mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

chore: update agenix-rekey

Browse source
This commit is contained in:
oddlama 2023-09-24 18:12:04 +02:00
parent 7042ea9ecc
commit b3f08ef7c3
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
5 changed files with 193 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

218
flake.lock generated
View file

@ -42,17 +42,22 @@
},
"agenix-rekey": {
"inputs": {
"devshell": "devshell",
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
],
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1692783612,
"narHash": "sha256-Mz1xv45Rjzet1D2bMGKapgw1JCHaD60dBs4sE6Dz2+A=",
"owner": "oddlama",
"repo": "agenix-rekey",
"rev": "52695865488742e0b34a56111cd40e229b3ab90a",
"type": "github"
"dirtyRev": "8e853a2094472ac2665b453de41832f0f6cf0aa9-dirty",
"dirtyShortRev": "8e853a2-dirty",
"lastModified": 1695571453,
"narHash": "sha256-Qws2IEoO/L7YGzXyweL5VlgHaTWR4UY7Apkbxhihrzg=",
"type": "git",
"url": "file:///home/malte/projects/agenix-rekey"
},
"original": {
"owner": "oddlama",
@ -80,7 +85,7 @@
},
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"flake-utils": [
"flake-utils"
],
@ -105,7 +110,7 @@
},
"crane": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils",
"nixpkgs": [
"elewrap",
@ -173,10 +178,32 @@
"devshell": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1695195896,
"narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=",
"owner": "numtide",
"repo": "devshell",
"rev": "05d40d17bf3459606316e3e9ec683b784ff28f16",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_2"
},
"locked": {
"lastModified": 1694435990,
"narHash": "sha256-yLQPD2eZGepu3yvdwABXrR3GhAqWRWTj9rn3a4knYuk=",
@ -219,7 +246,7 @@
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
"pre-commit-hooks": "pre-commit-hooks_2"
},
"locked": {
"lastModified": 1688574676,
@ -238,11 +265,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@ -254,11 +281,11 @@
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
@ -284,21 +311,6 @@
}
},
"flake-compat_4": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -314,6 +326,21 @@
"type": "github"
}
},
"flake-compat_5": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_6": {
"flake": false,
"locked": {
@ -330,6 +357,22 @@
"type": "github"
}
},
"flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@ -354,7 +397,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems_3"
},
"locked": {
"lastModified": 1685518550,
@ -372,7 +415,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
"systems": "systems_4"
},
"locked": {
"lastModified": 1687709756,
@ -390,7 +433,7 @@
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
"systems": "systems_5"
},
"locked": {
"lastModified": 1694529238,
@ -408,7 +451,7 @@
},
"flake-utils_4": {
"inputs": {
"systems": "systems_5"
"systems": "systems_6"
},
"locked": {
"lastModified": 1694529238,
@ -443,7 +486,7 @@
"gitignore": {
"inputs": {
"nixpkgs": [
"elewrap",
"agenix-rekey",
"pre-commit-hooks",
"nixpkgs"
]
@ -463,6 +506,28 @@
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"elewrap",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_3": {
"inputs": {
"nixpkgs": [
"pre-commit-hooks",
@ -747,9 +812,25 @@
"type": "github"
}
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-wayland": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_5",
"lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [
@ -811,18 +892,46 @@
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat",
"flake-utils": [
"elewrap",
"agenix-rekey",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"elewrap",
"agenix-rekey",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1694364351,
"narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks_2": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-utils": [
"elewrap",
"flake-utils"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"elewrap",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1688137124,
"narHash": "sha256-ramG4s/+A5+t/QG2MplTNPP/lmBWDtbW6ilpwb9sKVo=",
@ -837,17 +946,17 @@
"type": "github"
}
},
"pre-commit-hooks_2": {
"pre-commit-hooks_3": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_6",
"flake-utils": [
"flake-utils"
],
"gitignore": "gitignore_2",
"gitignore": "gitignore_3",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1694364351,
@ -868,7 +977,7 @@
"agenix": "agenix",
"agenix-rekey": "agenix-rekey",
"colmena": "colmena",
"devshell": "devshell",
"devshell": "devshell_2",
"disko": "disko",
"elewrap": "elewrap",
"flake-utils": "flake-utils_3",
@ -883,7 +992,7 @@
"nixpkgs": "nixpkgs",
"nixpkgs-wayland": "nixpkgs-wayland",
"nixseparatedebuginfod": "nixseparatedebuginfod",
"pre-commit-hooks": "pre-commit-hooks_2",
"pre-commit-hooks": "pre-commit-hooks_3",
"stylix": "stylix",
"templates": "templates"
}
@ -934,7 +1043,7 @@
"stylix": {
"inputs": {
"base16": "base16",
"flake-compat": "flake-compat_6",
"flake-compat": "flake-compat_7",
"home-manager": [
"home-manager"
],
@ -1031,6 +1140,21 @@
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"templates": {
"locked": {
"lastModified": 1691421369,

30
flake.nix
View file

@ -11,6 +11,7 @@
agenix-rekey = {
url = "github:oddlama/agenix-rekey";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
colmena = {
@ -127,6 +128,11 @@
extraEncryptionPubkeys = [./secrets/backup.pub];
};
agenix-rekey = agenix-rekey.configure {
userFlake = self;
inherit (self) nodes pkgs;
};
inherit
(import ./nix/hosts.nix inputs)
colmena
@ -160,6 +166,7 @@
++ import ./pkgs/default.nix
++ [
devshell.overlays.default
agenix-rekey.overlays.default
];
};
@ -180,11 +187,8 @@
.${system};
};
# Define local apps and apps used for rekeying secrets
# `nix run .#<app>`
apps =
agenix-rekey.defineApps self pkgs self.nodes
// import ./apps inputs system;
apps = import ./apps inputs system;
# `nix flake check`
checks.pre-commit-hooks = pre-commit-hooks.lib.${system}.run {
@ -208,33 +212,37 @@
nix # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions.
];
commands = with pkgs; [
commands = [
{
package = colmena.packages.${system}.colmena;
help = "Build and deploy this nix config to nodes";
}
{
package = alejandra;
package = pkgs.agenix-rekey;
help = "Edit and rekey secrets";
}
{
package = pkgs.alejandra;
help = "Format nix code";
}
{
package = statix;
package = pkgs.statix;
help = "Lint nix code";
}
{
package = deadnix;
package = pkgs.deadnix;
help = "Find unused expressions in nix code";
}
{
package = update-nix-fetchgit;
package = pkgs.update-nix-fetchgit;
help = "Update fetcher hashes inside nix files";
}
{
package = nix-tree;
package = pkgs.nix-tree;
help = "Interactively browse dependency graphs of Nix derivations";
}
{
package = nix-diff;
package = pkgs.nix-diff;
help = "Explain why two Nix derivations differ";
}
];

1
modules/config/secrets.nix
View file

@ -26,6 +26,7 @@
forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
hostPubkey = config.node.secretsDir + "/host.pub";
generatedSecretsDir = inputs.self.outPath + "/secrets/generated/${config.node.name}";
cacheDir = "\"\${XDG_CACHE_HOME:=$HOME/.cache}/agenix-rekey\"";
};
age.generators.basic-auth = {

1
users/modules/config/impermanence.nix
View file

@ -12,6 +12,7 @@ in {
home.persistence."/state".directories =
[
".cache/agenix-rekey" # agenix-rekey cache
".cache/fontconfig"
".cache/nix" # nix eval cache
".config/dconf" # some apps store their configuration using dconf

1
users/myuser/graphical/default.nix
View file

@ -37,6 +37,7 @@
zathura
];
# TODO on neogit close do neotree update
# TODO kitty terminfo missing with ssh root@localhost
# TODO nix repl cltr+del doesnt work
# TODO wrap neovim for kitty hist