cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

flake: use agenix

Browse source
This commit is contained in:
LavaDesu 2021-09-20 15:09:44 +07:00
parent 4fbeaab7eb
commit eee9b5df5b
Signed by: cilly
GPG key ID: 6500251E087653C9
10 changed files with 81 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

37
flake.lock generated
View file

@ -1,5 +1,25 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1631896269,
"narHash": "sha256-DAyCxJ8JacayOzGgGSfzrn7ghtsfL/EsCyk1NEUaAR8=",
"owner": "ryantm",
"repo": "agenix",
"rev": "daf1d773989ac5d949aeef03fce0fe27e583dbca",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"better-status-indicators": { "better-status-indicators": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -426,6 +446,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"better-status-indicators": "better-status-indicators", "better-status-indicators": "better-status-indicators",
"channel-typing": "channel-typing", "channel-typing": "channel-typing",
"discord-tokyonight": "discord-tokyonight", "discord-tokyonight": "discord-tokyonight",
@ -443,7 +464,6 @@
"pure": "pure", "pure": "pure",
"radialstatus": "radialstatus", "radialstatus": "radialstatus",
"rolecolor-everywhere": "rolecolor-everywhere", "rolecolor-everywhere": "rolecolor-everywhere",
"secrets": "secrets",
"spotify-adblock": "spotify-adblock", "spotify-adblock": "spotify-adblock",
"theme-toggler": "theme-toggler", "theme-toggler": "theme-toggler",
"tokyonight": "tokyonight", "tokyonight": "tokyonight",
@ -457,21 +477,6 @@
"zsh-history-substring-search": "zsh-history-substring-search" "zsh-history-substring-search": "zsh-history-substring-search"
} }
}, },
"secrets": {
"locked": {
"lastModified": 1626423937,
"narHash": "sha256-ar4JcAS4q6PL2YiTXcFAsiLpvVZLc7/2r4TS6pI3Aww=",
"owner": "LavaDesu",
"repo": "flakes-secrets",
"rev": "73ec1e3c23216c1a42fb9a00dbf443d90af68f45",
"type": "github"
},
"original": {
"owner": "LavaDesu",
"repo": "flakes-secrets",
"type": "github"
}
},
"spotify-adblock": { "spotify-adblock": {
"flake": false, "flake": false,
"locked": { "locked": {

7
flake.nix
View file

@ -3,8 +3,9 @@
nixpkgs.url = "github:NixOS/nixpkgs"; nixpkgs.url = "github:NixOS/nixpkgs";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
neovim-nightly.url = "github:nix-community/neovim-nightly-overlay"; neovim-nightly.url = "github:nix-community/neovim-nightly-overlay";
secrets.url = "github:LavaDesu/flakes-secrets"; agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
neovim-nightly.inputs.nixpkgs.follows = "nixpkgs"; neovim-nightly.inputs.nixpkgs.follows = "nixpkgs";
@ -43,7 +44,7 @@
zelk = { url = "github:schnensch0/zelk"; flake = false; }; zelk = { url = "github:schnensch0/zelk"; flake = false; };
}; };
outputs = { self, nixpkgs, home-manager, secrets, ... } @ inputs: outputs = { self, agenix, nixpkgs, home-manager, ... } @ inputs:
let let
lib = nixpkgs.lib; lib = nixpkgs.lib;
@ -100,7 +101,7 @@
system = arch; system = arch;
modules = [ modules = [
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
secrets.nixosModules.${name} agenix.nixosModules.age
(./hosts + "/${name}") (./hosts + "/${name}")
]; ];
specialArgs = { inherit inputs modules overlays enableGUI; }; specialArgs = { inherit inputs modules overlays enableGUI; };

5
hosts/apricot/default.nix
View file

@ -1,7 +1,12 @@
{ config, modules, overlays, pkgs, ... }: { { config, modules, overlays, pkgs, ... }: {
networking.hostName = "apricot"; networking.hostName = "apricot";
system.stateVersion = "21.05"; system.stateVersion = "21.05";
time.timeZone = "Asia/Phnom_Penh";
age.secrets = {
passwd.file = ../../secrets/passwd.age;
wpa_conf.file = ../../secrets/wpa_conf.age;
};
imports = with modules.system; [ imports = with modules.system; [
base base
input input

1
hosts/apricot/networking.nix
View file

@ -1,4 +1,5 @@
{ config, ... }: { { config, ... }: {
environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path;
networking = { networking = {
wireless = { wireless = {
enable = true; enable = true;

5
hosts/winter/default.nix
View file

@ -1,7 +1,12 @@
{ config, modules, overlays, pkgs, ... }: { { config, modules, overlays, pkgs, ... }: {
networking.hostName = "winter"; networking.hostName = "winter";
system.stateVersion = "20.09"; system.stateVersion = "20.09";
time.timeZone = "Asia/Phnom_Penh";
age.secrets = {
passwd.file = ../../secrets/passwd.age;
wpa_conf.file = ../../secrets/wpa_conf.age;
};
imports = with modules.system; [ imports = with modules.system; [
audio audio
base base

1
hosts/winter/networking.nix
View file

@ -1,4 +1,5 @@
{ config, ... }: { { config, ... }: {
environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path;
networking = { networking = {
wireless = { wireless = {
enable = true; enable = true;

12
secrets.nix Normal file
View file

@ -0,0 +1,12 @@
let
apricot = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGGS0M4BOLiVUM/qdUpcg9Y4aTeyDfyQl89uhXwFORjn";
fondue = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkKZYsYWnI+MgecBjOwf7aL5jtiT0ymCDme3pzucTei";
winter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj";
rin-apricot = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxzygMMJ/hmPRUeQu/eMmEhAKfFSFIEVstDIerPzxgZ";
rin-fondue = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbPamP5bovUsrBNYnjOk4SN2TaQZAVlJ+4JldK2cL5M";
rin-winter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15";
in {
"secrets/passwd.age".publicKeys = [ apricot fondue winter rin-apricot rin-fondue rin-winter ];
"secrets/wpa_conf.age".publicKeys = [ apricot winter rin-apricot rin-winter ];
}

17
secrets/passwd.age Normal file
View file

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-ed25519 U9FXlg pyO5bXIo3QmlwLGThUQOJpxkNHMWRw7zCN7MZRHT2XI
+t6CvDsUoxDK7VieD1JGGoPIAdgNy88gHQTElEbq+Aw
-> ssh-ed25519 W08TTA JGyCrmpEH/04XqVK3cZjZQxW8FdgTHGdeSjDRHBFTy8
DO352HTh9LhjLROJt4Ezx5tCEjuA8O7Y2yOtSnzqJFY
-> ssh-ed25519 pumkzw bwVqGKi9z0tZU//9eETsW3QtU1eKw1fUGueGpPPwEE0
MPa3afK3Imz5DQ0OC+VRoN7NTkTfxW4PdYtUQpZKYFU
-> ssh-ed25519 CUCjXQ imjGGo/eW0k/5Nqx54GSdxyPUd/rrKiCSbe5IVBqpGY
kbznCkFsJ1cQtaSOpcO87XymQVUh0trjf+hnPrZn4wM
-> ssh-ed25519 1f0c9Q gs51wLCgicapbWMXe762vHXzKZEL4uBEwyoMMgjYEDo
jQcqFfXZdNyUXKdQYd6NGpB2UG6kspSqES0U7YVl8bs
-> ssh-ed25519 l9dSQg jFs43ABxAmfFnbHXaDf7cI5LSZl7eG45vRvmDRcGn2I
xi0ssuW/X+GbhEAjTlMqsRZuF860ClW5OW7em8q4gCU
-> ddi&.U1,-grease l-[{g`4' 8[A; E*S _#Pt
f6BrJn0
--- 94Qsnx1vfwhCQBcX1UBinqiQkcTHwAsoaT8Fc0g6bxw
*hŠ)ë¼uÞ-Ýج<>4(uIãm5¬ÔßI½Í¼„7Ûs?;äŽr˜ õ:ña£ év{F JbýstPŽ„óìlñäÀï?aq”Õ<41>sز éˆI;+ÿc€(¯<>OÍ*3Lðr.GåÏ:fö|ñœ

14
secrets/wpa_conf.age Normal file
View file

@ -0,0 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 U9FXlg E0hhgFA/zsRWQJlrPEcoa3EB5+PsCAqCR1zCnezkFjU
C17s+kvncsFSdYG4MPG/mBuBwyjQihI0psdBG5TZRkU
-> ssh-ed25519 pumkzw 6lB6ssEW3qI/urBGKNiVvwn2mwNlqjAoteHjzWhSdic
5H9O9ogZSo5MZxvotcVpH2iTsSl82RoA1mEOqfPJhs8
-> ssh-ed25519 CUCjXQ M1pJrjSYKt79yozkZg5QnWoVXm/Ycux2CjK9KZ2c3Gg
kIZU/NI0lZK7VqP6LXeBCm1I1QvwPUcrrqRhouE1qXY
-> ssh-ed25519 l9dSQg kdr5ycMPLZHm3gnQXlRGePkmnWMAtQCVL/eeqQNZW3M
so1UTAIF4xYYC8BGseA+cY7yz49xeqROBoCrnyaa5fQ
-> at-grease pZp\ \
wFowXoNmbvDQFM/9r4Ju5rPlrj4nP8k4NEtKbUOZovebox75dWododrjol14pk7x
2YgYznE9r6HsyqN/6wXroQ
--- m1BL/gjAKZlbd2fLwT46xse7I9SzL5hgBIxnoIZmMu4
oLZ80¬Å“"Á®;㫇gœ(Æ¡"5FšÇaŠ6`GÊSfÍ.·´hYâ笪§K9Jó=<3D>³· Ö0܆.€¬]qšØGoÄnpË•«ý—Îû3Žo>† ÅS°¼•yR¡Ôpͦz.K<>ËÅF¹F<C2B9>ep

1
users/rin.nix
View file

@ -4,6 +4,7 @@
extraGroups = [ "adbusers" "audio" "video" "wheel" ]; extraGroups = [ "adbusers" "audio" "video" "wheel" ];
shell = pkgs.zsh; shell = pkgs.zsh;
uid = 1001; uid = 1001;
passwordFile = config.age.secrets.passwd.path;
}; };
home-manager.users.rin = { config, enableGUI, lib, pkgs, ... }: { home-manager.users.rin = { config, enableGUI, lib, pkgs, ... }: {
home = { home = {