Styx: Use agenix

2023-09-24 18:10:08 +02:00 · 2023-09-24 18:10:08 +02:00 · a43ca33bee
parent 3b991b7563
commit a43ca33bee
9 changed files with 35 additions and 12 deletions
--- a/agenix/hosts/Styx/config.nix
+++ b/agenix/hosts/Styx/config.nix
@ -0,0 +1,13 @@
 {
  age = {
    identityPaths = [ "/Users/daniel/.ssh/agenix" ];
    secrets = {
      nix-netrc = {
        file = ../all/nix/netrc.age;
        path = "/etc/nix/netrc";
        mode = "444";
      };
    };
  };
 }
--- a/agenix/hosts/all/nix/netrc.age
+++ b/agenix/hosts/all/nix/netrc.age
--- a/agenix/hosts/tanker/config.nix
+++ b/agenix/hosts/tanker/config.nix
@ -1,5 +1,11 @@
 {
  age.secrets = {
    nix-netrc = {
      file = ../all/nix/netrc.age;
      path = "/etc/nix/netrc";
      mode = "444";
    };
    user-daniel-password = {
      file = ./user/danielPassword.age;
    };
--- a/flake.lock
+++ b/flake.lock
@ -323,11 +323,11 @@
      },
      "locked": {
        "dir": "contrib",
-        "lastModified": 1695496686,
+        "lastModified": 1695544147,
-        "narHash": "sha256-y4Zcf+3L/52uarOpIrqskl/AczeeILxep4/RG/zS4f0=",
+        "narHash": "sha256-Pd05aLI+sK8w3mh6bUlKimRK7NprkkQKzOOs5jRG8BI=",
        "owner": "neovim",
        "repo": "neovim",
-        "rev": "01be28b370987447c78f313a65fdc289d79d4d8a",
+        "rev": "9637b7dae417f336ca72cfcb201cb37247d794a8",
        "type": "github"
      },
      "original": {
@ -346,11 +346,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1695497276,
+        "lastModified": 1695554778,
-        "narHash": "sha256-NeZxC1mXzim4cEe770CXU1vKwKRvzEaZJhQnPG8qZIE=",
+        "narHash": "sha256-J3peBxSA7I2qrV+vXyfBF0l4k7+0tSN8MuJVO5ykdCU=",
        "ref": "refs/heads/master",
-        "rev": "78e441402fe085f2fa5ea4e210e08a76cdf7e55a",
+        "rev": "f7c50f4fb46d644d6a85cdb181d29451024108b5",
-        "revCount": 499,
+        "revCount": 500,
        "type": "git",
        "url": "https://git.kempkens.io/daniel/nix-overlay"
      },
--- a/flake.nix
+++ b/flake.nix
@ -69,7 +69,7 @@
      flake =
        let
          Styx = import ./system/flakes/Styx.nix {
-            inherit (inputs) nixpkgs home-manager nix-darwin;
+            inherit (inputs) nixpkgs home-manager nix-darwin agenix;
            inherit inputs;
          };
--- a/secrets.nix
+++ b/secrets.nix
@ -10,8 +10,12 @@ let
  mediaserver = [ user-daniel system-mediaserver ];
  argon = [ user-daniel system-argon ];
  weather-sdr = [ user-daniel system-weather-sdr ];
  all-systems = [ user-daniel system-tanker system-mediaserver system-argon system-weather-sdr ];
 in
 {
  # all
  "agenix/hosts/all/nix/netrc.age".publicKeys = all-systems;
  # tanker
  "agenix/hosts/tanker/user/danielPassword.age".publicKeys = tanker;
--- a/system/flakes/Styx.nix
+++ b/system/flakes/Styx.nix
@ -1,4 +1,4 @@
-{ nixpkgs, home-manager, nix-darwin, inputs, ... }:
+{ nixpkgs, home-manager, nix-darwin, agenix, inputs, ... }:
 let
  default-system = "aarch64-darwin";
@ -30,6 +30,8 @@ in
      home-manager.darwinModules.home-manager
      agenix.darwinModules.default
      {
        nixpkgs = nixpkgsConfig;
        nix = {
--- a/system/hosts/Styx.nix
+++ b/system/hosts/Styx.nix
@ -1,5 +1,6 @@
 {
  imports = [
    ../../agenix/hosts/Styx/config.nix
    ../shared/show-update-changelog.nix
    ../darwin/defaults.nix
@ -86,7 +87,6 @@
  environment = {
    darwinConfig = "$HOME/.config/nixpkgs/system/hosts/Styx.nix";
    etc."nix/netrc".source = ../../secret/shared/nix-netrc;
  };
  services = {
--- a/system/hosts/tanker.nix
+++ b/system/hosts/tanker.nix
@ -102,8 +102,6 @@ in
    '';
  };
  environment.etc."nix/netrc".source = ../../secret/shared/nix-netrc;
  boot = {
    tmp.cleanOnBoot = true;