From a7a0869dbe15fb8203aaee6a426a42964ff04e15 Mon Sep 17 00:00:00 2001 From: Henry-Hiles Date: Thu, 20 Mar 2025 20:54:59 -0400 Subject: [PATCH] wip agenix --- flake.lock | 130 +++++-------------------------------- flake.nix | 6 +- modules/common/agenix.nix | 15 +++++ modules/common/ragenix.nix | 13 ---- secrets/foo.age | 5 ++ secrets/secrets.nix | 7 +- 6 files changed, 41 insertions(+), 135 deletions(-) create mode 100644 modules/common/agenix.nix delete mode 100644 modules/common/ragenix.nix create mode 100644 secrets/foo.age diff --git a/flake.lock b/flake.lock index 27af171..c2b784d 100644 --- a/flake.lock +++ b/flake.lock @@ -3,23 +3,22 @@ "agenix": { "inputs": { "darwin": "darwin", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "nixpkgs": [ - "ragenix", "nixpkgs" ], "systems": "systems" }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", - "owner": "ryantm", + "lastModified": 1742517297, + "narHash": "sha256-VjwwSOo+GguEgQfIffuzOjEzuDzSVmkp79P66BkGVSE=", + "owner": "Henry-Hiles", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "bb138ac0e555de4f434b842099afd5e6c30b942b", "type": "github" }, "original": { - "owner": "ryantm", + "owner": "Henry-Hiles", "repo": "agenix", "type": "github" } @@ -91,25 +90,9 @@ "type": "github" } }, - "crane": { - "locked": { - "lastModified": 1741481578, - "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", - "owner": "ipetkov", - "repo": "crane", - "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ - "ragenix", "agenix", "nixpkgs" ] @@ -217,24 +200,6 @@ } }, "flake-utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "inputs": { "systems": [ "stylix", @@ -339,15 +304,16 @@ "home-manager": { "inputs": { "nixpkgs": [ + "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1742508854, - "narHash": "sha256-vQQTIl4+slrcu7ftVKNBql9ngBdY0dcYGujdT7zIVp0=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "da0181819479ddc034a3db9a77ed21ea3bcc0668", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "type": "github" }, "original": { @@ -359,17 +325,15 @@ "home-manager_2": { "inputs": { "nixpkgs": [ - "ragenix", - "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "lastModified": 1742508854, + "narHash": "sha256-vQQTIl4+slrcu7ftVKNBql9ngBdY0dcYGujdT7zIVp0=", "owner": "nix-community", "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "rev": "da0181819479ddc034a3db9a77ed21ea3bcc0668", "type": "github" }, "original": { @@ -525,63 +489,18 @@ "type": "github" } }, - "ragenix": { - "inputs": { - "agenix": "agenix", - "crane": "crane", - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1741508717, - "narHash": "sha256-iQf1WdNxaApOFHIx4RLMRZ4f8g+8Xp0Z1/E/Mz2rLxY=", - "owner": "yaxitech", - "repo": "ragenix", - "rev": "2a2bea99d74927e54adf53cbf113219def67d5c9", - "type": "github" - }, - "original": { - "owner": "yaxitech", - "repo": "ragenix", - "type": "github" - } - }, "root": { "inputs": { + "agenix": "agenix", "firefox-gnome-theme": "firefox-gnome-theme", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "nix-gaming": "nix-gaming", "nixpkgs": "nixpkgs_2", "programsdb": "programsdb", - "ragenix": "ragenix", "stylix": "stylix", "wrapper-manager": "wrapper-manager" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "ragenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741400194, - "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "stylix": { "inputs": { "base16": "base16", @@ -590,13 +509,13 @@ "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme_2", "flake-compat": "flake-compat", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", "home-manager": "home-manager_3", "nixpkgs": "nixpkgs_3", "nur": "nur", - "systems": "systems_3", + "systems": "systems_2", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -647,21 +566,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "tinted-foot": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 4c26eff..658f2e0 100755 --- a/flake.nix +++ b/flake.nix @@ -1,8 +1,8 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; - ragenix = { - url = "github:yaxitech/ragenix"; + agenix = { + url = "github:Henry-Hiles/agenix"; inputs.nixpkgs.follows = "nixpkgs"; }; home-manager = { @@ -40,7 +40,7 @@ modules = with dirUtils; [ ./wrappers - inputs.ragenix.nixosModules.default + inputs.agenix.nixosModules.default inputs.nix-gaming.nixosModules.pipewireLowLatency ] ++ dirFiles "${inputs.self}/${hostname}" diff --git a/modules/common/agenix.nix b/modules/common/agenix.nix new file mode 100644 index 0000000..20e580c --- /dev/null +++ b/modules/common/agenix.nix @@ -0,0 +1,15 @@ +{ + dirUtils, + inputs, + lib, + ... +}: let + secretsPath = ../../secrets; +in { + environment.systemPackages = [inputs.agenix.packages.x86_64-linux.default]; # TODO: USE WRAPPER + + age.secrets = lib.listToAttrs (map (name: _: { + name = name; + value.file = "${secretsPath}/${name}"; + }) (lib.filter (name: lib.hasSuffix ".age" name) (dirUtils.dirFiles secretsPath))); +} diff --git a/modules/common/ragenix.nix b/modules/common/ragenix.nix deleted file mode 100644 index f72a4d0..0000000 --- a/modules/common/ragenix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - inputs, - lib, - ... -}: { - environment.systemPackages = [inputs.ragenix.packages.x86_64-linux.default]; - - age.secrets = with lib; - listToAttrs (mapAttrsToList (name: _: { - name = name; - value.file = name; - }) (import ../../secrets/secrets.nix)); -} diff --git a/secrets/foo.age b/secrets/foo.age new file mode 100644 index 0000000..ebf037e --- /dev/null +++ b/secrets/foo.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 VKQUdQ V568wRYo550DS5oiEYb/19nR1mwz4XIBlkbuqKb9YiI +hh/6uj6bfMqEvWaWD+kqwXiuyKaXvn9XJF4T6EICCrg +--- fP66DGtL4VsWF3L8VCRn3lxfd0DQJqupcJvq0QyeOrk +1a=_zxcnata ՟ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7a339f5..103e3bf 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,6 +1 @@ -{lib, ...}: -with builtins; - listToAttrs (map (file: { - name = file; - value.publicKeys = split "\n" (readFile (fetchurl "https://github.com/Henry-Hiles.keys")); - }) (filter (name: lib.hasSuffix ".age" name) (builtins.attrNames (builtins.readDir ./.)))) +with builtins; filter isString (split "\n" (readFile (fetchurl "https://github.com/Henry-Hiles.keys")))