add agenix

2023-10-16 13:28:58 -04:00 · 2023-10-16 13:28:58 -04:00 · e6bc1d2f87
commit e6bc1d2f87
parent 3fa51bdbd3
9 changed files with 152 additions and 38 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,25 @@
 {
  "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1696775529,
+        "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
    "banner": {
      "inputs": {
        "nixpkgs": [
@ -37,6 +57,28 @@
        "type": "github"
      }
    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1673295039,
+        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
    "devenv": {
      "inputs": {
        "flake-compat": "flake-compat",
@ -47,11 +89,11 @@
        "pre-commit-hooks": "pre-commit-hooks"
      },
      "locked": {
-        "lastModified": 1695635472,
-        "narHash": "sha256-+0lqQZmbzdglPh8JoMAZzP1XXanhBg9BcbjVXnwEC5E=",
+        "lastModified": 1697058441,
+        "narHash": "sha256-gjtW+nkM9suMsjyid63HPmt6WZQEvuVqA5cOAf4lLM0=",
        "owner": "cachix",
        "repo": "devenv",
-        "rev": "42a26aa1b2265cf505df056e040e2b1ef8073b76",
+        "rev": "55294461a62d90c8626feca22f52b0d3d0e18e39",
        "type": "github"
      },
      "original": {
@ -139,7 +181,7 @@
      "inputs": {
        "banner": "banner",
        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1692384535,
@ -158,15 +200,36 @@
    "home-manager": {
      "inputs": {
        "nixpkgs": [
+          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1695738267,
-        "narHash": "sha256-LTNAbTQ96xSj17xBfsFrFS9i56U2BMLpD0BduhrsVkU=",
+        "lastModified": 1682203081,
+        "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "0f4e5b4999fd6a42ece5da8a3a2439a50e48e486",
+        "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1696940889,
+        "narHash": "sha256-p2Wic74A1tZpFcld1wSEbFQQbrZ/tPDuLieCnspamQo=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "6bba64781e4b7c1f91a733583defbd3e46b49408",
        "type": "github"
      },
      "original": {
@ -186,11 +249,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1695935601,
-        "narHash": "sha256-LLlL4EXxupanb3GwSMcogCCsx7WAfd7/u13QkAwyBgQ=",
+        "lastModified": 1697151905,
+        "narHash": "sha256-sfuiRn7D5D2NzDkXXN/DUUcs2d1ddlf3VmzDBzDO2Tk=",
        "owner": "vaxerski",
        "repo": "Hyprland",
-        "rev": "3f09b14381e8b28dd2cc1d292763374f2d6c8484",
+        "rev": "3a61350286de842c7f1566c38e2b42821080ddf4",
        "type": "github"
      },
      "original": {
@ -290,11 +353,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1696131323,
-        "narHash": "sha256-Y47r8Jo+9rs+XUWHcDPZtkQs6wFeZ24L4CQTfVwE+vY=",
+        "lastModified": 1696736548,
+        "narHash": "sha256-Dg0gJ9xVXud55sAbXspMapFYZOpVAldQQo7MFp91Vb0=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "031d4b22505fdea47bd53bfafad517cd03c26a4f",
+        "rev": "2902dc66f64f733bfb45754e984e958e9fe7faf9",
        "type": "github"
      },
      "original": {
@ -305,17 +368,18 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1692264070,
-        "narHash": "sha256-WepAkIL2UcHOj7JJiaFS/vxrA9lklQHv8p+xGL+7oQ0=",
+        "lastModified": 1677676435,
+        "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "42c25608aa2ad4e5d3716d8d63c606063513ba33",
+        "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
        "type": "github"
      },
      "original": {
-        "id": "nixpkgs",
+        "owner": "NixOS",
        "ref": "nixos-unstable",
-        "type": "indirect"
+        "repo": "nixpkgs",
+        "type": "github"
      }
    },
    "nixpkgs-lib": {
@ -367,11 +431,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1695806987,
-        "narHash": "sha256-fX5kGs66NZIxCMcpAGIpxuftajHL8Hil1vjHmjjl118=",
+        "lastModified": 1697009197,
+        "narHash": "sha256-viVRhBTFT8fPJTb1N3brQIpFZnttmwo3JVKNuWRVc3s=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "f3dab3509afca932f3f4fd0908957709bb1c1f57",
+        "rev": "01441e14af5e29c9d27ace398e6dd0b293e25a54",
        "type": "github"
      },
      "original": {
@ -383,11 +447,26 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1695830400,
-        "narHash": "sha256-gToZXQVr0G/1WriO83olnqrLSHF2Jb8BPcmCt497ro0=",
+        "lastModified": 1692264070,
+        "narHash": "sha256-WepAkIL2UcHOj7JJiaFS/vxrA9lklQHv8p+xGL+7oQ0=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "42c25608aa2ad4e5d3716d8d63c606063513ba33",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1697059129,
+        "narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8a86b98f0ba1c405358f1b71ff8b5e1d317f5db2",
+        "rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593",
        "type": "github"
      },
      "original": {
@ -427,13 +506,14 @@
    },
    "root": {
      "inputs": {
+        "agenix": "agenix",
        "devenv": "devenv",
        "gtk-nix": "gtk-nix",
-        "home-manager": "home-manager",
+        "home-manager": "home-manager_2",
        "hyprland": "hyprland",
        "nix-colors": "nix-colors",
        "nix-index-database": "nix-index-database",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
        "nixpkgs-unstable": "nixpkgs-unstable"
      }
    },
@ -486,18 +566,18 @@
      "flake": false,
      "locked": {
        "host": "gitlab.freedesktop.org",
-        "lastModified": 1695919988,
-        "narHash": "sha256-4RBgIZHaVqH0m1POnfzYRzwCWxifIKH4xQ0kCn2LGkA=",
+        "lastModified": 1696410538,
+        "narHash": "sha256-ecDhdYLXWHsxMv+EWG36mCNDvzRbu9qfjH7dLxL7aGM=",
        "owner": "wlroots",
        "repo": "wlroots",
-        "rev": "c2aa7fd965cb7ee8bed24f4122b720aca8f0fc1e",
+        "rev": "3406c1b17a4a7e6d4e2a7d9c1176affa72bce1bc",
        "type": "gitlab"
      },
      "original": {
        "host": "gitlab.freedesktop.org",
        "owner": "wlroots",
        "repo": "wlroots",
-        "rev": "c2aa7fd965cb7ee8bed24f4122b720aca8f0fc1e",
+        "rev": "3406c1b17a4a7e6d4e2a7d9c1176affa72bce1bc",
        "type": "gitlab"
      }
    },
--- a/flake.nix
+++ b/flake.nix
@ -24,6 +24,8 @@

    nix-index-database.url = "github:Mic92/nix-index-database";
    nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
+
+    agenix.url = "github:ryantm/agenix";
  };

  outputs = { self, nixpkgs, ... }@inputs:
--- a/hosts/configuration.nix
+++ b/hosts/configuration.nix
@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).

-{ config, pkgs, ... }:
+{ config, pkgs, inputs, ... }:

 {
  imports = (import ../modules/editors) ++
@ -74,6 +74,7 @@
      usbutils
      wget
      lsof
+      inputs.agenix.packages.${system}.agenix
    ];
  };

--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -17,6 +17,7 @@
      ./configuration.nix
      ../modules/themes/home.nix
      inputs.nix-index-database.nixosModules.nix-index
+      inputs.agenix.nixosModules.default
      inputs.home-manager.nixosModules.home-manager
      {
        home-manager.useGlobalPkgs = true;
--- a/hosts/thinkpad/hardware-configuration.nix
+++ b/hosts/thinkpad/hardware-configuration.nix
@ -20,20 +20,34 @@
      fsType = "ext4";
    };

-  fileSystems."/home/glen/media" =
+  fileSystems."/media" =
    {
      device = "192.168.10.2:/mnt/tank/media";
      fsType = "nfs";
      options = [ "x-systemd.automount" "noauto" "x-systemd.after=network-online.target" "x-systemd.mount-timeout=90" ];
    };

-  fileSystems."/home/glen/books" =
+  fileSystems."/books" =
    {
      device = "192.168.10.2:/mnt/tank/books";
      fsType = "nfs";
      options = [ "x-systemd.automount" "noauto" "x-systemd.after=network-online.target" "x-systemd.mount-timeout=90" ];
    };

+  fileSystems."/music" =
+    {
+      device = "192.168.10.2:/mnt/tank/music";
+      fsType = "nfs";
+      options = [ "x-systemd.automount" "noauto" "x-systemd.after=network-online.target" "x-systemd.mount-timeout=90" ];
+    };
+
+  fileSystems."/projects" =
+    {
+      device = "192.168.10.2:/mnt/tank/projects";
+      fsType = "nfs";
+      options = [ "x-systemd.automount" "noauto" "x-systemd.after=network-online.target" "x-systemd.mount-timeout=90" ];
+    };
+
  boot.initrd.luks.devices."luks-9d4b251f-b7d5-4a28-8e5d-6df09b434e47".device = "/dev/disk/by-uuid/9d4b251f-b7d5-4a28-8e5d-6df09b434e47";

  fileSystems."/boot/efi" =
--- a/modules/desktop/hyprland/home.nix
+++ b/modules/desktop/hyprland/home.nix
@ -29,7 +29,6 @@ let

        decoration {
          rounding=5
-          multisample_edges=true
          active_opacity=0.93
          inactive_opacity=0.93
          fullscreen_opacity=1
--- a/modules/shell/zsh.nix
+++ b/modules/shell/zsh.nix
@ -1,6 +1,11 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:

 {
+  age.secrets.env = {
+    file = ../../secrets/env.age;
+    owner = "glen";
+  };
+
  programs = {
    zsh = {
      enable = true;
@ -25,9 +30,10 @@
        #${pkgs.nitch}/bin/nitch

        #eval "$(direnv hook zsh)"
-	eval "$(atuin init zsh)"
-	clear
-	pfetch
+        eval "$(atuin init zsh)"
+        clear
+        pfetch
+        source ${config.age.secrets.env.path}
      '';
    };
  };
--- a/secrets/env.age
+++ b/secrets/env.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,11 @@
+let
+  user1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxZoOukLwiPP4tFZ2IzI61ZQccSwudPYYPJuU3COTAf";
+  users = [ user1 ];
+
+  system1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9LR3o//JjFpnJ5+MSJVmTTC3x47Ca8ckL8tDRtHJZv";
+  systems = [ system1 ];
+in
+{
+  #"secret1.age".publicKeys = [ user1 system1 ];
+  "env.age".publicKeys = users ++ systems;
+}