX1zNpwS9jEcjrIzI1pv2Qc7XhE7N2nzEEu8lJt+n3xKzSuQZo9hhHcQI/WjuI+8dSDkLGi3QgyVj8XB0eAixprjNU5G3aEG79v+qamTDMJz91joH1yhyU71cxsZNRDSElIRnZnGUD04VrHBqkaU5JEv5LTOnvrId8V3KoIEAZiWTkWq/NQIKkjo7BPzTb3P6yAAvCisIwnpuPT6tILCCVycvJ7q0wAJAgJqf8jJhyuLXf+6vhT6e7XvuItJratMoDO1ncMJ4u44i9713XBl5bUM9QJ4PirtbRxrJ9HqaujOiBLiPc5oFYxvOr/e6K59aBsnDS/KsO3rNbe5SBttbP5LLvq6/ZhlvUls6SifLp9isr1hbEAKk9C43LNzjxv7DxpaPsauagUX3yBkT9qftgzMBO6yF0t0K1N2y5Zj0vDGK2wPz9sJWL0FAVLG7eiknEhdAEVDWNCySqy6en7vYTLGZbstTNmHUvTzAGe7ckw+0VsFMgpRYyFHWKJ9v8CUGomcgIr7uix4rJPgVRGq5qthWjPLmVNXwgz5D6Y+I5vS/UGaLs1LFKR3lzuHWUo3d3wO5TQXfEr1Gfu/ZnZlGPNhtBEeV616oa0/5WYG3yND77Ipvt77ZY5TNNhWJtqyUlu6xiRS3QpmpPl8MiCHnTJSf9WzkOQAVzjJkaVRODSp12NP8IAmXCc/6vGosLDuJkH9JWj1gxkrN00nryPCHYcDgGGeLl/gHVCovHPAzAvW3s32JNHAMZvOS0T6n/8LmuiigV4cAtTxgb4dYphGVT9M/IBUjVwADdSR5GsSjcng6BVwNMlhcirArdgpmqzwzpHbchrQ7waBWPwBWhxjMqsSu9IjEg6hakMg+A1nyH+7kB2YR6ewkXYP2lcO6RUzg45R1T+ri/HApeT+6eucPhnm/VXqBkQahQjrf1Rrg=,iv:W82k3U5tBcGfuSsrY/4RpQmpbw2jYn8NuXKRluB3fyg=,tag:iM+WSkSE/LjEA+rlp1GGkQ==,type:str]", "cert": "ENC[AES256_GCM,data:laxunEiRygs7Bq2TYCQSakI2piTb2Qwat+ltKT6bjd3RdZ7/HGJOkP+ogubH07VEzebL3KMUFzTL+q3Nuo39wzprktAtgX1bF46p2HEf5eIHwYwzPMOS7pKilCLX1zNpwS9jEcjrIzI1pv2Qc7XhE7N2nzEEu8lJt+n3xKzSuQZo9hhHcQI/WjuI+8dSDkLGi3QgyVj8XB0eAixprjNU5G3aEG79v+qamTDMJz91joH1yhyU71cxsZNRDSElIRnZnGUD04VrHBqkaU5JEv5LTOnvrId8V3KoIEAZiWTkWq/NQIKkjo7BPzTb3P6yAAvCisIwnpuPT6tILCCVycvJ7q0wAJAgJqf8jJhyuLXf+6vhT6e7XvuItJratMoDO1ncMJ4u44i9713XBl5bUM9QJ4PirtbRxrJ9HqaujOiBLiPc5oFYxvOr/e6K59aBsnDS/KsO3rNbe5SBttbP5LLvq6/ZhlvUls6SifLp9isr1hbEAKk9C43LNzjxv7DxpaPsauagUX3yBkT9qftgzMBO6yF0t0K1N2y5Zj0vDGK2wPz9sJWL0FAVLG7eiknEhdAEVDWNCySqy6en7vYTLGZbstTNmHUvTzAGe7ckw+0VsFMgpRYyFHWKJ9v8CUGomcgIr7uix4rJPgVRGq5qthWjPLmVNXwgz5D6Y+I5vS/UGaLs1LFKR3lzuHWUo3d3wO5TQXfEr1Gfu/ZnZlGPNhtBEeV616oa0/5WYG3yND77Ipvt77ZY5TNNhWJtqyUlu6xiRS3QpmpPl8MiCHnTJSf9WzkOQAVzjJkaVRODSp12NP8IAmXCc/6vGosLDuJkH9JWj1gxkrN00nryPCHYcDgGGeLl/gHVCovHPAzAvW3s32JNHAMZvOS0T6n/8LmuiigV4cAtTxgb4dYphGVT9M/IBUjVwADdSR5GsSjcng6BVwNMlhcirArdgpmqzwzpHbchrQ7waBWPwBWhxjMqsSu9IjEg6hakMg+A1nyH+7kB2YR6ewkXYP2lcO6RUzg45R1T+ri/HApeT+6eucPhnm/VXqBkQahQjrf1Rrg=,iv:W82k3U5tBcGfuSsrY/4RpQmpbw2jYn8NuXKRluB3fyg=,tag:iM+WSkSE/LjEA+rlp1GGkQ==,type:str]",
"key": "ENC[AES256_GCM,data:C7IWbdaPNYa/TmqOK0BbU5xTk+0EbF3CrWHXYLFW4XdbvAzprITW/xD0jJhCBd/jTnWdmoEdbwdLF4BnYYXhBZcyMZALtfT5sKMk82vAoasTvZLDqBxm0CIA5npXjw+OhpI5a031BNXHaFBoN7cmfwZWmzEN9BwgHwlpExKGDXY/NWThTYp6b2HhWujCA5dTMTrrFOzxu/Wmh3Zv7GhYnnRhtCNONWzKMlSehlSC4R6ERrBG2khxXoPbyerwhhmPSpKbsnknPYcc4hkU4MuSF5zbgD/1m0PMVmSDBY3z1N7WwKO8dqcKETzyaqQ8fjiLuChT85q+mzz/btyXqOJi6pmV6vAcsNIogEMZ4E9va1TbD7vkESruIPrhf5XB1HVx,iv:4GFnhwE+Bp6JmqV6w3s7kd9usNh5eFAKqGR6vk5SSVA=,tag:lrvxVWVG2WBLVrLehao8ng==,type:str]" "key": "ENC[AES256_GCM,data:C7IWbdaPNYa/TmqOK0BbU5xTk+0EbF3CrWHXYLFW4XdbvAzprITW/xD0jJhCBd/jTnWdmoEdbwdLF4BnYYXhBZcyMZALtfT5sKMk82vAoasTvZLDqBxm0CIA5npXjw+OhpI5a031BNXHaFBoN7cmfwZWmzEN9BwgHwlpExKGDXY/NWThTYp6b2HhWujCA5dTMTrrFOzxu/Wmh3Zv7GhYnnRhtCNONWzKMlSehlSC4R6ERrBG2khxXoPbyerwhhmPSpKbsnknPYcc4hkU4MuSF5zbgD/1m0PMVmSDBY3z1N7WwKO8dqcKETzyaqQ8fjiLuChT85q+mzz/btyXqOJi6pmV6vAcsNIogEMZ4E9va1TbD7vkESruIPrhf5XB1HVx,iv:4GFnhwE+Bp6JmqV6w3s7kd9usNh5eFAKqGR6vk5SSVA=,tag:lrvxVWVG2WBLVrLehao8ng==,type:str]"
}, },
"nebula": {
"host-key": "ENC[AES256_GCM,data:bj+rc2zDOWvQODR7fggh9IfVbqhKx0ejTT519ZRrrwJuQWCqno4g2LC9CvD1fStktl3jqtKtvP5XM4PkNRCtzTVmyQaQ7XJDQpUHd4O6o6mLOJFa4Hr72PGSTU/5cyALe/28sLIDLR183U1se3tPbSykZWt8OJA/eA2LXNuumw==,iv:jpMP9Asa0xaTvm+kaMim9CuGkje4gdTn5es6l/52Y1A=,tag:NsRz9Svswa2soH7YINPQ6w==,type:str]"
},
"sops": { "sops": {
"age": [ "age": [
{ {
@ -25,9 +28,9 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPM1k5U2pCM0JkKytwSE16\nek1zdVVuQjdKS1MyZ29xSUZkK1FId2JVZ0dFCng5bjV3SGlGRHdvaHkvWnNQcWpk\ndGlMbWl6STdERmtHeXVMYTJ6NjQzSU0KLS0tIFBza3d4eVlsVHB3YS9ySUNFMjUx\neUkwQlExdGNwWU1hbHlzS0RkS3NLbFkKLiP/N/5jOnsQhRCOkZ/BieX3OLJOq82e\ngp57skqFeG0k22sPpbgOS0Uz7jckv7/C3kFpuwXQGpEHdzp3QZ+Owg==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPM1k5U2pCM0JkKytwSE16\nek1zdVVuQjdKS1MyZ29xSUZkK1FId2JVZ0dFCng5bjV3SGlGRHdvaHkvWnNQcWpk\ndGlMbWl6STdERmtHeXVMYTJ6NjQzSU0KLS0tIFBza3d4eVlsVHB3YS9ySUNFMjUx\neUkwQlExdGNwWU1hbHlzS0RkS3NLbFkKLiP/N/5jOnsQhRCOkZ/BieX3OLJOq82e\ngp57skqFeG0k22sPpbgOS0Uz7jckv7/C3kFpuwXQGpEHdzp3QZ+Owg==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2025-10-11T15:48:45Z", "lastmodified": "2025-12-23T23:35:27Z",
"mac": "ENC[AES256_GCM,data:vhDLrAXe7RuLiHREyjV2LVkPzRqOpQ1LCOKW1Rd0UWVRxo0NY2UeZ5gSEFRDLAeJ/mQZcJkXS89GFnLlIoniN44xAesEq/G0KC58oTioQ25GGbmWMkjsGihJ3L0ydwmckURFSBQloP7Oa1DcSllUljZ67e5kDBXnoTtfyWy2rWg=,iv:8GXxKP6YR0wH3/5AN5VUPRCxdv5pzqgxdYOkYU1ICe0=,tag:mGc45QcR0ljkI/ifR5u4sg==,type:str]", "mac": "ENC[AES256_GCM,data:+4U7yeb/0mDHuVz/DcGzg3whECVm3HJChE/T1NNJKCkbc1lkdIfLvI7p68IBe5QtkTsGtm2pGqJn8ztbOCAJJ1feoZyHMdcDqGbJG+IpDSrPRdmwqvey5CGtrGgIdgW0vZUMCCywmbASzEmsVoFvOzBp5GAxeJsJZRuPU8ditRc=,iv:dkqg3210wXfVAjXPmXYkerLJX14muxeKPMKU65PrKMc=,tag:TPbzWHamgoVBbAyshiRahg==,type:str]",
"unencrypted_suffix": "_unencrypted", "unencrypted_suffix": "_unencrypted",
"version": "3.10.2" "version": "3.11.0"
} }
} }