diff --git a/flake.lock b/flake.lock index efc6b2d..dc994c8 100644 --- a/flake.lock +++ b/flake.lock @@ -26,11 +26,11 @@ "flake-utils": "flake-utils" }, "locked": { - "lastModified": 1675298618, - "narHash": "sha256-gjsLHu5MNdSDdNUUtEvcohP0L/pF9cSxdRyS1yg9wXU=", + "lastModified": 1675455064, + "narHash": "sha256-bpSrEuFUY0iw9DCGy1BGUhkDdcHfUEBKQEYeXJ0nSEQ=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "df345c1a0e37985bc4da2c67d4fc5bdd433c53af", + "rev": "fc713fec49844330863f781864e6cd6ab61c25d6", "type": "github" }, "original": { @@ -51,11 +51,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1675019967, - "narHash": "sha256-AD9udouBmfWxmsM1j6eNCu+HEB9E41+fA3XRIb765LU=", + "lastModified": 1675400331, + "narHash": "sha256-ja0DhWBARzcimqMBhQ+DP7NQoJSlNasqvlj5GiHRYY0=", "owner": "zhaofengli", "repo": "colmena", - "rev": "7602e548a78932bd28a7e2f621b3d62b4124e993", + "rev": "31d8240504e91c3ea5c758d92f02f94af3fae6c3", "type": "github" }, "original": { @@ -156,11 +156,11 @@ ] }, "locked": { - "lastModified": 1675247113, - "narHash": "sha256-+YcXjfCP4hNu8A68b/UoXFCTDwKLuLV+x/7dQnM5U/o=", + "lastModified": 1675371293, + "narHash": "sha256-LrCjtrAXj/WJphhGEMnHgZs7oTsfOlvPfOjFTIvg39k=", "owner": "nix-community", "repo": "home-manager", - "rev": "782cb855b2f23c485011a196c593e2d7e4fce746", + "rev": "d1c7730bb707bf8124d997952f7babd2a281ae68", "type": "github" }, "original": { @@ -171,11 +171,11 @@ }, "impermanence": { "locked": { - "lastModified": 1668668915, - "narHash": "sha256-QjY4ZZbs9shwO4LaLpvlU2bO9J1juYhO9NtV3nrbnYQ=", + "lastModified": 1675359654, + "narHash": "sha256-FPxzuvJkcO49g4zkWLSeuZkln54bLoTtrggZDJBH90I=", "owner": "nix-community", "repo": "impermanence", - "rev": "5df9108b346f8a42021bf99e50de89c9caa251c3", + "rev": "6138eb8e737bffabd4c8fc78ae015d4fd6a7e2fd", "type": "github" }, "original": { @@ -201,11 +201,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1675183161, - "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=", + "lastModified": 1675273418, + "narHash": "sha256-tpYc4TEGvDzh9uRf44QemyQ4TpVuUbxb07b2P99XDbM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e", + "rev": "4d7c2644dbac9cf8282c0afe68fca8f0f3e7b2db", "type": "github" }, "original": { @@ -233,9 +233,7 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": [ - "flake-compat" - ], + "flake-compat": "flake-compat_2", "flake-utils": [ "flake-utils" ], @@ -246,11 +244,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1675169698, - "narHash": "sha256-C1wFiyJ+4SRvIsFkdMIN1Fa+58APmyTGKWpX9EKOehM=", + "lastModified": 1675337566, + "narHash": "sha256-jmLBTQcs1jFOn8h1Q5b5XwPfYgFOtcZ3+mU9KvfC6Js=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "ce4efeec34c6eb35ba07b8fceaae87d6b46c1c5f", + "rev": "5668d079583a5b594cb4e0cc0e6d84f1b93da7ae", "type": "github" }, "original": { @@ -288,7 +286,6 @@ "inputs": { "agenix-rekey": "agenix-rekey", "colmena": "colmena", - "flake-compat": "flake-compat_2", "flake-utils": "flake-utils_2", "home-manager": "home-manager", "impermanence": "impermanence", diff --git a/flake.nix b/flake.nix index f0539b7..23146f0 100644 --- a/flake.nix +++ b/flake.nix @@ -8,11 +8,6 @@ inputs.flake-utils.follows = "flake-utils"; }; - flake-compat = { - url = "github:edolstra/flake-compat"; - flake = false; - }; - home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -27,7 +22,6 @@ url = "github:cachix/pre-commit-hooks.nix"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; - inputs.flake-compat.follows = "flake-compat"; }; agenix-rekey.url = "github:oddlama/agenix-rekey"; @@ -54,6 +48,8 @@ colmena = import ./nix/colmena.nix inputs; overlays = import ./nix/overlay.nix inputs; homeConfigurations = import ./nix/home-manager.nix inputs; + + inherit ((colmena.lib.makeHive self.colmena).introspect (x: x)) nodes; } // flake-utils.lib.eachDefaultSystem (system: rec { checks = import ./nix/checks.nix inputs system; @@ -76,9 +72,6 @@ config.allowUnfree = true; }; - apps = let - inherit ((colmena.lib.makeHive self.colmena).introspect (x: x)) nodes; - in - agenix-rekey.defineApps inputs system nodes; + apps = agenix-rekey.defineApps self pkgs self.nodes; }); } diff --git a/modules/core/default.nix b/modules/core/default.nix index cf9a872..f5ea568 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -26,8 +26,8 @@ in { security.sudo.enable = false; rekey.hostPubkey = ../../secrets/pubkeys + "/${config.networking.hostName}.pub"; - rekey.masterIdentityPaths = [../../secrets/yk1-nix-rage.pub]; - rekey.agePlugins = with pkgs; [age-plugin-yubikey]; + rekey.masterIdentities = [../../secrets/yk1-nix-rage.pub]; + rekey.extraEncryptionPubkeys = [../../secrets/backup.pub]; rekey.secrets.yolo.file = ./yolo.age; environment.etc."YOLO".source = config.rekey.secrets.yolo.path; diff --git a/secrets/recipients.txt b/secrets/recipients.txt deleted file mode 100644 index 6926a3e..0000000 --- a/secrets/recipients.txt +++ /dev/null @@ -1,4 +0,0 @@ -# backup -age1dnljckavy0lz98s672faeh6rg62yu7qpgrx254yy7dxcnkaluvmq2erktc -# yk1-nix-rage -age1yubikey1qgf2k486ctg6rs66mlm6wudwcwg6r5h5jme2cr3ympluyjl84dgkjxpzup9