chore: only warn when hostkey is missing

2023-03-27 16:58:07 +02:00 · 2023-03-27 16:58:07 +02:00 · 0bc49cc3f9
commit 0bc49cc3f9
parent 6c5d117c1e
9 changed files with 34 additions and 16 deletions
--- a/README.md
+++ b/README.md
@ -1,3 +1,8 @@
 # About
 ## Stuff
 This is my personal nix config.
 - Secrets can be created/edited by running `nix run .#edit-secret some/secret.age`
@ -16,7 +21,7 @@ all commands using these extra parameters, or permanently add the following the
 	extra-builtins-file = /path/to/nix-config/nix/extra-builtins.nix
 	```
-# Misc
+## Misc
 Generate self-signed cert:
--- a/flake.lock
+++ b/flake.lock
@ -166,11 +166,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1679480702,
+        "lastModified": 1679756596,
-        "narHash": "sha256-npuRD61YmxUPitI1TqKwlxLrU6iGl5E+BPT196LgUDo=",
+        "narHash": "sha256-wQp7CoYqREPGssf1F0JKx2A4tScbu3iNgI1kS74ib/8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "363c46b2480f1b73ec37cf68caac61f5daa82a2e",
+        "rev": "225d1fb77e6c9f9be1ffd65c8e5eb9cf583aa698",
        "type": "github"
      },
      "original": {
@ -196,11 +196,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1679224149,
+        "lastModified": 1679598117,
-        "narHash": "sha256-TSY37Zv0icF/aijR3/KWGLVBlnKKHlG9QTj7vHbF/UU=",
+        "narHash": "sha256-Vs1f/7imI77OkMOQhO3xgx4jalN2Gx3D3C2wmnlpWJM=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "a4bc66709604ab78abc575b60baa6d23ae027a59",
+        "rev": "648021dcb2b65498eed3ea3a7339cdfc3bea4d82",
        "type": "github"
      },
      "original": {
@ -211,11 +211,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1679262748,
+        "lastModified": 1679705136,
-        "narHash": "sha256-DQCrrAFrkxijC6haUzOC5ZoFqpcv/tg2WxnyW3np1Cc=",
+        "narHash": "sha256-MDlZUR7wJ3PlPtqwwoGQr3euNOe0vdSSteVVOef7tBY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "60c1d71f2ba4c80178ec84523c2ca0801522e0a6",
+        "rev": "8f40f2f90b9c9032d1b824442cfbbe0dbabd0dbd",
        "type": "github"
      },
      "original": {
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@ -73,7 +73,7 @@ in {
      ln -sv ${../../../nix/overlays} $out/overlays
    '';
-    stateVersion = "22.11";
+    stateVersion = "23.05";
  };
  systemd = {
--- a/hosts/nom/secrets/host.pub
+++ b/hosts/nom/secrets/host.pub
--- a/hosts/ward/secrets/host.pub
+++ b/hosts/ward/secrets/host.pub
--- a/hosts/zackbiene/secrets/host.pub
+++ b/hosts/zackbiene/secrets/host.pub
--- a/nix/colmena.nix
+++ b/nix/colmena.nix
@ -26,7 +26,11 @@ with nixpkgs.lib; let
        };
        # Setup parameters for Secrets
        rekey.forceRekeyOnSystem = "x86_64-linux";
-        rekey.hostPubkey = ../secrets/pubkeys + "/${config.networking.hostName}.pub";
+        rekey.hostPubkey = let
          pubkeyPath = ../hosts + "/${hostName}/secrets/host.pub";
        in
          mkIf (pathExists pubkeyPath || trace "Missing pubkey for ${hostName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
          pubkeyPath;
        rekey.masterIdentities = self.secrets.masterIdentities;
        rekey.extraEncryptionPubkeys = self.secrets.extraEncryptionPubkeys;
      })
--- a/users/common/default.nix
+++ b/users/common/default.nix
@ -2,13 +2,12 @@
  imports = [
    ./modules/uid.nix
    #./atuin.nix
    #./bash.nix
    #./btop.nix
-    ./fish.nix
+    #./fish.nix
    ./git.nix
    ./htop.nix
    ./neovim
    ./nushell.nix
    #./ssh.nix
    ./starship.nix
    #./tmux.nix
@ -17,7 +16,7 @@
  ];
  home = {
-    stateVersion = "22.11";
+    stateVersion = "23.05";
    packages = with pkgs; [
      bandwhich
      btop
@ -26,6 +25,7 @@
      neofetch
      rclone
      ripgrep
      rnr
      rsync
      sd
      tree
--- a/users/common/nushell.nix
+++ b/users/common/nushell.nix
@ -0,0 +1,9 @@
 {
  lib,
  pkgs,
  ...
 }: {
  programs.nushell = {
    enable = true;
  };
 }