From 78b566e8bafa61bd9d7dbcbbc11ad568982c2389 Mon Sep 17 00:00:00 2001 From: Soispha Date: Sat, 8 Jul 2023 15:34:45 +0200 Subject: Feat(flake): Add agenix module --- flake.lock | 158 ++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 56 ++++++++++++++-- system/default.nix | 1 + system/secrets/default.nix | 8 +++ system/secrets/secrets.nix | 9 +++ 5 files changed, 227 insertions(+), 5 deletions(-) create mode 100644 system/secrets/default.nix create mode 100644 system/secrets/secrets.nix diff --git a/flake.lock b/flake.lock index 270c99e..ff5cde0 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,27 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1684153753, + "narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=", + "owner": "ryantm", + "repo": "agenix", + "rev": "db5637d10f797bb251b94ef9040b237f4702cde3", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "blobs": { "flake": false, "locked": { @@ -16,6 +38,57 @@ "type": "gitlab" } }, + "crane": { + "inputs": { + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1688772518, + "narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=", + "owner": "ipetkov", + "repo": "crane", + "rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -72,6 +145,27 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1682203081, + "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1684264534, @@ -133,20 +227,82 @@ "type": "indirect" } }, + "ragenix": { + "inputs": { + "agenix": [ + "agenix" + ], + "crane": [ + "crane" + ], + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1682237245, + "narHash": "sha256-xbBR7LNK+d5Yi/D6FXQGc1R6u2VV2nwr/Df5iaEbOEQ=", + "owner": "yaxitech", + "repo": "ragenix", + "rev": "281f68c3d477904f79ff1cd5807a8c226cd80a50", + "type": "github" + }, + "original": { + "owner": "yaxitech", + "repo": "ragenix", + "type": "github" + } + }, "root": { "inputs": { + "agenix": "agenix", + "crane": "crane", "disko": "disko", + "flake-compat": "flake-compat", "flake-utils": "flake-utils", "impermanence": "impermanence", "nixpkgs": "nixpkgs", + "ragenix": "ragenix", + "rust-overlay": "rust-overlay", "simple-nixos-mailserver": "simple-nixos-mailserver", "systems": "systems" } }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688783586, + "narHash": "sha256-HHaM2hk2azslv1kH8zmQxXo2e7i5cKgzNIuK4yftzB0=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "7a29283cc242c2486fc67f60b431ef708046d176", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat", + "flake-compat": [ + "flake-compat" + ], "nixpkgs": [ "nixpkgs" ], diff --git a/flake.nix b/flake.nix index 0cf5609..5485ed9 100644 --- a/flake.nix +++ b/flake.nix @@ -4,10 +4,35 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05-small"; - systems.url = "github:nix-systems/x86_64-linux"; + # inputs for following + systems = { + url = "github:nix-systems/x86_64-linux"; # only evaluate for this system + }; + flake-compat = { + url = "github:edolstra/flake-compat"; + flake = false; + }; + crane = { + url = "github:ipetkov/crane"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; + rust-overlay.follows = "rust-overlay"; + }; + }; flake-utils = { url = "github:numtide/flake-utils"; - inputs.systems.follows = "systems"; + inputs = { + systems.follows = "systems"; + }; + }; + rust-overlay = { + url = "github:oxalica/rust-overlay"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-utils.follows = "flake-utils"; + }; }; # modules @@ -17,15 +42,33 @@ nixpkgs.follows = "nixpkgs"; }; }; - impermanence = { - url = "github:nix-community/impermanence"; + agenix = { + url = "github:ryantm/agenix"; inputs = { + nixpkgs.follows = "nixpkgs"; }; }; + impermanence = { + url = "github:nix-community/impermanence"; + inputs = {}; + }; simple-nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; inputs = { nixpkgs.follows = "nixpkgs"; + flake-compat.follows = "flake-compat"; + }; + }; + + # bins + ragenix = { + url = "github:yaxitech/ragenix"; + inputs = { + nixpkgs.follows = "nixpkgs"; + agenix.follows = "agenix"; + flake-utils.follows = "flake-utils"; + rust-overlay.follows = "rust-overlay"; + crane.follows = "crane"; }; }; }; @@ -37,6 +80,9 @@ simple-nixos-mailserver, impermanence, disko, + agenix, + # bins + ragenix, ... } @ attrs: let system = "x86_64-linux"; @@ -50,6 +96,7 @@ simple-nixos-mailserver.nixosModule disko.nixosModules.default impermanence.nixosModules.impermanence + agenix.nixosModules.default ]; }; devShells."${system}" = { @@ -62,6 +109,7 @@ ltex-ls cocogitto git-crypt + ragenix.packages."${system}".default ]; }; }; diff --git a/system/default.nix b/system/default.nix index 19c7b36..14f0748 100644 --- a/system/default.nix +++ b/system/default.nix @@ -3,6 +3,7 @@ ./disks ./impermanence ./packages + ./secrets ./services ./users ]; diff --git a/system/secrets/default.nix b/system/secrets/default.nix new file mode 100644 index 0000000..da21482 --- /dev/null +++ b/system/secrets/default.nix @@ -0,0 +1,8 @@ +{...}: { + age = { + secrets = { + }; + }; +} +# vim: ts=2 + diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix new file mode 100644 index 0000000..a6e6c73 --- /dev/null +++ b/system/secrets/secrets.nix @@ -0,0 +1,9 @@ +let + soispha = "age1mshh4ynzhhzhff25tqwkg4j054g3xwrfznh98ycchludj9wjj48qn2uffn"; + #sils = "TODO"; + + server1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO208EumnJ4kROzrOU3H1xPQQGHuqKP6KuRt/ofhUsoX"; +in { +} +# vim: ts=2 + -- cgit 1.4.1