feat: use flake-parts for agenix-rekey

flake.lock

@@ -51,11 +51,11 @@
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1713903302,
+        "lastModified": 1716983518,
-        "narHash": "sha256-qPy0BYFTenmyG4EU+oXej0V/i4jSsVvWbGGrv9Sb0kQ=",
+        "narHash": "sha256-LdiPzaq6IwCfEpjaZfndO1CtW1ah1ONwyXKPs7s6UVk=",
         "owner": "oddlama",
         "repo": "agenix-rekey",
-        "rev": "8da0392e75373711604a07907de25ec9d5277384",
+        "rev": "8cf73841a6fa127a64392c8603ce51af1c63b33f",
         "type": "github"
       },
       "original": {
@@ -617,11 +617,11 @@
         "systems": "systems_3"
       },
       "locked": {
-        "lastModified": 1710146030,
+        "lastModified": 1694529238,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
         "type": "github"
       },
       "original": {

flake.nix

@@ -96,8 +96,6 @@
   outputs = inputs:
     inputs.flake-parts.lib.mkFlake {inherit inputs;} {
       imports = [
-        inputs.devshell.flakeModule
-        inputs.pre-commit-hooks.flakeModule
         ./nix/devshell.nix
         ./nix/agenix-rekey.nix
         ./nix/globals.nix
@@ -189,8 +187,6 @@
             import ./lib inputs
             ++ import ./pkgs/default.nix
             ++ [
-              inputs.agenix-rekey.overlays.default
-              inputs.devshell.overlays.default
               inputs.nix-topology.overlays.default
               inputs.nixos-extra-modules.overlays.default
             ];

nix/agenix-rekey.nix

@@ -1,23 +1,37 @@
-{inputs, ...}: {
+{
-  flake = {config, ...}: {
+  inputs,
+  self,
+  ...
+}: {
+  imports = [
+    inputs.agenix-rekey.flakeModule
+  ];
+
+  flake = {
     # The identities that are used to rekey agenix secrets and to
     # decrypt all repository-wide secrets.
     secretsConfig = {
       masterIdentities = [../secrets/yk1-nix-rage.pub];
       extraEncryptionPubkeys = [../secrets/backup.pub];
     };
-
-    agenix-rekey = inputs.agenix-rekey.configure {
-      userFlake = inputs.self;
-      inherit (config) nodes pkgs;
-    };
   };
 
-  perSystem.devshells.default.env = [
+  perSystem = {config, ...}: {
-    {
+    agenix-rekey.nodes = self.nodes;
-      # Always add files to git after agenix rekey and agenix generate.
+    devshells.default = {
-      name = "AGENIX_REKEY_ADD_TO_GIT";
+      commands = [
-      value = "true";
+        {
-    }
+          inherit (config.agenix-rekey) package;
-  ];
+          help = "Edit, generate and rekey secrets";
+        }
+      ];
+      env = [
+        {
+          # Always add files to git after agenix rekey and agenix generate.
+          name = "AGENIX_REKEY_ADD_TO_GIT";
+          value = "true";
+        }
+      ];
+    };
+  };
 }

nix/devshell.nix

@@ -1,4 +1,9 @@
-{
+{inputs, ...}: {
+  imports = [
+    inputs.devshell.flakeModule
+    inputs.pre-commit-hooks.flakeModule
+  ];
+
   perSystem = {
     config,
     pkgs,
@@ -27,10 +32,6 @@
           package = pkgs.deploy;
           help = "Build and deploy this nix config to nodes";
         }
-        {
-          package = pkgs.agenix-rekey;
-          help = "Edit and rekey secrets";
-        }
         {
           package = pkgs.alejandra;
           help = "Format nix code";
@@ -43,10 +44,6 @@
           package = pkgs.deadnix;
           help = "Find unused expressions in nix code";
         }
-        {
-          package = pkgs.update-nix-fetchgit;
-          help = "Update fetcher hashes inside nix files";
-        }
         {
           package = pkgs.nix-tree;
           help = "Interactively browse dependency graphs of Nix derivations";