From 652462fb5d677461e148e284a18608feac6d96b4 Mon Sep 17 00:00:00 2001
From: Daniel Kempkens <daniel+git@kempkens.io>
Date: Sun, 5 Feb 2023 17:51:04 +0100
Subject: [PATCH] WIP: Play with agenix

---
 agenix/hosts/sail/config.nix                |   7 +++
 agenix/hosts/sail/freshrss/userPassword.age | Bin 0 -> 421 bytes
 flake.lock                                  |  54 ++++++++++++++------
 flake.nix                                   |   7 +++
 home/config/nvim/nifoc/statusline.fnl       |   2 +-
 home/hosts/Styx.nix                         |   1 +
 home/programs/nvim/plugins.nix              |  12 ++---
 secrets.nix                                 |  10 ++++
 system/flakes/Styx.nix                      |   2 +
 system/flakes/sail.nix                      |   8 +--
 system/hosts/sail.nix                       |   1 +
 system/nixos/freshrss.nix                   |   2 +-
 12 files changed, 80 insertions(+), 26 deletions(-)
 create mode 100644 agenix/hosts/sail/config.nix
 create mode 100644 agenix/hosts/sail/freshrss/userPassword.age
 create mode 100644 secrets.nix

diff --git a/agenix/hosts/sail/config.nix b/agenix/hosts/sail/config.nix
new file mode 100644
index 0000000..60ef9cc
--- /dev/null
+++ b/agenix/hosts/sail/config.nix
@@ -0,0 +1,7 @@
+{
+  age.secrets = {
+    freshrss = {
+      userPassword.file = ./freshrss/userPassword.age;
+    };
+  };
+}
diff --git a/agenix/hosts/sail/freshrss/userPassword.age b/agenix/hosts/sail/freshrss/userPassword.age
new file mode 100644
index 0000000000000000000000000000000000000000..b8fee566e1a43fc7263c9fbf38491b923e6d32f7
GIT binary patch
literal 421
zcmZ9_y>8P$003a5ZdMl<nG93GGL9YFsX;<Y<0ejQpOZ^S>_`lk<m}Y(|HXFPAJhto
zp#t?acmgI?Ru&i-7`jz}#DZ85Du|Wu1wQ0q7Dw}}O4bK)^dQbWuHY&5F-^#l#S1}_
zc!f6CokaHN)kFwQose3z*Q(2QUstv9tlKx+eMN3E&}^sOq0L)uS@WoB-|qxauDQHA
zmAFcD7l1FVC`|o^+C`Q*9Tg&qLwli$|8HP67MCSG+XxH@@`4F#qHFKw92k$(L6T<8
zDsbEtoOkO!a*VmSim5WrHz+SdU?M%2tRQLR8PY&8Qbx!!^m5f~n+-;rEY<ygn*$$0
zsRw1&%P=CC3Y?{b<4(#YM$so_#uR}7mEJJjBf_pU-PmS{)&q)VS=z8MFZ#V$?hRXz
zFAjC!=`~IEJ$vX@0CG=SRibnhvKWYzkzM@4llv!sejI<ldY5fI{d|t!f;ZcjUnhf`
x>ige6pZRA;cMm@vUEU&h_%A27U%a|;eYImXo}Yd&?p;gu=+Wz!-?l!T{{?+`li2_O

literal 0
HcmV?d00001

diff --git a/flake.lock b/flake.lock
index 77c5df3..fa37ca4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,28 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": [
+          "darwin"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1675176355,
+        "narHash": "sha256-Qjxh5cmN56siY97mzmBLI1+cdjXSPqmfPVsKxBvHmwI=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "b7ffcfe77f817d9ee992640ba1f270718d197f28",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "arion": {
       "inputs": {
         "flake-parts": "flake-parts",
@@ -117,11 +140,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1675462931,
-        "narHash": "sha256-JiOUSERBtA1lN/s9YTKGZoZ3XUicHDwr+C8swaPSh3M=",
+        "lastModified": 1675595366,
+        "narHash": "sha256-WoQkwaaoZqrhWpIrMxA+2j8CgxgyvjHzCyEZAQu06rQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e2c1756e3ae001ca8696912016dd31cb1503ccf3",
+        "rev": "9621e9ab80a038cd11c7cfcae4df46a59d62b16a",
         "type": "github"
       },
       "original": {
@@ -140,11 +163,11 @@
       },
       "locked": {
         "dir": "contrib",
-        "lastModified": 1675418037,
-        "narHash": "sha256-vJtNMkMtFiXXqGdC8woiqhGcnf/7SW1lasbf3Z6peaw=",
+        "lastModified": 1675561032,
+        "narHash": "sha256-0BnsvvebFprjoi1Vz8xF6F9RJVaxJwbAeS7FdRDzeIs=",
         "owner": "neovim",
         "repo": "neovim",
-        "rev": "964ae205a583807127eda75d9876fb6dfda6065c",
+        "rev": "5c4b503d3cb4a48d083bcf50d4932927e6eb749d",
         "type": "github"
       },
       "original": {
@@ -161,11 +184,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1675498400,
-        "narHash": "sha256-CKYP1FWntgxb5A0H8b+szRgZlropddRQv2O+BFleyak=",
+        "lastModified": 1675584806,
+        "narHash": "sha256-e3Be4OA16rgsQI881yrejy/wrjX62WQLOK3z1UfbTZk=",
         "owner": "nix-community",
         "repo": "neovim-nightly-overlay",
-        "rev": "b6b35bcfb1048390aafb3d4cc9d9e3b9bdc36dd8",
+        "rev": "6690d543402dea98fd975709ed3be6d6b778f302",
         "type": "github"
       },
       "original": {
@@ -181,11 +204,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1675498953,
-        "narHash": "sha256-h45YzNBaPuxRrE3Zkh8KvA3jdYjGJlpwTcsziEGIB2Y=",
+        "lastModified": 1675585357,
+        "narHash": "sha256-AIXHHZxtj2sUV8jlYtZ4p09TAmD/EkJ5E8+YWfCbmDM=",
         "owner": "nifoc",
         "repo": "nix-overlay",
-        "rev": "25a50f97bdb0ee0fdd19810e7f5949f36984caeb",
+        "rev": "fecfe2b744653563d90904847d474378e839f7d3",
         "type": "github"
       },
       "original": {
@@ -212,11 +235,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1675492391,
-        "narHash": "sha256-ntsF/e5HG7FIaa2uxtH91LlY4GmcCu4YmFGSfnPUmxQ=",
+        "lastModified": 1675584158,
+        "narHash": "sha256-SBkchaDzCHxnPNRDdtZ5ko5caHio9iS0Mbyn/xXbXxs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "32ec41a6726d57e539acea7ac57f94266d8d8d1a",
+        "rev": "d840126a0890621e7b220894d749132dd4bde6a0",
         "type": "github"
       },
       "original": {
@@ -228,6 +251,7 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "arion": "arion",
         "darwin": "darwin",
         "home-manager": "home-manager",
diff --git a/flake.nix b/flake.nix
index 979980f..551e266 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,6 +12,12 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.darwin.follows = "darwin";
+    };
+
     neovim-nightly-overlay = {
       url = "github:nix-community/neovim-nightly-overlay";
       inputs.nixpkgs.url = "github:nixos/nixpkgs?rev=fad51abd42ca17a60fc1d4cb9382e2d79ae31836";
@@ -40,6 +46,7 @@
       sail = import ./system/flakes/sail.nix {
         inherit (inputs) nixpkgs;
         inherit (inputs) home-manager;
+        inherit (inputs) agenix;
         inherit (inputs) arion;
         inherit inputs;
       };
diff --git a/home/config/nvim/nifoc/statusline.fnl b/home/config/nvim/nifoc/statusline.fnl
index 589b1b2..c4db57a 100644
--- a/home/config/nvim/nifoc/statusline.fnl
+++ b/home/config/nvim/nifoc/statusline.fnl
@@ -234,7 +234,7 @@
         2 {:provider #(string.gsub (navic.get_location) "%%" "%%%%")
            :hl {:fg colors.white}}})
   (set mod.navic
-       {:condition navic.is_available
+       {:condition #(navic.is_available 0)
         :static {:type-hl {:File :Directory
                            :Module "@include"
                            :Namespace "@namespace"
diff --git a/home/hosts/Styx.nix b/home/hosts/Styx.nix
index 4d0f0f7..10fd0b4 100644
--- a/home/hosts/Styx.nix
+++ b/home/hosts/Styx.nix
@@ -43,6 +43,7 @@ in
     stateVersion = "22.11";
 
     packages = with pkgs; [
+      agenix
       agilebits-op
       aria2
       arp-scan
diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix
index 1d5cf3c..5ba45ec 100644
--- a/home/programs/nvim/plugins.nix
+++ b/home/programs/nvim/plugins.nix
@@ -112,12 +112,12 @@ rec {
     };
   };
   nvim-treesitter = pkgs.vimPlugins.nvim-treesitter.overrideAttrs (_: {
-    version = "2023-02-04";
+    version = "2023-02-05";
     src = pkgs.fetchFromGitHub {
       owner = "nvim-treesitter";
       repo = "nvim-treesitter";
-      rev = "bd7b4b6eff2dcb4a8a65f55d51398e79fa3d4ec6";
-      sha256 = "08amxr13yfqi2301lrdb0swl6wfjkbi3i7cq5r5ypyw7xaj1nbqb";
+      rev = "720f75f9881cae820cecde23fc2f07affacf2826";
+      sha256 = "16rh90skmhs2qr9v39l7f0kmml8n7f8c36vsp96pwkd9rw1j99ki";
       fetchSubmodules = false;
     };
   });
@@ -156,12 +156,12 @@ rec {
   };
   telescope-fzf-native-nvim = pkgs.vimUtils.buildVimPluginFrom2Nix {
     pname = "telescope-fzf-native.nvim";
-    version = "2022-12-18";
+    version = "2023-02-05";
     src = pkgs.fetchFromGitHub {
       owner = "nvim-telescope";
       repo = "telescope-fzf-native.nvim";
-      rev = "fab3e2212e206f4f8b3bbaa656e129443c9b802e";
-      sha256 = "0paiaag3aazfv8rr0i43maq34pn3iga3lkjyllhfysqvdm8jk50f";
+      rev = "580b6c48651cabb63455e97d7e131ed557b8c7e2";
+      sha256 = "1yjdn4729syz80radl90f2bsh7jl73rxq5ss0yp2qjj7aj8hkhm6";
       fetchSubmodules = false;
     };
     buildPhase = ''
diff --git a/secrets.nix b/secrets.nix
new file mode 100644
index 0000000..1a49e3d
--- /dev/null
+++ b/secrets.nix
@@ -0,0 +1,10 @@
+let
+  user-daniel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1UfCIu7jUe64iQmp2UUyAgqZ3IYdMOo/Me6hRTnKoG";
+
+  system-sail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJMs1BqZ+MC7XBwV+dZW8EmaZt2cOg/xcOBPS9KSzIl";
+
+  sail = [ user-daniel system-sail ];
+in
+{
+  "agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
+}
diff --git a/system/flakes/Styx.nix b/system/flakes/Styx.nix
index b4a4309..a2aedee 100644
--- a/system/flakes/Styx.nix
+++ b/system/flakes/Styx.nix
@@ -14,12 +14,14 @@ let
     nixpkgs.lib.fix (self: (import "${src}/flake.nix").outputs { inherit self nixpkgs; });
 
   overlay-x86 = _: _: { pkgs-x86 = import nixpkgs { system = "x86_64-darwin"; }; };
+  overlay-agenix = inputs.agenix.overlays.default;
   overlay-neovim = inputs.neovim-nightly-overlay.overlay;
   overlay-nifoc = inputs.nifoc-overlay.overlay;
 
   nixpkgsConfig = {
     overlays = [
       overlay-x86
+      overlay-agenix
       overlay-neovim
       overlay-nifoc
     ];
diff --git a/system/flakes/sail.nix b/system/flakes/sail.nix
index 5a6f4d9..45fb440 100644
--- a/system/flakes/sail.nix
+++ b/system/flakes/sail.nix
@@ -1,4 +1,4 @@
-{ nixpkgs, home-manager, arion, inputs, ... }:
+{ nixpkgs, home-manager, agenix, arion, inputs, ... }:
 
 let
   overlay-neovim = inputs.neovim-nightly-overlay.overlay;
@@ -20,12 +20,14 @@ in
   system = nixpkgs.lib.nixosSystem {
     system = "x86_64-linux";
     modules = [
-      arion.nixosModules.arion
-
       ../hosts/sail.nix
 
       home-manager.nixosModules.home-manager
 
+      agenix.nixosModules.default
+
+      arion.nixosModules.arion
+
       {
         nixpkgs = nixpkgsConfig;
         nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
diff --git a/system/hosts/sail.nix b/system/hosts/sail.nix
index 97e2685..debf7c8 100644
--- a/system/hosts/sail.nix
+++ b/system/hosts/sail.nix
@@ -9,6 +9,7 @@ in
 {
   imports = [
     ../../hardware/hosts/sail.nix
+    ../../agenix/hosts/sail/config.nix
     ../nixos/ssh.nix
 
     ../nixos/git.nix
diff --git a/system/nixos/freshrss.nix b/system/nixos/freshrss.nix
index 2bdfca7..62bdd65 100644
--- a/system/nixos/freshrss.nix
+++ b/system/nixos/freshrss.nix
@@ -5,7 +5,7 @@
     enable = true;
 
     inherit (secret.freshrss) defaultUser;
-    inherit (secret.freshrss) passwordFile;
+    passwordFile = config.age.secrets.freshrss.userPassword.path;
 
     inherit (secret.freshrss) baseUrl;
     inherit (secret.freshrss) virtualHost;