diff --git a/agenix/hosts/Styx/config.nix b/agenix/hosts/Styx/config.nix new file mode 100644 index 0000000..25b3ca8 --- /dev/null +++ b/agenix/hosts/Styx/config.nix @@ -0,0 +1,13 @@ +{ + age = { + identityPaths = [ "/Users/daniel/.ssh/agenix" ]; + + secrets = { + nix-netrc = { + file = ../all/nix/netrc.age; + path = "/etc/nix/netrc"; + mode = "444"; + }; + }; + }; +} diff --git a/agenix/hosts/all/nix/netrc.age b/agenix/hosts/all/nix/netrc.age new file mode 100644 index 0000000..5973008 Binary files /dev/null and b/agenix/hosts/all/nix/netrc.age differ diff --git a/agenix/hosts/tanker/config.nix b/agenix/hosts/tanker/config.nix index ac56297..737d0e3 100644 --- a/agenix/hosts/tanker/config.nix +++ b/agenix/hosts/tanker/config.nix @@ -1,5 +1,11 @@ { age.secrets = { + nix-netrc = { + file = ../all/nix/netrc.age; + path = "/etc/nix/netrc"; + mode = "444"; + }; + user-daniel-password = { file = ./user/danielPassword.age; }; diff --git a/flake.lock b/flake.lock index 7f40818..88f1f5e 100644 --- a/flake.lock +++ b/flake.lock @@ -323,11 +323,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1695496686, - "narHash": "sha256-y4Zcf+3L/52uarOpIrqskl/AczeeILxep4/RG/zS4f0=", + "lastModified": 1695544147, + "narHash": "sha256-Pd05aLI+sK8w3mh6bUlKimRK7NprkkQKzOOs5jRG8BI=", "owner": "neovim", "repo": "neovim", - "rev": "01be28b370987447c78f313a65fdc289d79d4d8a", + "rev": "9637b7dae417f336ca72cfcb201cb37247d794a8", "type": "github" }, "original": { @@ -346,11 +346,11 @@ ] }, "locked": { - "lastModified": 1695497276, - "narHash": "sha256-NeZxC1mXzim4cEe770CXU1vKwKRvzEaZJhQnPG8qZIE=", + "lastModified": 1695554778, + "narHash": "sha256-J3peBxSA7I2qrV+vXyfBF0l4k7+0tSN8MuJVO5ykdCU=", "ref": "refs/heads/master", - "rev": "78e441402fe085f2fa5ea4e210e08a76cdf7e55a", - "revCount": 499, + "rev": "f7c50f4fb46d644d6a85cdb181d29451024108b5", + "revCount": 500, "type": "git", "url": "https://git.kempkens.io/daniel/nix-overlay" }, diff --git a/flake.nix b/flake.nix index 9e0adea..f5f8250 100644 --- a/flake.nix +++ b/flake.nix @@ -69,7 +69,7 @@ flake = let Styx = import ./system/flakes/Styx.nix { - inherit (inputs) nixpkgs home-manager nix-darwin; + inherit (inputs) nixpkgs home-manager nix-darwin agenix; inherit inputs; }; diff --git a/secrets.nix b/secrets.nix index 0c229d9..c3cb965 100644 --- a/secrets.nix +++ b/secrets.nix @@ -10,8 +10,12 @@ let mediaserver = [ user-daniel system-mediaserver ]; argon = [ user-daniel system-argon ]; weather-sdr = [ user-daniel system-weather-sdr ]; + all-systems = [ user-daniel system-tanker system-mediaserver system-argon system-weather-sdr ]; in { + # all + "agenix/hosts/all/nix/netrc.age".publicKeys = all-systems; + # tanker "agenix/hosts/tanker/user/danielPassword.age".publicKeys = tanker; diff --git a/system/flakes/Styx.nix b/system/flakes/Styx.nix index 9411680..4608358 100644 --- a/system/flakes/Styx.nix +++ b/system/flakes/Styx.nix @@ -1,4 +1,4 @@ -{ nixpkgs, home-manager, nix-darwin, inputs, ... }: +{ nixpkgs, home-manager, nix-darwin, agenix, inputs, ... }: let default-system = "aarch64-darwin"; @@ -30,6 +30,8 @@ in home-manager.darwinModules.home-manager + agenix.darwinModules.default + { nixpkgs = nixpkgsConfig; nix = { diff --git a/system/hosts/Styx.nix b/system/hosts/Styx.nix index fb6c255..7f803dd 100644 --- a/system/hosts/Styx.nix +++ b/system/hosts/Styx.nix @@ -1,5 +1,6 @@ { imports = [ + ../../agenix/hosts/Styx/config.nix ../shared/show-update-changelog.nix ../darwin/defaults.nix @@ -86,7 +87,6 @@ environment = { darwinConfig = "$HOME/.config/nixpkgs/system/hosts/Styx.nix"; - etc."nix/netrc".source = ../../secret/shared/nix-netrc; }; services = { diff --git a/system/hosts/tanker.nix b/system/hosts/tanker.nix index 8e4365d..9134112 100644 --- a/system/hosts/tanker.nix +++ b/system/hosts/tanker.nix @@ -102,8 +102,6 @@ in ''; }; - environment.etc."nix/netrc".source = ../../secret/shared/nix-netrc; - boot = { tmp.cleanOnBoot = true;