feat: remove recipients.txt in favor of nix run '.#edit-secret'

flake.lock

@@ -26,11 +26,11 @@
         "flake-utils": "flake-utils"
       },
       "locked": {
-        "lastModified": 1675298618,
+        "lastModified": 1675455064,
-        "narHash": "sha256-gjsLHu5MNdSDdNUUtEvcohP0L/pF9cSxdRyS1yg9wXU=",
+        "narHash": "sha256-bpSrEuFUY0iw9DCGy1BGUhkDdcHfUEBKQEYeXJ0nSEQ=",
         "owner": "oddlama",
         "repo": "agenix-rekey",
-        "rev": "df345c1a0e37985bc4da2c67d4fc5bdd433c53af",
+        "rev": "fc713fec49844330863f781864e6cd6ab61c25d6",
         "type": "github"
       },
       "original": {
@@ -51,11 +51,11 @@
         "stable": "stable"
       },
       "locked": {
-        "lastModified": 1675019967,
+        "lastModified": 1675400331,
-        "narHash": "sha256-AD9udouBmfWxmsM1j6eNCu+HEB9E41+fA3XRIb765LU=",
+        "narHash": "sha256-ja0DhWBARzcimqMBhQ+DP7NQoJSlNasqvlj5GiHRYY0=",
         "owner": "zhaofengli",
         "repo": "colmena",
-        "rev": "7602e548a78932bd28a7e2f621b3d62b4124e993",
+        "rev": "31d8240504e91c3ea5c758d92f02f94af3fae6c3",
         "type": "github"
       },
       "original": {
@@ -156,11 +156,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1675247113,
+        "lastModified": 1675371293,
-        "narHash": "sha256-+YcXjfCP4hNu8A68b/UoXFCTDwKLuLV+x/7dQnM5U/o=",
+        "narHash": "sha256-LrCjtrAXj/WJphhGEMnHgZs7oTsfOlvPfOjFTIvg39k=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "782cb855b2f23c485011a196c593e2d7e4fce746",
+        "rev": "d1c7730bb707bf8124d997952f7babd2a281ae68",
         "type": "github"
       },
       "original": {
@@ -171,11 +171,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1668668915,
+        "lastModified": 1675359654,
-        "narHash": "sha256-QjY4ZZbs9shwO4LaLpvlU2bO9J1juYhO9NtV3nrbnYQ=",
+        "narHash": "sha256-FPxzuvJkcO49g4zkWLSeuZkln54bLoTtrggZDJBH90I=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "5df9108b346f8a42021bf99e50de89c9caa251c3",
+        "rev": "6138eb8e737bffabd4c8fc78ae015d4fd6a7e2fd",
         "type": "github"
       },
       "original": {
@@ -201,11 +201,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1675183161,
+        "lastModified": 1675273418,
-        "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=",
+        "narHash": "sha256-tpYc4TEGvDzh9uRf44QemyQ4TpVuUbxb07b2P99XDbM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e",
+        "rev": "4d7c2644dbac9cf8282c0afe68fca8f0f3e7b2db",
         "type": "github"
       },
       "original": {
@@ -233,9 +233,7 @@
     },
     "pre-commit-hooks": {
       "inputs": {
-        "flake-compat": [
+        "flake-compat": "flake-compat_2",
-          "flake-compat"
-        ],
         "flake-utils": [
           "flake-utils"
         ],
@@ -246,11 +244,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1675169698,
+        "lastModified": 1675337566,
-        "narHash": "sha256-C1wFiyJ+4SRvIsFkdMIN1Fa+58APmyTGKWpX9EKOehM=",
+        "narHash": "sha256-jmLBTQcs1jFOn8h1Q5b5XwPfYgFOtcZ3+mU9KvfC6Js=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "ce4efeec34c6eb35ba07b8fceaae87d6b46c1c5f",
+        "rev": "5668d079583a5b594cb4e0cc0e6d84f1b93da7ae",
         "type": "github"
       },
       "original": {
@@ -288,7 +286,6 @@
       "inputs": {
         "agenix-rekey": "agenix-rekey",
         "colmena": "colmena",
-        "flake-compat": "flake-compat_2",
         "flake-utils": "flake-utils_2",
         "home-manager": "home-manager",
         "impermanence": "impermanence",

flake.nix

@@ -8,11 +8,6 @@
       inputs.flake-utils.follows = "flake-utils";
     };
 
-    flake-compat = {
-      url = "github:edolstra/flake-compat";
-      flake = false;
-    };
-
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -27,7 +22,6 @@
       url = "github:cachix/pre-commit-hooks.nix";
       inputs.nixpkgs.follows = "nixpkgs";
       inputs.flake-utils.follows = "flake-utils";
-      inputs.flake-compat.follows = "flake-compat";
     };
 
     agenix-rekey.url = "github:oddlama/agenix-rekey";
@@ -54,6 +48,8 @@
       colmena = import ./nix/colmena.nix inputs;
       overlays = import ./nix/overlay.nix inputs;
       homeConfigurations = import ./nix/home-manager.nix inputs;
+
+      inherit ((colmena.lib.makeHive self.colmena).introspect (x: x)) nodes;
     }
     // flake-utils.lib.eachDefaultSystem (system: rec {
       checks = import ./nix/checks.nix inputs system;
@@ -76,9 +72,6 @@
         config.allowUnfree = true;
       };
 
-      apps = let
+      apps = agenix-rekey.defineApps self pkgs self.nodes;
-        inherit ((colmena.lib.makeHive self.colmena).introspect (x: x)) nodes;
-      in
-        agenix-rekey.defineApps inputs system nodes;
     });
 }

modules/core/default.nix

@@ -26,8 +26,8 @@ in {
   security.sudo.enable = false;
 
   rekey.hostPubkey = ../../secrets/pubkeys + "/${config.networking.hostName}.pub";
-  rekey.masterIdentityPaths = [../../secrets/yk1-nix-rage.pub];
+  rekey.masterIdentities = [../../secrets/yk1-nix-rage.pub];
-  rekey.agePlugins = with pkgs; [age-plugin-yubikey];
+  rekey.extraEncryptionPubkeys = [../../secrets/backup.pub];
 
   rekey.secrets.yolo.file = ./yolo.age;
   environment.etc."YOLO".source = config.rekey.secrets.yolo.path;

secrets/recipients.txt

@@ -1,4 +0,0 @@
-# backup
-age1dnljckavy0lz98s672faeh6rg62yu7qpgrx254yy7dxcnkaluvmq2erktc
-# yk1-nix-rage
-age1yubikey1qgf2k486ctg6rs66mlm6wudwcwg6r5h5jme2cr3ympluyjl84dgkjxpzup9