From e6bc1d2f87c4d6f5159663293eb8a01b512d38c4 Mon Sep 17 00:00:00 2001 From: Glen Goodwin Date: Mon, 16 Oct 2023 13:28:58 -0400 Subject: [PATCH] add agenix --- flake.lock | 140 +++++++++++++++++----- flake.nix | 2 + hosts/configuration.nix | 3 +- hosts/default.nix | 1 + hosts/thinkpad/hardware-configuration.nix | 18 ++- modules/desktop/hyprland/home.nix | 1 - modules/shell/zsh.nix | 14 ++- secrets/env.age | Bin 0 -> 433 bytes secrets/secrets.nix | 11 ++ 9 files changed, 152 insertions(+), 38 deletions(-) create mode 100644 secrets/env.age create mode 100644 secrets/secrets.nix diff --git a/flake.lock b/flake.lock index e3088ad..e711f66 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1696775529, + "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=", + "owner": "ryantm", + "repo": "agenix", + "rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "banner": { "inputs": { "nixpkgs": [ @@ -37,6 +57,28 @@ "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "devenv": { "inputs": { "flake-compat": "flake-compat", @@ -47,11 +89,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1695635472, - "narHash": "sha256-+0lqQZmbzdglPh8JoMAZzP1XXanhBg9BcbjVXnwEC5E=", + "lastModified": 1697058441, + "narHash": "sha256-gjtW+nkM9suMsjyid63HPmt6WZQEvuVqA5cOAf4lLM0=", "owner": "cachix", "repo": "devenv", - "rev": "42a26aa1b2265cf505df056e040e2b1ef8073b76", + "rev": "55294461a62d90c8626feca22f52b0d3d0e18e39", "type": "github" }, "original": { @@ -139,7 +181,7 @@ "inputs": { "banner": "banner", "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1692384535, @@ -158,15 +200,36 @@ "home-manager": { "inputs": { "nixpkgs": [ + "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1695738267, - "narHash": "sha256-LTNAbTQ96xSj17xBfsFrFS9i56U2BMLpD0BduhrsVkU=", + "lastModified": 1682203081, + "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", "owner": "nix-community", "repo": "home-manager", - "rev": "0f4e5b4999fd6a42ece5da8a3a2439a50e48e486", + "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1696940889, + "narHash": "sha256-p2Wic74A1tZpFcld1wSEbFQQbrZ/tPDuLieCnspamQo=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "6bba64781e4b7c1f91a733583defbd3e46b49408", "type": "github" }, "original": { @@ -186,11 +249,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1695935601, - "narHash": "sha256-LLlL4EXxupanb3GwSMcogCCsx7WAfd7/u13QkAwyBgQ=", + "lastModified": 1697151905, + "narHash": "sha256-sfuiRn7D5D2NzDkXXN/DUUcs2d1ddlf3VmzDBzDO2Tk=", "owner": "vaxerski", "repo": "Hyprland", - "rev": "3f09b14381e8b28dd2cc1d292763374f2d6c8484", + "rev": "3a61350286de842c7f1566c38e2b42821080ddf4", "type": "github" }, "original": { @@ -290,11 +353,11 @@ ] }, "locked": { - "lastModified": 1696131323, - "narHash": "sha256-Y47r8Jo+9rs+XUWHcDPZtkQs6wFeZ24L4CQTfVwE+vY=", + "lastModified": 1696736548, + "narHash": "sha256-Dg0gJ9xVXud55sAbXspMapFYZOpVAldQQo7MFp91Vb0=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "031d4b22505fdea47bd53bfafad517cd03c26a4f", + "rev": "2902dc66f64f733bfb45754e984e958e9fe7faf9", "type": "github" }, "original": { @@ -305,17 +368,18 @@ }, "nixpkgs": { "locked": { - "lastModified": 1692264070, - "narHash": "sha256-WepAkIL2UcHOj7JJiaFS/vxrA9lklQHv8p+xGL+7oQ0=", + "lastModified": 1677676435, + "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "42c25608aa2ad4e5d3716d8d63c606063513ba33", + "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169", "type": "github" }, "original": { - "id": "nixpkgs", + "owner": "NixOS", "ref": "nixos-unstable", - "type": "indirect" + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-lib": { @@ -367,11 +431,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1695806987, - "narHash": "sha256-fX5kGs66NZIxCMcpAGIpxuftajHL8Hil1vjHmjjl118=", + "lastModified": 1697009197, + "narHash": "sha256-viVRhBTFT8fPJTb1N3brQIpFZnttmwo3JVKNuWRVc3s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f3dab3509afca932f3f4fd0908957709bb1c1f57", + "rev": "01441e14af5e29c9d27ace398e6dd0b293e25a54", "type": "github" }, "original": { @@ -383,11 +447,26 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1695830400, - "narHash": "sha256-gToZXQVr0G/1WriO83olnqrLSHF2Jb8BPcmCt497ro0=", + "lastModified": 1692264070, + "narHash": "sha256-WepAkIL2UcHOj7JJiaFS/vxrA9lklQHv8p+xGL+7oQ0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "42c25608aa2ad4e5d3716d8d63c606063513ba33", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1697059129, + "narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a86b98f0ba1c405358f1b71ff8b5e1d317f5db2", + "rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593", "type": "github" }, "original": { @@ -427,13 +506,14 @@ }, "root": { "inputs": { + "agenix": "agenix", "devenv": "devenv", "gtk-nix": "gtk-nix", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "hyprland": "hyprland", "nix-colors": "nix-colors", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-unstable": "nixpkgs-unstable" } }, @@ -486,18 +566,18 @@ "flake": false, "locked": { "host": "gitlab.freedesktop.org", - "lastModified": 1695919988, - "narHash": "sha256-4RBgIZHaVqH0m1POnfzYRzwCWxifIKH4xQ0kCn2LGkA=", + "lastModified": 1696410538, + "narHash": "sha256-ecDhdYLXWHsxMv+EWG36mCNDvzRbu9qfjH7dLxL7aGM=", "owner": "wlroots", "repo": "wlroots", - "rev": "c2aa7fd965cb7ee8bed24f4122b720aca8f0fc1e", + "rev": "3406c1b17a4a7e6d4e2a7d9c1176affa72bce1bc", "type": "gitlab" }, "original": { "host": "gitlab.freedesktop.org", "owner": "wlroots", "repo": "wlroots", - "rev": "c2aa7fd965cb7ee8bed24f4122b720aca8f0fc1e", + "rev": "3406c1b17a4a7e6d4e2a7d9c1176affa72bce1bc", "type": "gitlab" } }, diff --git a/flake.nix b/flake.nix index 7da4d52..a507117 100644 --- a/flake.nix +++ b/flake.nix @@ -24,6 +24,8 @@ nix-index-database.url = "github:Mic92/nix-index-database"; nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; + + agenix.url = "github:ryantm/agenix"; }; outputs = { self, nixpkgs, ... }@inputs: diff --git a/hosts/configuration.nix b/hosts/configuration.nix index a65ac06..cb8af63 100644 --- a/hosts/configuration.nix +++ b/hosts/configuration.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, ... }: +{ config, pkgs, inputs, ... }: { imports = (import ../modules/editors) ++ @@ -74,6 +74,7 @@ usbutils wget lsof + inputs.agenix.packages.${system}.agenix ]; }; diff --git a/hosts/default.nix b/hosts/default.nix index a1ec884..af39436 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -17,6 +17,7 @@ ./configuration.nix ../modules/themes/home.nix inputs.nix-index-database.nixosModules.nix-index + inputs.agenix.nixosModules.default inputs.home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; diff --git a/hosts/thinkpad/hardware-configuration.nix b/hosts/thinkpad/hardware-configuration.nix index f79b03f..de99906 100644 --- a/hosts/thinkpad/hardware-configuration.nix +++ b/hosts/thinkpad/hardware-configuration.nix @@ -20,20 +20,34 @@ fsType = "ext4"; }; - fileSystems."/home/glen/media" = + fileSystems."/media" = { device = "192.168.10.2:/mnt/tank/media"; fsType = "nfs"; options = [ "x-systemd.automount" "noauto" "x-systemd.after=network-online.target" "x-systemd.mount-timeout=90" ]; }; - fileSystems."/home/glen/books" = + fileSystems."/books" = { device = "192.168.10.2:/mnt/tank/books"; fsType = "nfs"; options = [ "x-systemd.automount" "noauto" "x-systemd.after=network-online.target" "x-systemd.mount-timeout=90" ]; }; + fileSystems."/music" = + { + device = "192.168.10.2:/mnt/tank/music"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.after=network-online.target" "x-systemd.mount-timeout=90" ]; + }; + + fileSystems."/projects" = + { + device = "192.168.10.2:/mnt/tank/projects"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.after=network-online.target" "x-systemd.mount-timeout=90" ]; + }; + boot.initrd.luks.devices."luks-9d4b251f-b7d5-4a28-8e5d-6df09b434e47".device = "/dev/disk/by-uuid/9d4b251f-b7d5-4a28-8e5d-6df09b434e47"; fileSystems."/boot/efi" = diff --git a/modules/desktop/hyprland/home.nix b/modules/desktop/hyprland/home.nix index 2fbe2b4..f20d4c5 100644 --- a/modules/desktop/hyprland/home.nix +++ b/modules/desktop/hyprland/home.nix @@ -29,7 +29,6 @@ let decoration { rounding=5 - multisample_edges=true active_opacity=0.93 inactive_opacity=0.93 fullscreen_opacity=1 diff --git a/modules/shell/zsh.nix b/modules/shell/zsh.nix index 66a62d7..cee0063 100644 --- a/modules/shell/zsh.nix +++ b/modules/shell/zsh.nix @@ -1,6 +1,11 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { + age.secrets.env = { + file = ../../secrets/env.age; + owner = "glen"; + }; + programs = { zsh = { enable = true; @@ -25,9 +30,10 @@ #${pkgs.nitch}/bin/nitch #eval "$(direnv hook zsh)" - eval "$(atuin init zsh)" - clear - pfetch + eval "$(atuin init zsh)" + clear + pfetch + source ${config.age.secrets.env.path} ''; }; }; diff --git a/secrets/env.age b/secrets/env.age new file mode 100644 index 0000000000000000000000000000000000000000..a9f7df29a0b91acc47b0f47fbf82438a428e9526 GIT binary patch literal 433 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn%nD9Tc2r2LN(u=p zEcNvF^9!vCc8)SEj`Z-3h;sM$5AsRPDGT>?^z(4l4vO$~vEVZI2`)$q%}I+&Oigw& zaSw>}stAb+t8ff*4aiO|imLDlDNN1LwlvQ-_e8fX+^Hxh%uyl5AlcH)HPl=`*wZh$ z!m%vLwWy%TGSSPu$iuBD+^kAFGuX>NF|XX;J((-hqsq}ByCf{7($~`{D?h!!E7LjC z*QvlHG)+4vzsjY+x4o-3E7zky$f zlV6bwP?4^#LUvMWs$;lczH6~tWJo}=frW*oqk+Dmf2u)HK}c3%WoBt|Qj)hzMPXPV z*QZN9n~t@(&0>%^^RJHYTK)F9+vE?f5C6E#nRjQni&BHS!TU@5SNGZFEu0(j>I3)W zYofgSPI-LR*tt?eTF&_2?70$2cbT3rEHy1P`?;IxQtfn&qKSVGxLwa(@yvj&*XY|v N+to@*Hx|eoj(8o literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..a59e38d --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,11 @@ +let + user1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxZoOukLwiPP4tFZ2IzI61ZQccSwudPYYPJuU3COTAf"; + users = [ user1 ]; + + system1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9LR3o//JjFpnJ5+MSJVmTTC3x47Ca8ckL8tDRtHJZv"; + systems = [ system1 ]; +in +{ + #"secret1.age".publicKeys = [ user1 system1 ]; + "env.age".publicKeys = users ++ systems; +}