diff --git a/flake.lock b/flake.lock index 881d823..31c1eac 100644 --- a/flake.lock +++ b/flake.lock @@ -51,11 +51,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1713903302, - "narHash": "sha256-qPy0BYFTenmyG4EU+oXej0V/i4jSsVvWbGGrv9Sb0kQ=", + "lastModified": 1716983518, + "narHash": "sha256-LdiPzaq6IwCfEpjaZfndO1CtW1ah1ONwyXKPs7s6UVk=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "8da0392e75373711604a07907de25ec9d5277384", + "rev": "8cf73841a6fa127a64392c8603ce51af1c63b33f", "type": "github" }, "original": { @@ -617,11 +617,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f43aef5..0c21c92 100644 --- a/flake.nix +++ b/flake.nix @@ -96,8 +96,6 @@ outputs = inputs: inputs.flake-parts.lib.mkFlake {inherit inputs;} { imports = [ - inputs.devshell.flakeModule - inputs.pre-commit-hooks.flakeModule ./nix/devshell.nix ./nix/agenix-rekey.nix ./nix/globals.nix @@ -189,8 +187,6 @@ import ./lib inputs ++ import ./pkgs/default.nix ++ [ - inputs.agenix-rekey.overlays.default - inputs.devshell.overlays.default inputs.nix-topology.overlays.default inputs.nixos-extra-modules.overlays.default ]; diff --git a/nix/agenix-rekey.nix b/nix/agenix-rekey.nix index 0567b93..9c2e42e 100644 --- a/nix/agenix-rekey.nix +++ b/nix/agenix-rekey.nix @@ -1,23 +1,37 @@ -{inputs, ...}: { - flake = {config, ...}: { +{ + inputs, + self, + ... +}: { + imports = [ + inputs.agenix-rekey.flakeModule + ]; + + flake = { # The identities that are used to rekey agenix secrets and to # decrypt all repository-wide secrets. secretsConfig = { masterIdentities = [../secrets/yk1-nix-rage.pub]; extraEncryptionPubkeys = [../secrets/backup.pub]; }; - - agenix-rekey = inputs.agenix-rekey.configure { - userFlake = inputs.self; - inherit (config) nodes pkgs; - }; }; - perSystem.devshells.default.env = [ - { - # Always add files to git after agenix rekey and agenix generate. - name = "AGENIX_REKEY_ADD_TO_GIT"; - value = "true"; - } - ]; + perSystem = {config, ...}: { + agenix-rekey.nodes = self.nodes; + devshells.default = { + commands = [ + { + inherit (config.agenix-rekey) package; + help = "Edit, generate and rekey secrets"; + } + ]; + env = [ + { + # Always add files to git after agenix rekey and agenix generate. + name = "AGENIX_REKEY_ADD_TO_GIT"; + value = "true"; + } + ]; + }; + }; } diff --git a/nix/devshell.nix b/nix/devshell.nix index fdd8c9a..eb0d54f 100644 --- a/nix/devshell.nix +++ b/nix/devshell.nix @@ -1,4 +1,9 @@ -{ +{inputs, ...}: { + imports = [ + inputs.devshell.flakeModule + inputs.pre-commit-hooks.flakeModule + ]; + perSystem = { config, pkgs, @@ -27,10 +32,6 @@ package = pkgs.deploy; help = "Build and deploy this nix config to nodes"; } - { - package = pkgs.agenix-rekey; - help = "Edit and rekey secrets"; - } { package = pkgs.alejandra; help = "Format nix code"; @@ -43,10 +44,6 @@ package = pkgs.deadnix; help = "Find unused expressions in nix code"; } - { - package = pkgs.update-nix-fetchgit; - help = "Update fetcher hashes inside nix files"; - } { package = pkgs.nix-tree; help = "Interactively browse dependency graphs of Nix derivations";