genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-05-30 23:35:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move sensitive git config to private-flake, setup authorized signers

Browse source 
Co-authored-by: Claude <claude@anthropic.com>
This commit is contained in:
Gene Liverman 2026-04-09 23:49:39 -04:00
parent 59e36c1d3e
commit cf6d362d6c
Signed by: genebean
SSH key fingerprint: SHA256:ZjLMZwtU49BWDoI2hgsA0/Q6XT4+S0kcKFWW1EJBicI
20 changed files with 18 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/hosts/darwin/AirPuppet/home-gene.nix
View file

@ -5,7 +5,6 @@
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config.path = "/Users/${username}/.gitconfig-local";
local_private_env.path = "/Users/${username}/.private-env";
};
};

1
modules/hosts/darwin/Blue-Rock/home-gene.liverman.nix
View file

@ -13,7 +13,6 @@
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config.path = "/Users/${username}/.gitconfig-local";
local_private_env.path = "/Users/${username}/.private-env";
};
};

2
modules/hosts/darwin/mightymac/default.nix
View file

@ -36,7 +36,7 @@
"terraform-docs"
];
casks = [
"alacritty"
"antigravity"
"boinc"
"discord"
"elgato-stream-deck"

1
modules/hosts/darwin/mightymac/home-gene.liverman.nix
View file

@ -14,7 +14,6 @@
defaultSopsFile = ./secrets.yaml;
secrets = {
i2cssh_config.path = "${config.home.homeDirectory}/.i2csshrc";
local_git_config.path = "${config.home.homeDirectory}/.gitconfig-local";
local_private_env.path = "${config.home.homeDirectory}/.private-env";
user_nix_conf.path = "${config.home.homeDirectory}/.config/nix/nix.conf";
};

6
modules/hosts/darwin/mightymac/secrets.yaml
View file

@ -1,7 +1,7 @@
tailscale_key: ENC[AES256_GCM,data:rWN6mW6LC/EjMTbMjXkCmMQYEehEbViScKeaLEOpR6VSZJFD0aZI9wh5yKcQeaUT0BiJIzITsUxj,iv:aCqdsW7JPq6Q2kFl6ZciwIQfzAbs9LvhWilbEI8okAc=,tag:U0p4UND/n26ZF17keSL0DA==,type:str]
user_nix_conf: ENC[AES256_GCM,data:1PCMb2Xyq7G/ROrk39UcfC9Ktj+fhh5j2/EAi4ganLIyk3chzifk265XLxK5eFIVjys9mdGikaepcJky3cgnKl8HOX8=,iv:7/cxkyl3QgwzkT8Fi3/+CqRZu91l287TxeVYQcH0P5I=,tag:bMo3RJchirQSJTjXPds8Ag==,type:str]
i2cssh_config: ENC[AES256_GCM,data:MwYLGFribitABOcQJFsEgd3vD4qsEdz0grg2ISE0LB3IT2usVRgUfnI/5g7pK4ON/bxz+mpkncDCZep8wBrd4+c316320u/HkxTEQYFU+zXGuFnkF380fx8klQdBel7JsJJKwa5b1M20Sqj9QYNXtwEw8zs+vG/VGdzWLKHlQosvUrdhT0LGntu+/RIgVhC3B6aEp79mbz8xOh8BrCpi4hVPFm8x5sUC++wR+aBvIg+bsOOU8T9OoW3bnEs8ucnvni9RYN7r5YCOllyhaFekNp6KiFBLd4h3A2r2UWBnRjlg5LKJc5aG6Z6XMHaz6NaGpZUw+fMHVZx7t7QL7IwvNpFp/+8oeWzBz/qecfxzVkGvBYqtPPsnv9mNUYZux6Fd0FETMbPI7dmUQrmUK2Y+L8Qw55cpL+BVJkV693DaKIJwQL3VIC6Z/NKqTXPdBBS9hWHjYWfGBmbiAiaU5X2Z3cz8YaEsCnC4OMqqlALLmzZ0crD/HXc6756U/i63GVsx4GiBTfs8Rvy+7GZOyjBhgvHZK6g4ShVZHDtNMInHlfyFzOGC03smZhgseF9ivVVXAMa6AI8OHU5678Fkb6/lD4e0Vqk77Icaj+Yte6EKmHK3Pq9ctYyJLNBFlFCreBWTcxrV+a6WLxh6QkcHmUYLfHKp/cG3nypPKRIaBkvbYOUYLuPI1IRrzdndALv5uRBhxKJEL+ukBv0EVm9y9sR1uimTQYB9tCRE7+2JfgBhcQwbUbIlW4NmZeOx9/9jAoqlID0PTS/2QsnbYI00X7c3GibGpLVVY86X6S4hW/HaHEq8jB5JiFDlQRGDLy/YV8MM1USsqZpjJHlZy8AWQRH3Ta47cXYfwCOD2eTC2pouS938qAaq48m3mPMuzCWlbiExXRrdE2Noek49/pfwCduplEebxb3FLr16lRHdcI+M8Hb9W5iXAJFYBx9FzFkIewDKz4UxL+MKX88K4t5l5ZTG6IT0OqCekZ3M/9scYbhrpgU2sWp3ADgmLRwL8iMxgwFygl1ZxdQ9C0IS8LwgLCfAn3wVKZlUogRdBkV52iHbkUVG4tEqUZxhJUALFW3P1A==,iv:udLgI4t3M3KDNfcA+WkUFLAe523/+O9tE/LGol1UBQA=,tag:6v1XUPTpgcjfmcgak9YKAQ==,type:str]
local_git_config: ENC[AES256_GCM,data:DjLFwnglZuH2Piami9gHUd5fmlW3luXDCxx7cEuTPRPM4Y4fr2PmXXWSIvZEo6FuVC8tAMr4Z9wbgWQumB4Ul4lIHpwHrbvS2ccOI/ye4Q9OQ/Ki9OEbVFg8nBHsz57RnD0uh3Fk+9gV0yoTmjxP2A==,iv:7Z2d/pgc4uarGe0/BAcIFGLMdBdNwhxr6wGOaZvUqxw=,tag:HgOW/RF9/QEfm+xkEV75+Q==,type:str]
local_git_config: ENC[AES256_GCM,data:QyGLazd0dcO3ywpd0DiQOaQ+/t8+2dJbvnUQykzE/2g+y08idWZyQ+DLsfDJ,iv:fi772uq3L1mKTMfH1ulxiMCnU6p6S1v6DSHLpypoajY=,tag:y/e4E8YgZRie3GVC7XBlfw==,type:str]
local_private_env: ENC[AES256_GCM,data:vaa2MKSzCs2s2mzRkFSkz2CT2hCRfad+mqkLW/PCulcw8x6TYRWWjfYicqdCh+lmeMlRgoukH45qTq2YaKo8lvm0jOPnk1Z6ZOYCafm6JX8Cn+hpxRq/nw0OjtytLrVIh6CCqe8IJM5nK6EC5dXJDO/08AaiRdlYqRG7HhKFSa0nODlQpWGXiwYz3ajkCmlgl3qR+6HpZxjMKAGAyLZr9g5n8rNHN7oXe0Kf06wmoMnFNKvuZ9kliJe5x3gUbiDN85UNXNKnMs6SFk7Hr+jE3RIGUjYL6XCUgWgvt9gL0VDWjt3KfJbASJMBwBU9B4Jj02pxyHeQovyK2CjAm7Qm2s40JYsdsbfV4QaTBRCT5DdIQiB3FI/ELuwKdEo8MlpSvk5DqyxipAvicOa216x4N+FG/N311vExq4gNIjO+6w191ymRk4YCxWjUIk7GwiftsVBp+Jo6M27Xe7k7yYCBblEyAtq7NDbcxrh9YoXs+K409wBE6U81bJbMWwRzwG7Sfhrzx1X+C1SGe+VYSmh1EqHEbJbkHXxEF35vfNGwQoIAVOQ+ePlYyGhvNkbLTxxf2Ni6orl/tKnLejmMSwhUrv5R1RgQqxyiK7aSl0bf89+hxb2WWdGpmFEMUCns4hoFzN+ob1h7oH3aD33CMKuoOFAhsDkELS08Bvx2RMyKEv7ktU6KmaOEvO99soRQAMZvznM0/8H6v11ua1sAvzN5of+9bdA31Yt2fj1lMpAxuc/jc/fjlSpdr+TkEIoAP1R/z4xhlR4QoxlnBkLJU2y699dPBChl52k8S5W53/XW0NoXptpf8+BKgnQCjXRASHBxN2ChjjpUFLyKV/0x8lbrs+NbNb4wJP4HK1625R9278hcD02KcfzofPtr/sglSGEWOla7vsNlyQiwRp0ZfbGrrfvQ3QhKVx/shPL7BkmGGDapkiT0YqWIWo/gOtRnDGIcsjER5DMZQwez27eqaZq7jwQv4He1Tj/UelR1eOurlPE7NKIDXXCR14vfsVCX/5mNPuNDZ+hhEpp8xAqAsnv6TCHHZ7q1ngrIe/uxJZLGE3oWxmjxn1FGP3m42IT59RMXHNmzZwPYmPZK8cjSNqViP2Krsvca0p+Jf7+1hP17UwLFneo6bf3um891sF0X40R9uNA+7fuP4rbBwrJZaNwSojxXyk9kVpXATwk9JMaXijU78KZ+59ucl5lVsu1OQTYtcZxSecGr21ATSi2EydhaHNM/hsamAeyy3EbiVfDD6Bv9V2uwoEWRIApnCoKN9zcpdjMuVIZUKywuAyEzCaaOuDfrFLsgR051ijqkOQnmuZNJ+DRmdC1siUPqNQawRqvewKN5FbHJFuI7X6Zxfa3OxZFqnsWdipuL/+3sy8hGjaH5y1RIHeJzL/ZnQNoEkBMep6zeLmQHoGV3iXjmbobUpJMpHKG3yt92zw8hyckPO+tEvOjYW2RR+6NfbArWTqaW7e4FHYpDtX3Oh3a1SzX+fK5lEUglN3+wx6uDDXczG7IZwQDQc9kfL2rt45s8uHw9MZL/kH8Ssdhk4Ha2JIXXyyoxyFHH5OaZCaQFveVjvo70E394AU5oJ5YmvlKIMZEJxnL9TdtshTPVvKeL3DBjEzIocv9/MWQJLfltnaU2ieIQFsvG8ma7za8YOvFVgr1Z3DfRsusQOmnJB3Umm18YfST0U1u1DpiCsvdGoRuySqAjp4OdmxTvKLRHKkNzRzmS8NnewFjUitJy1WjXmcoVRc8+hm2IJxQl3iGm1In2zuGtyklbban7+84ygV2XvhGpv5MLE0ooKHTXLU7da9jUgvRgCQ9EZWGh/Xqg/OA7mK3C9ojeuJKCgtKwDm2QeHKswRzgUpSTtYlgS3TmTQOdgMo7N7w9uWTTjU9ozXnJHZlKF7264XaIOmLZGwcIPwjQb6+onv0xvDDgKaDU2QpHA1MMXrJAPnyAP3xjpttEggHcY9i+t0ZlvrzS1Ux7Tv2qKnabJEuzw5mX7RyjmUOp89mXK/Ot/hTwMKf2Rm7QsoSMl3NqTFHUMYnxzN8TyVAWvcXh1iS24ryvgMqE+Et2EFW2+lz3XffS+hKJ49osu3ZX53QDLCXhWRK7xnCj3JGNVtnyMkRH7eRVpQwbxl7DuYSx8xrzDyLItOOVyUeif+XiIzsjDWfitTV0+SDhsuJpvCm3hh1+SDUwL9abgOJ0Hv0Y8EtvkoAUlkC5O3+qVFVQ2gmdTWvZ5eIci4wKvv4jXyljW7uDGCjqoGL3yi9JUGWhJGVe0gFvUyP/k6ThxjbrpERVOCpiPZDfwU31ACVVEagwdLjs2vJB1oRs2dJWwwXMPR4lbslgDUXkD4j0hodOvbrqa9teBB1Q48mAZ/CqhOgwFjEymLmXUEcauBHSuLywQkff7TYVmyWzGZAH0gZB7aVuwZ1ZRj59PuFdMKcRoqNC8/yb4Nj9HDprE8l7gS5jaELkm6G/lo7jbei7CLdYB5zNW9qSypKv6QvqYbxhpCazsPAvjIXj0O3k24Q8U6CROuxWwNe7hCPaYaC1wI/lr+QEoG//3sRMRMBYJ5M2deFSXhKFstcoOAinkESMgwLc2eeTmqYS14e4qtCIMzAy9YOt0SaKUVjnCgj9vkoJNPgqdVEnszDThBS2Rhe3f/CrfFdoWf/nWisy3NwCWcdj8cjR2sAGcu8ImxRciXYuUS9XAdGiUUVv9+BF1wf2VCWVJQ895WQ7dxBtHZdrh7SRtlR0qKTQuSPzEzSYwve0Xm1Kw6VbgrcQnpvafS2unS+3VlGH+gjv3swHWaiot0IbvoG7K4guVfUFORTlsqlktg2UdfskhVpXliJub1B91q6Ocuponi6NI0ytmNGgNKoxNU8Bfi8zruCak2lwKK1lwqR9Q2Xhg0xHW/bjsX37HHC6hS5WoB3KpwouwSdY7bbZttyq3EdODHz4P7FdsrirSgt9U/1ue9shbDQmBwImPAr7KttRMZUcuCWYoxSzZbqz5OdIinVgonOkqPWvsxSb1+PjpWFkYwMzeOlcYRGylD8VZ5TMn/p0DVpzWK4zTbmY1s6nvu+gPPgLWBM0soj33UY7vSlJMgzOXEc4dFGspfVbkbjBx/qbtN3wS7WnI1RP0oTszSacVkuJvsDZURecNUIyNxaKTYOIOrxErTBJwZ1mYUDh0KWprAirzTD1p+4soiGiMwYQdKZd6MwgD0HmjzPwi+DpoBfo1Y7R6BeefFvSLT2dZhilwlh496FQX/DNOqPd/5ZiMOGC8JvG6pBred5r2QFCFgN7F9BIFoLHpF8DjRkvcQC4bf/IQrQBGJGMk2o3fG+cjPxB5c7Ce9BzCUY5+AAcm7/u2oMZvCiUc91OKV/l3S5J+ZmUutXIrFvJIlE4FUJi6QFtDI4fygzxI84wbTtnrQzYWOvWZlKEmXDQyn6iRxqu1pcJq38cX3UpouMXlbqA+pGsc1xAkt7a295qYBcVrm1RjQWwVW1okNF9bgswF3X8HCEx8tCFsZdM+lHE4/+ytqTOMvPrgodbUeCBORwpsKN4TzBCGzQI/1Fs++ucL6EwwgN95goW4gvqgk2sEdSGqO7fk4pwzfHNLdoZmosblsHFTmCefHURmeM+rakbZLIyERBSEWzW8uSMFqdqQtFjx2cMEcavSj3xO69p6YuK4baRVV1ATLeYfpMnSkt6wM5TCowXBiA67TQUzEl0+rTG4kPc2PYLFCkKzjxM2ngA+P2gyx5jRPtztLLDe669sUecsNCDfs1h8nLDJyL9zDF/K3Iw8AlsMgqYDhDcFVW9sZ+to7UGL0VToRMFKrP+zW3MSSC9sXQIX+aZeI0yjgxYU4zH4MB4JlP/dgPvqBKkAU+lCD0EesdXaL3hUQQ6+8BY2wsO3ws77rFYDWCq0lzjXHH+BtyihWF194ZEXxNzkq3mH5uBHqipWZ4EMnoHbzfq4CI11VK0Kgu6atw0xDCApA+0auom7jayFvL6HvhSW+lWhOTSlOktXzFula1iNKqJI1y6bLig94HEJ13z+3HSKsyA,iv:c81f5M5cmElhm6Yb/p7JkX0mJacbatqm3qmIba/LMcs=,tag:V2FVsGqf9G18VimH2rsSRg==,type:str]
sops:
age:
@ -14,7 +14,7 @@ sops:
YndNc25Xemxrd2VXSStlbTJjZFBOR0UKe6wxJBlS7YZJXW3f/rlmKanqu9SeYXYB
qxEU+fMDfQ/R+jRo6fGRtNnnY3nowZP+hSYYuGT9SRFwqYR1M3xeqw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-19T15:01:09Z"
mac: ENC[AES256_GCM,data:FKz9GZZfLnBFiVuyn3xmhR0p6NpPxlJBZlGL6PrqsiJWmIrzZBq6x5fj9fWprYuzeAJYRrwSX8X5fYKdatrW2aLIYrXclZl1yw3afnP65lJZvJxlhD9gD3gPZ9eMbmRUOqrhLn8OeQ+mY4WBXg0G6WNOxsp/bAQf7Xjkj1eItBI=,iv:duqy8YcrhfPmiTHJBYnFbMyv1jCxLPtU1Gbo1F/YkHs=,tag:3TNSf3BLu6Wm38RmReihwg==,type:str]
lastmodified: "2026-04-10T01:57:32Z"
mac: ENC[AES256_GCM,data:+lw8USB9aUYBWyvK9B1UM/5FiwM7N8wdblLDDBW2rX5qHmnDuKDqoQTaH/ncWdxTo/LkDrQ4HExC5wFNb9V1o6naKAqTmI1gDgxwMIips9Ul+jk8KltWObu3HAUqLBpdkaCe61Hb5/EOVzfcs8lCX0d/C3X2ltg1lqQhOUoYZZ8=,iv:1gw1hJf5mYSch03FZGmaewAD8oxXb1/kXmqBfvm97Ho=,tag:mn7ePcem63bfI3JLcvXTOQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.1

1
modules/hosts/home-manager-only/default.nix
View file

@ -34,7 +34,6 @@
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config.path = "${config.home.homeDirectory}/.gitconfig-local";
local_private_env.path = "${config.home.homeDirectory}/.private-env";
};
};

4
modules/hosts/nixos/bigboy/default.nix
View file

@ -110,10 +110,6 @@ in
age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.private-env";

4
modules/hosts/nixos/hetznix01/post-install/default.nix
View file

@ -156,10 +156,6 @@ in
age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ../secrets.yaml;
secrets = {
local_git_config = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.private-env";

4
modules/hosts/nixos/hetznix02/post-install/default.nix
View file

@ -10,10 +10,6 @@
age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ../secrets.yaml;
secrets = {
local_git_config = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.private-env";

4
modules/hosts/nixos/kiosk-entryway/default.nix
View file

@ -96,10 +96,6 @@
age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.private-env";

4
modules/hosts/nixos/kiosk-gene-desk/default.nix
View file

@ -114,10 +114,6 @@
age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.private-env";

4
modules/hosts/nixos/nixnas1/default.nix
View file

@ -72,10 +72,6 @@
age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.private-env";

4
modules/hosts/nixos/nixnuc/default.nix
View file

@ -677,10 +677,6 @@ in
owner = config.users.users.nginx.name;
restartUnits = [ "nginx.service" ];
};
local_git_config = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.private-env";

4
modules/hosts/nixos/rainbow-planet/default.nix
View file

@ -168,10 +168,6 @@
age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.private-env";

5
modules/shared/home/general/default.nix
View file

@ -138,7 +138,6 @@ in
"*.swp"
".DS_Store"
];
includes = [ { path = "~/.gitconfig-local"; } ];
lfs.enable = true;
package = pkgs.gitFull;
settings = {
@ -152,6 +151,9 @@ in
};
gpg = {
format = "ssh";
ssh = {
allowedSignersFile = "${config.home.homeDirectory}/.config/git/allowed_signers";
};
};
merge = {
conflictStyle = "diff3";
@ -316,7 +318,6 @@ in
history.size = 1000000;
initContent = ''
[ -f ~/.private-env ] && source ~/.private-env || echo '~/.private-env is missing'
[ -f ~/.gitconfig-local ] || echo '~/.gitconfig-local is missing. Create it and set user.email'
# Start GPG agent
# Some tips from https://hedberg.io/yubikey-for-ssh/ helped simplify this: