From d39fcd50ab1da79dcf5bbd584c2d504e72675187 Mon Sep 17 00:00:00 2001 From: Nikolaos Karaolidis Date: Thu, 27 Mar 2025 08:44:53 +0000 Subject: [PATCH] Add registry secrets Signed-off-by: Nikolaos Karaolidis --- .../nick/configs/console/podman/default.nix | 32 +++++++++++++++++++ hosts/eirene/users/nick/default.nix | 1 + .../nikara/configs/console/podman/default.nix | 25 +++++++++++++-- 3 files changed, 56 insertions(+), 2 deletions(-) create mode 100644 hosts/eirene/users/nick/configs/console/podman/default.nix diff --git a/hosts/eirene/users/nick/configs/console/podman/default.nix b/hosts/eirene/users/nick/configs/console/podman/default.nix new file mode 100644 index 0000000..099957b --- /dev/null +++ b/hosts/eirene/users/nick/configs/console/podman/default.nix @@ -0,0 +1,32 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ config, pkgs, ... }: +let + hmConfig = config.home-manager.users.${user}; +in +{ + home-manager.users.${user}.sops = { + secrets = { + "registry/docker.io".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + "registry/registry.karaolidis.com".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + }; + + templates."containers-auth.json" = { + content = builtins.readFile ( + (pkgs.formats.json { }).generate "auth.json" { + auths = { + "docker.io" = { + auth = hmConfig.sops.placeholder."registry/docker.io"; + }; + "registry.karaolidis.com" = { + auth = hmConfig.sops.placeholder."registry/registry.karaolidis.com"; + }; + }; + } + ); + path = "${home}/.config/containers/auth.json"; + }; + }; +} diff --git a/hosts/eirene/users/nick/default.nix b/hosts/eirene/users/nick/default.nix index 194f784..74f9d25 100644 --- a/hosts/eirene/users/nick/default.nix +++ b/hosts/eirene/users/nick/default.nix @@ -82,6 +82,7 @@ in (import ./configs/console/git { inherit user home; }) (import ./configs/console/gpg { inherit user home; }) + (import ./configs/console/podman { inherit user home; }) (import ./configs/console/ssh { inherit user home; }) (import ./configs/console/syncthing { inherit user home; }) diff --git a/hosts/elara/users/nikara/configs/console/podman/default.nix b/hosts/elara/users/nikara/configs/console/podman/default.nix index 957ef14..087ec0f 100644 --- a/hosts/elara/users/nikara/configs/console/podman/default.nix +++ b/hosts/elara/users/nikara/configs/console/podman/default.nix @@ -13,14 +13,35 @@ let in { home-manager.users.${user}.sops = { - secrets."registry/cr.sas.com".sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + secrets = { + "registry/personal/docker.io" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + key = "registry/docker.io"; + }; + + "registry/personal/registry.karaolidis.com" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + key = "registry/registry.karaolidis.com"; + }; + + "registry/sas/cr.sas.com" = { + sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + key = "registry/cr.sas.com"; + }; + }; templates."containers-auth.json" = { content = builtins.readFile ( (pkgs.formats.json { }).generate "auth.json" { auths = { + "docker.io" = { + auth = hmConfig.sops.placeholder."registry/personal/docker.io"; + }; + "registry.karaolidis.com" = { + auth = hmConfig.sops.placeholder."registry/personal/registry.karaolidis.com"; + }; "cr.sas.com" = { - auth = hmConfig.sops.placeholder."registry/cr.sas.com"; + auth = hmConfig.sops.placeholder."registry/sas/cr.sas.com"; }; }; }