WIP: Play with agenix
This commit is contained in:
parent
04d893cdef
commit
652462fb5d
12 changed files with 80 additions and 26 deletions
7
agenix/hosts/sail/config.nix
Normal file
7
agenix/hosts/sail/config.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
age.secrets = {
|
||||
freshrss = {
|
||||
userPassword.file = ./freshrss/userPassword.age;
|
||||
};
|
||||
};
|
||||
}
|
BIN
agenix/hosts/sail/freshrss/userPassword.age
Normal file
BIN
agenix/hosts/sail/freshrss/userPassword.age
Normal file
Binary file not shown.
54
flake.lock
54
flake.lock
|
@ -1,5 +1,28 @@
|
|||
{
|
||||
"nodes": {
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": [
|
||||
"darwin"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1675176355,
|
||||
"narHash": "sha256-Qjxh5cmN56siY97mzmBLI1+cdjXSPqmfPVsKxBvHmwI=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "b7ffcfe77f817d9ee992640ba1f270718d197f28",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"arion": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts",
|
||||
|
@ -117,11 +140,11 @@
|
|||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1675462931,
|
||||
"narHash": "sha256-JiOUSERBtA1lN/s9YTKGZoZ3XUicHDwr+C8swaPSh3M=",
|
||||
"lastModified": 1675595366,
|
||||
"narHash": "sha256-WoQkwaaoZqrhWpIrMxA+2j8CgxgyvjHzCyEZAQu06rQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "e2c1756e3ae001ca8696912016dd31cb1503ccf3",
|
||||
"rev": "9621e9ab80a038cd11c7cfcae4df46a59d62b16a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -140,11 +163,11 @@
|
|||
},
|
||||
"locked": {
|
||||
"dir": "contrib",
|
||||
"lastModified": 1675418037,
|
||||
"narHash": "sha256-vJtNMkMtFiXXqGdC8woiqhGcnf/7SW1lasbf3Z6peaw=",
|
||||
"lastModified": 1675561032,
|
||||
"narHash": "sha256-0BnsvvebFprjoi1Vz8xF6F9RJVaxJwbAeS7FdRDzeIs=",
|
||||
"owner": "neovim",
|
||||
"repo": "neovim",
|
||||
"rev": "964ae205a583807127eda75d9876fb6dfda6065c",
|
||||
"rev": "5c4b503d3cb4a48d083bcf50d4932927e6eb749d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -161,11 +184,11 @@
|
|||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1675498400,
|
||||
"narHash": "sha256-CKYP1FWntgxb5A0H8b+szRgZlropddRQv2O+BFleyak=",
|
||||
"lastModified": 1675584806,
|
||||
"narHash": "sha256-e3Be4OA16rgsQI881yrejy/wrjX62WQLOK3z1UfbTZk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "neovim-nightly-overlay",
|
||||
"rev": "b6b35bcfb1048390aafb3d4cc9d9e3b9bdc36dd8",
|
||||
"rev": "6690d543402dea98fd975709ed3be6d6b778f302",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -181,11 +204,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1675498953,
|
||||
"narHash": "sha256-h45YzNBaPuxRrE3Zkh8KvA3jdYjGJlpwTcsziEGIB2Y=",
|
||||
"lastModified": 1675585357,
|
||||
"narHash": "sha256-AIXHHZxtj2sUV8jlYtZ4p09TAmD/EkJ5E8+YWfCbmDM=",
|
||||
"owner": "nifoc",
|
||||
"repo": "nix-overlay",
|
||||
"rev": "25a50f97bdb0ee0fdd19810e7f5949f36984caeb",
|
||||
"rev": "fecfe2b744653563d90904847d474378e839f7d3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -212,11 +235,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1675492391,
|
||||
"narHash": "sha256-ntsF/e5HG7FIaa2uxtH91LlY4GmcCu4YmFGSfnPUmxQ=",
|
||||
"lastModified": 1675584158,
|
||||
"narHash": "sha256-SBkchaDzCHxnPNRDdtZ5ko5caHio9iS0Mbyn/xXbXxs=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "32ec41a6726d57e539acea7ac57f94266d8d8d1a",
|
||||
"rev": "d840126a0890621e7b220894d749132dd4bde6a0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -228,6 +251,7 @@
|
|||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"arion": "arion",
|
||||
"darwin": "darwin",
|
||||
"home-manager": "home-manager",
|
||||
|
|
|
@ -12,6 +12,12 @@
|
|||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
agenix = {
|
||||
url = "github:ryantm/agenix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.darwin.follows = "darwin";
|
||||
};
|
||||
|
||||
neovim-nightly-overlay = {
|
||||
url = "github:nix-community/neovim-nightly-overlay";
|
||||
inputs.nixpkgs.url = "github:nixos/nixpkgs?rev=fad51abd42ca17a60fc1d4cb9382e2d79ae31836";
|
||||
|
@ -40,6 +46,7 @@
|
|||
sail = import ./system/flakes/sail.nix {
|
||||
inherit (inputs) nixpkgs;
|
||||
inherit (inputs) home-manager;
|
||||
inherit (inputs) agenix;
|
||||
inherit (inputs) arion;
|
||||
inherit inputs;
|
||||
};
|
||||
|
|
|
@ -234,7 +234,7 @@
|
|||
2 {:provider #(string.gsub (navic.get_location) "%%" "%%%%")
|
||||
:hl {:fg colors.white}}})
|
||||
(set mod.navic
|
||||
{:condition navic.is_available
|
||||
{:condition #(navic.is_available 0)
|
||||
:static {:type-hl {:File :Directory
|
||||
:Module "@include"
|
||||
:Namespace "@namespace"
|
||||
|
|
|
@ -43,6 +43,7 @@ in
|
|||
stateVersion = "22.11";
|
||||
|
||||
packages = with pkgs; [
|
||||
agenix
|
||||
agilebits-op
|
||||
aria2
|
||||
arp-scan
|
||||
|
|
|
@ -112,12 +112,12 @@ rec {
|
|||
};
|
||||
};
|
||||
nvim-treesitter = pkgs.vimPlugins.nvim-treesitter.overrideAttrs (_: {
|
||||
version = "2023-02-04";
|
||||
version = "2023-02-05";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "nvim-treesitter";
|
||||
repo = "nvim-treesitter";
|
||||
rev = "bd7b4b6eff2dcb4a8a65f55d51398e79fa3d4ec6";
|
||||
sha256 = "08amxr13yfqi2301lrdb0swl6wfjkbi3i7cq5r5ypyw7xaj1nbqb";
|
||||
rev = "720f75f9881cae820cecde23fc2f07affacf2826";
|
||||
sha256 = "16rh90skmhs2qr9v39l7f0kmml8n7f8c36vsp96pwkd9rw1j99ki";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
});
|
||||
|
@ -156,12 +156,12 @@ rec {
|
|||
};
|
||||
telescope-fzf-native-nvim = pkgs.vimUtils.buildVimPluginFrom2Nix {
|
||||
pname = "telescope-fzf-native.nvim";
|
||||
version = "2022-12-18";
|
||||
version = "2023-02-05";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "nvim-telescope";
|
||||
repo = "telescope-fzf-native.nvim";
|
||||
rev = "fab3e2212e206f4f8b3bbaa656e129443c9b802e";
|
||||
sha256 = "0paiaag3aazfv8rr0i43maq34pn3iga3lkjyllhfysqvdm8jk50f";
|
||||
rev = "580b6c48651cabb63455e97d7e131ed557b8c7e2";
|
||||
sha256 = "1yjdn4729syz80radl90f2bsh7jl73rxq5ss0yp2qjj7aj8hkhm6";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
buildPhase = ''
|
||||
|
|
10
secrets.nix
Normal file
10
secrets.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
let
|
||||
user-daniel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1UfCIu7jUe64iQmp2UUyAgqZ3IYdMOo/Me6hRTnKoG";
|
||||
|
||||
system-sail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJMs1BqZ+MC7XBwV+dZW8EmaZt2cOg/xcOBPS9KSzIl";
|
||||
|
||||
sail = [ user-daniel system-sail ];
|
||||
in
|
||||
{
|
||||
"agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
|
||||
}
|
|
@ -14,12 +14,14 @@ let
|
|||
nixpkgs.lib.fix (self: (import "${src}/flake.nix").outputs { inherit self nixpkgs; });
|
||||
|
||||
overlay-x86 = _: _: { pkgs-x86 = import nixpkgs { system = "x86_64-darwin"; }; };
|
||||
overlay-agenix = inputs.agenix.overlays.default;
|
||||
overlay-neovim = inputs.neovim-nightly-overlay.overlay;
|
||||
overlay-nifoc = inputs.nifoc-overlay.overlay;
|
||||
|
||||
nixpkgsConfig = {
|
||||
overlays = [
|
||||
overlay-x86
|
||||
overlay-agenix
|
||||
overlay-neovim
|
||||
overlay-nifoc
|
||||
];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ nixpkgs, home-manager, arion, inputs, ... }:
|
||||
{ nixpkgs, home-manager, agenix, arion, inputs, ... }:
|
||||
|
||||
let
|
||||
overlay-neovim = inputs.neovim-nightly-overlay.overlay;
|
||||
|
@ -20,12 +20,14 @@ in
|
|||
system = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
arion.nixosModules.arion
|
||||
|
||||
../hosts/sail.nix
|
||||
|
||||
home-manager.nixosModules.home-manager
|
||||
|
||||
agenix.nixosModules.default
|
||||
|
||||
arion.nixosModules.arion
|
||||
|
||||
{
|
||||
nixpkgs = nixpkgsConfig;
|
||||
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
|
||||
|
|
|
@ -9,6 +9,7 @@ in
|
|||
{
|
||||
imports = [
|
||||
../../hardware/hosts/sail.nix
|
||||
../../agenix/hosts/sail/config.nix
|
||||
../nixos/ssh.nix
|
||||
|
||||
../nixos/git.nix
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
enable = true;
|
||||
|
||||
inherit (secret.freshrss) defaultUser;
|
||||
inherit (secret.freshrss) passwordFile;
|
||||
passwordFile = config.age.secrets.freshrss.userPassword.path;
|
||||
|
||||
inherit (secret.freshrss) baseUrl;
|
||||
inherit (secret.freshrss) virtualHost;
|
||||
|
|
Loading…
Reference in a new issue