tdpeuter/bos55-nix-config-cicd
1
Fork 0
forked from Bos55/nix-config
Code Pull requests 1 Releases Packages Activity Actions

feat(security): implement metadata redaction and sops-nix migration
Some checks failed
Build / Determining hosts to build (push) Failing after 10m8s
Details
Build / build (Development) (push) Has been cancelled
Details
Build / build (Testing) (push) Has been cancelled
Details

Browse source 
Migrated authorized SSH keys and personal metadata (emails, tokens) to sops-nix to prevent infrastructure fingerprinting. Introduced centralized secrets module with placeholder fallbacks.
This commit is contained in:
Tibo De Peuter 2026-03-17 18:25:37 +01:00
parent 8fb651fd60
commit 17c5d0ee48
Signed by: tdpeuter
GPG key ID: 38297DE43F75FFE2
12 changed files with 68 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

6
flake.nix
View file

@ -25,7 +25,7 @@
...
}:
let
system = "x86_64-linux";
system = utils.lib.system.x86_64-linux;
lib = nixpkgs.lib;
in
utils.lib.mkFlake {
@ -75,7 +75,9 @@
'';
}) (lib.filterAttrs (_: isDeployable) self.nixosConfigurations);
checks = builtins.mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib;
checks = (builtins.mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib) // {
integration-test = import ./test/vm-test.nix { inherit self nixpkgs system; };
};
outputsBuilder = channels: {
formatter = channels.nixpkgs.alejandra;