From a43ca33bee431d227b73d5a718eeaa9b3fe80acf Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Sun, 24 Sep 2023 18:10:08 +0200 Subject: [PATCH] Styx: Use agenix --- agenix/hosts/Styx/config.nix | 13 +++++++++++++ agenix/hosts/all/nix/netrc.age | Bin 0 -> 1057 bytes agenix/hosts/tanker/config.nix | 6 ++++++ flake.lock | 14 +++++++------- flake.nix | 2 +- secrets.nix | 4 ++++ system/flakes/Styx.nix | 4 +++- system/hosts/Styx.nix | 2 +- system/hosts/tanker.nix | 2 -- 9 files changed, 35 insertions(+), 12 deletions(-) create mode 100644 agenix/hosts/Styx/config.nix create mode 100644 agenix/hosts/all/nix/netrc.age diff --git a/agenix/hosts/Styx/config.nix b/agenix/hosts/Styx/config.nix new file mode 100644 index 0000000..25b3ca8 --- /dev/null +++ b/agenix/hosts/Styx/config.nix @@ -0,0 +1,13 @@ +{ + age = { + identityPaths = [ "/Users/daniel/.ssh/agenix" ]; + + secrets = { + nix-netrc = { + file = ../all/nix/netrc.age; + path = "/etc/nix/netrc"; + mode = "444"; + }; + }; + }; +} diff --git a/agenix/hosts/all/nix/netrc.age b/agenix/hosts/all/nix/netrc.age new file mode 100644 index 0000000000000000000000000000000000000000..597300875117809048a9d3a56cfa8f37a772f498 GIT binary patch literal 1057 zcmZY4>u(bU003|@QI-<67>Ju+^fXE^P1oMFy}@ z0xj1hH75#fqRbjApw7?^C<+JR2hE5R(#na16rJQjunD#evc7#6Ch>ee_d z2DoBpG?{UuzKCXbRtqtU4(4&1LdA$$Fll_0AR~foW?65P#3FbwUv;JQ6c=PzB*}+1 zYPld{w6Flidz=xxOhFxS)$C-27~?cnIDe|(O?k08p|Em(l(7Wod? z6iyq72v)}`Oi&UMWj@GfRk}z7%}_SR5G5h`KMj$PyiEf#JQI%DSjvZTf*eo8YZeOD z5H23Z8KYD&lNn3M>g&+NdO_5gA*@(eTt$(L=vfr5lvyX^@yPZxMmuYIH%6&U~wS+B|EL&uj@fzK6vKA=B)uiUhL8eYQYl_uPimvZ;-v_Z*f@_<`f%(gY&2t~W zy!+5O+uXbi&ER8~2S0D>DO^4N@U_O)9N=(Fa4QFw&t5$jIsGZwcJKbhXZw!4c*FJ5 zdZvA+IN)sSFB!M})!Pf7H9y(|z0tB`cHw&HkyWmFV#{9oe52QS>f5(&uD*TYxmx@A zmVxQJ9w_}jeDuMO_Ww4Xcy*|>XGqlT?9Uw*mVelF>GAGM?{!aiU1|OE;OOf3#2;({ z{%LpLGw(K?+40SVA2&C@2?FwM@SUmqntxfnSUh6ow57$_Cwxuv^5Eq93u~i^l?B6x z7nknjMj!k2pFz6i%GU1f4B(i<X;o*^E$;nen2~iKkZc6t* z^ySR=@6V52o9J0@o}BXC7#w}F6@9v4h~xMbKQ{dJwy(yXs-8gAlM`!!^vQt}4L?KR QXAApo9er(|G%qjy3r{$hy#N3J literal 0 HcmV?d00001 diff --git a/agenix/hosts/tanker/config.nix b/agenix/hosts/tanker/config.nix index ac56297..737d0e3 100644 --- a/agenix/hosts/tanker/config.nix +++ b/agenix/hosts/tanker/config.nix @@ -1,5 +1,11 @@ { age.secrets = { + nix-netrc = { + file = ../all/nix/netrc.age; + path = "/etc/nix/netrc"; + mode = "444"; + }; + user-daniel-password = { file = ./user/danielPassword.age; }; diff --git a/flake.lock b/flake.lock index 7f40818..88f1f5e 100644 --- a/flake.lock +++ b/flake.lock @@ -323,11 +323,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1695496686, - "narHash": "sha256-y4Zcf+3L/52uarOpIrqskl/AczeeILxep4/RG/zS4f0=", + "lastModified": 1695544147, + "narHash": "sha256-Pd05aLI+sK8w3mh6bUlKimRK7NprkkQKzOOs5jRG8BI=", "owner": "neovim", "repo": "neovim", - "rev": "01be28b370987447c78f313a65fdc289d79d4d8a", + "rev": "9637b7dae417f336ca72cfcb201cb37247d794a8", "type": "github" }, "original": { @@ -346,11 +346,11 @@ ] }, "locked": { - "lastModified": 1695497276, - "narHash": "sha256-NeZxC1mXzim4cEe770CXU1vKwKRvzEaZJhQnPG8qZIE=", + "lastModified": 1695554778, + "narHash": "sha256-J3peBxSA7I2qrV+vXyfBF0l4k7+0tSN8MuJVO5ykdCU=", "ref": "refs/heads/master", - "rev": "78e441402fe085f2fa5ea4e210e08a76cdf7e55a", - "revCount": 499, + "rev": "f7c50f4fb46d644d6a85cdb181d29451024108b5", + "revCount": 500, "type": "git", "url": "https://git.kempkens.io/daniel/nix-overlay" }, diff --git a/flake.nix b/flake.nix index 9e0adea..f5f8250 100644 --- a/flake.nix +++ b/flake.nix @@ -69,7 +69,7 @@ flake = let Styx = import ./system/flakes/Styx.nix { - inherit (inputs) nixpkgs home-manager nix-darwin; + inherit (inputs) nixpkgs home-manager nix-darwin agenix; inherit inputs; }; diff --git a/secrets.nix b/secrets.nix index 0c229d9..c3cb965 100644 --- a/secrets.nix +++ b/secrets.nix @@ -10,8 +10,12 @@ let mediaserver = [ user-daniel system-mediaserver ]; argon = [ user-daniel system-argon ]; weather-sdr = [ user-daniel system-weather-sdr ]; + all-systems = [ user-daniel system-tanker system-mediaserver system-argon system-weather-sdr ]; in { + # all + "agenix/hosts/all/nix/netrc.age".publicKeys = all-systems; + # tanker "agenix/hosts/tanker/user/danielPassword.age".publicKeys = tanker; diff --git a/system/flakes/Styx.nix b/system/flakes/Styx.nix index 9411680..4608358 100644 --- a/system/flakes/Styx.nix +++ b/system/flakes/Styx.nix @@ -1,4 +1,4 @@ -{ nixpkgs, home-manager, nix-darwin, inputs, ... }: +{ nixpkgs, home-manager, nix-darwin, agenix, inputs, ... }: let default-system = "aarch64-darwin"; @@ -30,6 +30,8 @@ in home-manager.darwinModules.home-manager + agenix.darwinModules.default + { nixpkgs = nixpkgsConfig; nix = { diff --git a/system/hosts/Styx.nix b/system/hosts/Styx.nix index fb6c255..7f803dd 100644 --- a/system/hosts/Styx.nix +++ b/system/hosts/Styx.nix @@ -1,5 +1,6 @@ { imports = [ + ../../agenix/hosts/Styx/config.nix ../shared/show-update-changelog.nix ../darwin/defaults.nix @@ -86,7 +87,6 @@ environment = { darwinConfig = "$HOME/.config/nixpkgs/system/hosts/Styx.nix"; - etc."nix/netrc".source = ../../secret/shared/nix-netrc; }; services = { diff --git a/system/hosts/tanker.nix b/system/hosts/tanker.nix index 8e4365d..9134112 100644 --- a/system/hosts/tanker.nix +++ b/system/hosts/tanker.nix @@ -102,8 +102,6 @@ in ''; }; - environment.etc."nix/netrc".source = ../../secret/shared/nix-netrc; - boot = { tmp.cleanOnBoot = true;