1
0
Fork 0

Styx: Use agenix

This commit is contained in:
Daniel Kempkens 2023-09-24 18:10:08 +02:00
parent 3b991b7563
commit a43ca33bee
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
9 changed files with 35 additions and 12 deletions

View file

@ -0,0 +1,13 @@
{
age = {
identityPaths = [ "/Users/daniel/.ssh/agenix" ];
secrets = {
nix-netrc = {
file = ../all/nix/netrc.age;
path = "/etc/nix/netrc";
mode = "444";
};
};
};
}

Binary file not shown.

View file

@ -1,5 +1,11 @@
{
age.secrets = {
nix-netrc = {
file = ../all/nix/netrc.age;
path = "/etc/nix/netrc";
mode = "444";
};
user-daniel-password = {
file = ./user/danielPassword.age;
};

View file

@ -323,11 +323,11 @@
},
"locked": {
"dir": "contrib",
"lastModified": 1695496686,
"narHash": "sha256-y4Zcf+3L/52uarOpIrqskl/AczeeILxep4/RG/zS4f0=",
"lastModified": 1695544147,
"narHash": "sha256-Pd05aLI+sK8w3mh6bUlKimRK7NprkkQKzOOs5jRG8BI=",
"owner": "neovim",
"repo": "neovim",
"rev": "01be28b370987447c78f313a65fdc289d79d4d8a",
"rev": "9637b7dae417f336ca72cfcb201cb37247d794a8",
"type": "github"
},
"original": {
@ -346,11 +346,11 @@
]
},
"locked": {
"lastModified": 1695497276,
"narHash": "sha256-NeZxC1mXzim4cEe770CXU1vKwKRvzEaZJhQnPG8qZIE=",
"lastModified": 1695554778,
"narHash": "sha256-J3peBxSA7I2qrV+vXyfBF0l4k7+0tSN8MuJVO5ykdCU=",
"ref": "refs/heads/master",
"rev": "78e441402fe085f2fa5ea4e210e08a76cdf7e55a",
"revCount": 499,
"rev": "f7c50f4fb46d644d6a85cdb181d29451024108b5",
"revCount": 500,
"type": "git",
"url": "https://git.kempkens.io/daniel/nix-overlay"
},

View file

@ -69,7 +69,7 @@
flake =
let
Styx = import ./system/flakes/Styx.nix {
inherit (inputs) nixpkgs home-manager nix-darwin;
inherit (inputs) nixpkgs home-manager nix-darwin agenix;
inherit inputs;
};

View file

@ -10,8 +10,12 @@ let
mediaserver = [ user-daniel system-mediaserver ];
argon = [ user-daniel system-argon ];
weather-sdr = [ user-daniel system-weather-sdr ];
all-systems = [ user-daniel system-tanker system-mediaserver system-argon system-weather-sdr ];
in
{
# all
"agenix/hosts/all/nix/netrc.age".publicKeys = all-systems;
# tanker
"agenix/hosts/tanker/user/danielPassword.age".publicKeys = tanker;

View file

@ -1,4 +1,4 @@
{ nixpkgs, home-manager, nix-darwin, inputs, ... }:
{ nixpkgs, home-manager, nix-darwin, agenix, inputs, ... }:
let
default-system = "aarch64-darwin";
@ -30,6 +30,8 @@ in
home-manager.darwinModules.home-manager
agenix.darwinModules.default
{
nixpkgs = nixpkgsConfig;
nix = {

View file

@ -1,5 +1,6 @@
{
imports = [
../../agenix/hosts/Styx/config.nix
../shared/show-update-changelog.nix
../darwin/defaults.nix
@ -86,7 +87,6 @@
environment = {
darwinConfig = "$HOME/.config/nixpkgs/system/hosts/Styx.nix";
etc."nix/netrc".source = ../../secret/shared/nix-netrc;
};
services = {

View file

@ -102,8 +102,6 @@ in
'';
};
environment.etc."nix/netrc".source = ../../secret/shared/nix-netrc;
boot = {
tmp.cleanOnBoot = true;