commit cdca60489c7acb332635cc2e55f286ed384e1b1e
parent 38f4ac0fcab84c025b9a40b8a296978b8e881ee3
Author: Vincent Demeester <vincent@sbr.pm>
Date: Mon, 13 Sep 2021 11:41:41 +0200
nix: add sops/sops-nix to prepare…
… managing secrets better.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
3 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/.envrc b/.envrc
@@ -1,5 +1,7 @@
use_nix shell.nix
-# use_flake
+
+watch_file ./shell.nix
+watch_file ./nix/sources.json
test -f .secrets && source .secrets || echo "no secrets"
export QEMU_OPTS="-m 8096 -cpu host"
diff --git a/nix/sources.json b/nix/sources.json
@@ -118,5 +118,17 @@
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/08ef0f28e3a41424b92ba1d203de64257a9fca6a.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+ },
+ "sops-nix": {
+ "branch": "master",
+ "description": "Atomic secret provisioning for NixOS based on sops",
+ "homepage": "",
+ "owner": "Mic92",
+ "repo": "sops-nix",
+ "rev": "3e4ebc851c91d1ce5c65da23436726c555a0d7e8",
+ "sha256": "0mpzkjvw2vyd6mf5hx6naic3sbhiwj1n6v5j94bm31marm8d2adq",
+ "type": "tarball",
+ "url": "https://github.com/Mic92/sops-nix/archive/3e4ebc851c91d1ce5c65da23436726c555a0d7e8.tar.gz",
+ "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}
}
diff --git a/shell.nix b/shell.nix
@@ -13,6 +13,7 @@ pkgs.mkShell
niv
nixos-generators
nixpkgs-fmt
+ sops
];
shellHook = ''
export NIX_PATH="nixpkgs=${pkgs.path}:nixos=${nixos.path}:nixos-unstable=${nixos-unstable.path}"