daniel/dotfiles
1
0
Fork 0
Code Actions Activity

WIP: Play with agenix

Browse source
This commit is contained in:
Daniel Kempkens 2023-02-05 17:51:04 +01:00
parent 04d893cdef
commit 652462fb5d
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
12 changed files with 80 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
agenix/hosts/sail/config.nix Normal file
View file

@ -0,0 +1,7 @@
{
age.secrets = {
freshrss = {
userPassword.file = ./freshrss/userPassword.age;
};
};
}

BIN
agenix/hosts/sail/freshrss/userPassword.age Normal file
View file

Binary file not shown.

54
flake.lock
View file

@ -1,5 +1,28 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": [
"darwin"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1675176355,
"narHash": "sha256-Qjxh5cmN56siY97mzmBLI1+cdjXSPqmfPVsKxBvHmwI=",
"owner": "ryantm",
"repo": "agenix",
"rev": "b7ffcfe77f817d9ee992640ba1f270718d197f28",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"arion": {
"inputs": {
"flake-parts": "flake-parts",
@ -117,11 +140,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1675462931,
"narHash": "sha256-JiOUSERBtA1lN/s9YTKGZoZ3XUicHDwr+C8swaPSh3M=",
"lastModified": 1675595366,
"narHash": "sha256-WoQkwaaoZqrhWpIrMxA+2j8CgxgyvjHzCyEZAQu06rQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e2c1756e3ae001ca8696912016dd31cb1503ccf3",
"rev": "9621e9ab80a038cd11c7cfcae4df46a59d62b16a",
"type": "github"
},
"original": {
@ -140,11 +163,11 @@
},
"locked": {
"dir": "contrib",
"lastModified": 1675418037,
"narHash": "sha256-vJtNMkMtFiXXqGdC8woiqhGcnf/7SW1lasbf3Z6peaw=",
"lastModified": 1675561032,
"narHash": "sha256-0BnsvvebFprjoi1Vz8xF6F9RJVaxJwbAeS7FdRDzeIs=",
"owner": "neovim",
"repo": "neovim",
"rev": "964ae205a583807127eda75d9876fb6dfda6065c",
"rev": "5c4b503d3cb4a48d083bcf50d4932927e6eb749d",
"type": "github"
},
"original": {
@ -161,11 +184,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1675498400,
"narHash": "sha256-CKYP1FWntgxb5A0H8b+szRgZlropddRQv2O+BFleyak=",
"lastModified": 1675584806,
"narHash": "sha256-e3Be4OA16rgsQI881yrejy/wrjX62WQLOK3z1UfbTZk=",
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"rev": "b6b35bcfb1048390aafb3d4cc9d9e3b9bdc36dd8",
"rev": "6690d543402dea98fd975709ed3be6d6b778f302",
"type": "github"
},
"original": {
@ -181,11 +204,11 @@
]
},
"locked": {
"lastModified": 1675498953,
"narHash": "sha256-h45YzNBaPuxRrE3Zkh8KvA3jdYjGJlpwTcsziEGIB2Y=",
"lastModified": 1675585357,
"narHash": "sha256-AIXHHZxtj2sUV8jlYtZ4p09TAmD/EkJ5E8+YWfCbmDM=",
"owner": "nifoc",
"repo": "nix-overlay",
"rev": "25a50f97bdb0ee0fdd19810e7f5949f36984caeb",
"rev": "fecfe2b744653563d90904847d474378e839f7d3",
"type": "github"
},
"original": {
@ -212,11 +235,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1675492391,
"narHash": "sha256-ntsF/e5HG7FIaa2uxtH91LlY4GmcCu4YmFGSfnPUmxQ=",
"lastModified": 1675584158,
"narHash": "sha256-SBkchaDzCHxnPNRDdtZ5ko5caHio9iS0Mbyn/xXbXxs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "32ec41a6726d57e539acea7ac57f94266d8d8d1a",
"rev": "d840126a0890621e7b220894d749132dd4bde6a0",
"type": "github"
},
"original": {
@ -228,6 +251,7 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"arion": "arion",
"darwin": "darwin",
"home-manager": "home-manager",

7
flake.nix
View file

@ -12,6 +12,12 @@
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.darwin.follows = "darwin";
};
neovim-nightly-overlay = {
url = "github:nix-community/neovim-nightly-overlay";
inputs.nixpkgs.url = "github:nixos/nixpkgs?rev=fad51abd42ca17a60fc1d4cb9382e2d79ae31836";
@ -40,6 +46,7 @@
sail = import ./system/flakes/sail.nix {
inherit (inputs) nixpkgs;
inherit (inputs) home-manager;
inherit (inputs) agenix;
inherit (inputs) arion;
inherit inputs;
};

2
home/config/nvim/nifoc/statusline.fnl
View file

@ -234,7 +234,7 @@
2 {:provider #(string.gsub (navic.get_location) "%%" "%%%%")
:hl {:fg colors.white}}})
(set mod.navic
{:condition navic.is_available
{:condition #(navic.is_available 0)
:static {:type-hl {:File :Directory
:Module "@include"
:Namespace "@namespace"

1
home/hosts/Styx.nix
View file

@ -43,6 +43,7 @@ in
stateVersion = "22.11";
packages = with pkgs; [
agenix
agilebits-op
aria2
arp-scan

12
home/programs/nvim/plugins.nix
View file

@ -112,12 +112,12 @@ rec {
};
};
nvim-treesitter = pkgs.vimPlugins.nvim-treesitter.overrideAttrs (_: {
version = "2023-02-04";
version = "2023-02-05";
src = pkgs.fetchFromGitHub {
owner = "nvim-treesitter";
repo = "nvim-treesitter";
rev = "bd7b4b6eff2dcb4a8a65f55d51398e79fa3d4ec6";
sha256 = "08amxr13yfqi2301lrdb0swl6wfjkbi3i7cq5r5ypyw7xaj1nbqb";
rev = "720f75f9881cae820cecde23fc2f07affacf2826";
sha256 = "16rh90skmhs2qr9v39l7f0kmml8n7f8c36vsp96pwkd9rw1j99ki";
fetchSubmodules = false;
};
});
@ -156,12 +156,12 @@ rec {
};
telescope-fzf-native-nvim = pkgs.vimUtils.buildVimPluginFrom2Nix {
pname = "telescope-fzf-native.nvim";
version = "2022-12-18";
version = "2023-02-05";
src = pkgs.fetchFromGitHub {
owner = "nvim-telescope";
repo = "telescope-fzf-native.nvim";
rev = "fab3e2212e206f4f8b3bbaa656e129443c9b802e";
sha256 = "0paiaag3aazfv8rr0i43maq34pn3iga3lkjyllhfysqvdm8jk50f";
rev = "580b6c48651cabb63455e97d7e131ed557b8c7e2";
sha256 = "1yjdn4729syz80radl90f2bsh7jl73rxq5ss0yp2qjj7aj8hkhm6";
fetchSubmodules = false;
};
buildPhase = ''

10
secrets.nix Normal file
View file

@ -0,0 +1,10 @@
let
user-daniel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1UfCIu7jUe64iQmp2UUyAgqZ3IYdMOo/Me6hRTnKoG";
system-sail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJMs1BqZ+MC7XBwV+dZW8EmaZt2cOg/xcOBPS9KSzIl";
sail = [ user-daniel system-sail ];
in
{
"agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
}

2
system/flakes/Styx.nix
View file

@ -14,12 +14,14 @@ let
nixpkgs.lib.fix (self: (import "${src}/flake.nix").outputs { inherit self nixpkgs; });
overlay-x86 = _: _: { pkgs-x86 = import nixpkgs { system = "x86_64-darwin"; }; };
overlay-agenix = inputs.agenix.overlays.default;
overlay-neovim = inputs.neovim-nightly-overlay.overlay;
overlay-nifoc = inputs.nifoc-overlay.overlay;
nixpkgsConfig = {
overlays = [
overlay-x86
overlay-agenix
overlay-neovim
overlay-nifoc
];

8
system/flakes/sail.nix
View file

@ -1,4 +1,4 @@
{ nixpkgs, home-manager, arion, inputs, ... }:
{ nixpkgs, home-manager, agenix, arion, inputs, ... }:
let
overlay-neovim = inputs.neovim-nightly-overlay.overlay;
@ -20,12 +20,14 @@ in
system = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
arion.nixosModules.arion
../hosts/sail.nix
home-manager.nixosModules.home-manager
agenix.nixosModules.default
arion.nixosModules.arion
{
nixpkgs = nixpkgsConfig;
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];

1
system/hosts/sail.nix
View file

@ -9,6 +9,7 @@ in
{
imports = [
../../hardware/hosts/sail.nix
../../agenix/hosts/sail/config.nix
../nixos/ssh.nix
../nixos/git.nix

2
system/nixos/freshrss.nix
View file

@ -5,7 +5,7 @@
enable = true;
inherit (secret.freshrss) defaultUser;
inherit (secret.freshrss) passwordFile;
passwordFile = config.age.secrets.freshrss.userPassword.path;
inherit (secret.freshrss) baseUrl;
inherit (secret.freshrss) virtualHost;