sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: update agenix-rekey

Browse source
This commit is contained in:
oddlama 2023-09-24 18:12:04 +02:00
parent 7042ea9ecc
commit b3f08ef7c3
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
5 changed files with 193 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

218
flake.lock generated
View file

@ -42,17 +42,22 @@
}, },
"agenix-rekey": { "agenix-rekey": {
"inputs": { "inputs": {
"devshell": "devshell",
"flake-utils": [
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
"lastModified": 1692783612, "dirtyRev": "8e853a2094472ac2665b453de41832f0f6cf0aa9-dirty",
"narHash": "sha256-Mz1xv45Rjzet1D2bMGKapgw1JCHaD60dBs4sE6Dz2+A=", "dirtyShortRev": "8e853a2-dirty",
"owner": "oddlama", "lastModified": 1695571453,
"repo": "agenix-rekey", "narHash": "sha256-Qws2IEoO/L7YGzXyweL5VlgHaTWR4UY7Apkbxhihrzg=",
"rev": "52695865488742e0b34a56111cd40e229b3ab90a", "type": "git",
"type": "github" "url": "file:///home/malte/projects/agenix-rekey"
}, },
"original": { "original": {
"owner": "oddlama", "owner": "oddlama",
@ -80,7 +85,7 @@
}, },
"colmena": { "colmena": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"flake-utils": [ "flake-utils": [
"flake-utils" "flake-utils"
], ],
@ -105,7 +110,7 @@
}, },
"crane": { "crane": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"elewrap", "elewrap",
@ -173,10 +178,32 @@
"devshell": { "devshell": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"agenix-rekey",
"nixpkgs" "nixpkgs"
], ],
"systems": "systems" "systems": "systems"
}, },
"locked": {
"lastModified": 1695195896,
"narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=",
"owner": "numtide",
"repo": "devshell",
"rev": "05d40d17bf3459606316e3e9ec683b784ff28f16",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_2"
},
"locked": { "locked": {
"lastModified": 1694435990, "lastModified": 1694435990,
"narHash": "sha256-yLQPD2eZGepu3yvdwABXrR3GhAqWRWTj9rn3a4knYuk=", "narHash": "sha256-yLQPD2eZGepu3yvdwABXrR3GhAqWRWTj9rn3a4knYuk=",
@ -219,7 +246,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks_2"
}, },
"locked": { "locked": {
"lastModified": 1688574676, "lastModified": 1688574676,
@ -238,11 +265,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1650374568, "lastModified": 1673956053,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8", "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -254,11 +281,11 @@
"flake-compat_2": { "flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1650374568,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -284,21 +311,6 @@
} }
}, },
"flake-compat_4": { "flake-compat_4": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -314,6 +326,21 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_5": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_6": { "flake-compat_6": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -330,6 +357,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@ -354,7 +397,7 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1685518550, "lastModified": 1685518550,
@ -372,7 +415,7 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1687709756, "lastModified": 1687709756,
@ -390,7 +433,7 @@
}, },
"flake-utils_3": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1694529238, "lastModified": 1694529238,
@ -408,7 +451,7 @@
}, },
"flake-utils_4": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1694529238, "lastModified": 1694529238,
@ -443,7 +486,7 @@
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"elewrap", "agenix-rekey",
"pre-commit-hooks", "pre-commit-hooks",
"nixpkgs" "nixpkgs"
] ]
@ -463,6 +506,28 @@
} }
}, },
"gitignore_2": { "gitignore_2": {
"inputs": {
"nixpkgs": [
"elewrap",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"pre-commit-hooks", "pre-commit-hooks",
@ -747,9 +812,25 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-wayland": { "nixpkgs-wayland": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_5",
"lib-aggregate": "lib-aggregate", "lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs", "nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [ "nixpkgs": [
@ -811,18 +892,46 @@
}, },
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat",
"flake-utils": [ "flake-utils": [
"elewrap", "agenix-rekey",
"flake-utils" "flake-utils"
], ],
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"elewrap", "agenix-rekey",
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": {
"lastModified": 1694364351,
"narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks_2": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-utils": [
"elewrap",
"flake-utils"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"elewrap",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": { "locked": {
"lastModified": 1688137124, "lastModified": 1688137124,
"narHash": "sha256-ramG4s/+A5+t/QG2MplTNPP/lmBWDtbW6ilpwb9sKVo=", "narHash": "sha256-ramG4s/+A5+t/QG2MplTNPP/lmBWDtbW6ilpwb9sKVo=",
@ -837,17 +946,17 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks_2": { "pre-commit-hooks_3": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_6",
"flake-utils": [ "flake-utils": [
"flake-utils" "flake-utils"
], ],
"gitignore": "gitignore_2", "gitignore": "gitignore_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable_3"
}, },
"locked": { "locked": {
"lastModified": 1694364351, "lastModified": 1694364351,
@ -868,7 +977,7 @@
"agenix": "agenix", "agenix": "agenix",
"agenix-rekey": "agenix-rekey", "agenix-rekey": "agenix-rekey",
"colmena": "colmena", "colmena": "colmena",
"devshell": "devshell", "devshell": "devshell_2",
"disko": "disko", "disko": "disko",
"elewrap": "elewrap", "elewrap": "elewrap",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
@ -883,7 +992,7 @@
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-wayland": "nixpkgs-wayland", "nixpkgs-wayland": "nixpkgs-wayland",
"nixseparatedebuginfod": "nixseparatedebuginfod", "nixseparatedebuginfod": "nixseparatedebuginfod",
"pre-commit-hooks": "pre-commit-hooks_2", "pre-commit-hooks": "pre-commit-hooks_3",
"stylix": "stylix", "stylix": "stylix",
"templates": "templates" "templates": "templates"
} }
@ -934,7 +1043,7 @@
"stylix": { "stylix": {
"inputs": { "inputs": {
"base16": "base16", "base16": "base16",
"flake-compat": "flake-compat_6", "flake-compat": "flake-compat_7",
"home-manager": [ "home-manager": [
"home-manager" "home-manager"
], ],
@ -1031,6 +1140,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"templates": { "templates": {
"locked": { "locked": {
"lastModified": 1691421369, "lastModified": 1691421369,

30
flake.nix
View file

@ -11,6 +11,7 @@
agenix-rekey = { agenix-rekey = {
url = "github:oddlama/agenix-rekey"; url = "github:oddlama/agenix-rekey";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
}; };
colmena = { colmena = {
@ -127,6 +128,11 @@
extraEncryptionPubkeys = [./secrets/backup.pub]; extraEncryptionPubkeys = [./secrets/backup.pub];
}; };
agenix-rekey = agenix-rekey.configure {
userFlake = self;
inherit (self) nodes pkgs;
};
inherit inherit
(import ./nix/hosts.nix inputs) (import ./nix/hosts.nix inputs)
colmena colmena
@ -160,6 +166,7 @@
++ import ./pkgs/default.nix ++ import ./pkgs/default.nix
++ [ ++ [
devshell.overlays.default devshell.overlays.default
agenix-rekey.overlays.default
]; ];
}; };
@ -180,11 +187,8 @@
.${system}; .${system};
}; };
# Define local apps and apps used for rekeying secrets
# `nix run .#<app>` # `nix run .#<app>`
apps = apps = import ./apps inputs system;
agenix-rekey.defineApps self pkgs self.nodes
// import ./apps inputs system;
# `nix flake check` # `nix flake check`
checks.pre-commit-hooks = pre-commit-hooks.lib.${system}.run { checks.pre-commit-hooks = pre-commit-hooks.lib.${system}.run {
@ -208,33 +212,37 @@
nix # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions. nix # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions.
]; ];
commands = with pkgs; [ commands = [
{ {
package = colmena.packages.${system}.colmena; package = colmena.packages.${system}.colmena;
help = "Build and deploy this nix config to nodes"; help = "Build and deploy this nix config to nodes";
} }
{ {
package = alejandra; package = pkgs.agenix-rekey;
help = "Edit and rekey secrets";
}
{
package = pkgs.alejandra;
help = "Format nix code"; help = "Format nix code";
} }
{ {
package = statix; package = pkgs.statix;
help = "Lint nix code"; help = "Lint nix code";
} }
{ {
package = deadnix; package = pkgs.deadnix;
help = "Find unused expressions in nix code"; help = "Find unused expressions in nix code";
} }
{ {
package = update-nix-fetchgit; package = pkgs.update-nix-fetchgit;
help = "Update fetcher hashes inside nix files"; help = "Update fetcher hashes inside nix files";
} }
{ {
package = nix-tree; package = pkgs.nix-tree;
help = "Interactively browse dependency graphs of Nix derivations"; help = "Interactively browse dependency graphs of Nix derivations";
} }
{ {
package = nix-diff; package = pkgs.nix-diff;
help = "Explain why two Nix derivations differ"; help = "Explain why two Nix derivations differ";
} }
]; ];

1
modules/config/secrets.nix
View file

@ -26,6 +26,7 @@
forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem; forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
hostPubkey = config.node.secretsDir + "/host.pub"; hostPubkey = config.node.secretsDir + "/host.pub";
generatedSecretsDir = inputs.self.outPath + "/secrets/generated/${config.node.name}"; generatedSecretsDir = inputs.self.outPath + "/secrets/generated/${config.node.name}";
cacheDir = "\"\${XDG_CACHE_HOME:=$HOME/.cache}/agenix-rekey\"";
}; };
age.generators.basic-auth = { age.generators.basic-auth = {

1
users/modules/config/impermanence.nix
View file

@ -12,6 +12,7 @@ in {
home.persistence."/state".directories = home.persistence."/state".directories =
[ [
".cache/agenix-rekey" # agenix-rekey cache
".cache/fontconfig" ".cache/fontconfig"
".cache/nix" # nix eval cache ".cache/nix" # nix eval cache
".config/dconf" # some apps store their configuration using dconf ".config/dconf" # some apps store their configuration using dconf

1
users/myuser/graphical/default.nix
View file

@ -37,6 +37,7 @@
zathura zathura
]; ];
# TODO on neogit close do neotree update
# TODO kitty terminfo missing with ssh root@localhost # TODO kitty terminfo missing with ssh root@localhost
# TODO nix repl cltr+del doesnt work # TODO nix repl cltr+del doesnt work
# TODO wrap neovim for kitty hist # TODO wrap neovim for kitty hist