trying out encrypted secrets

.gitignore

@@ -1,3 +1,4 @@
 *.swp
 old
 result
+keys

flake.lock

@@ -1,5 +1,25 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1620877075,
+        "narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "locked": {
         "lastModified": 1617631617,
@@ -20,11 +40,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1617824794,
-        "narHash": "sha256-UGkvzx0nIXHhNq/KwJLjXvKAQRE2V33MuX+UirvqrkQ=",
+        "lastModified": 1622312678,
+        "narHash": "sha256-LsVDvO6TBnSQNNoV+Dt10+jx91eS74k8hf4zIOMAyR0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2aa20ae969f2597c4df10a094440a66e9d7f8c86",
+        "rev": "49706878e1580d796cc99b63574310405935113f",
         "type": "github"
       },
       "original": {
@@ -52,11 +72,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1620983891,
-        "narHash": "sha256-E2OKVgGo/cUqDsrIeYGVx64b4cxgzd7+bX33NHL0rbA=",
+        "lastModified": 1622314052,
+        "narHash": "sha256-DwrLZ6NXPzKpQx3RTjdwdmlGDr6kHVx2gaeHCWCb09Q=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "c4399b921fa7ff5f93ee10b3521b56b722ed74d8",
+        "rev": "684ae160a6e76590eafa3fca8061b6ad57bcc9ad",
         "type": "github"
       },
       "original": {
@@ -67,10 +87,10 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1621840840,
-        "narHash": "sha256-o6h6+d5ZwrFmOTe+ma9s1Z9kyHsCW1C84IA8RZ9/fIU=",
-        "path": "/nix/store/jjsygkm01c9fg053m3l2ni1mny1iwmji-source",
-        "rev": "ea7d4aa9b8225abd6147339f0d56675d6f1f0fd1",
+        "lastModified": 1622103435,
+        "narHash": "sha256-5i5mGg402AANnSRQmWVo7lqiyw3taoMwX26oslOD9c4=",
+        "path": "/nix/store/xxh005q6l2rq1zrdni7id3xay8s53q2y-source",
+        "rev": "5658fadedb748cb0bdbcb569a53bd6065a5704a9",
         "type": "path"
       },
       "original": {
@@ -80,11 +100,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1622103435,
-        "narHash": "sha256-5i5mGg402AANnSRQmWVo7lqiyw3taoMwX26oslOD9c4=",
+        "lastModified": 1622194753,
+        "narHash": "sha256-76qtvFp/vFEz46lz5iZMJ0mnsWQYmuGYlb0fHgKqqMg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5658fadedb748cb0bdbcb569a53bd6065a5704a9",
+        "rev": "540dccb2aeaffa9dc69bfdc41c55abd7ccc6baa3",
         "type": "github"
       },
       "original": {
@@ -112,6 +132,7 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "home-manager": "home-manager",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_2",

flake.nix

@@ -12,11 +12,19 @@
       url = "github:techieAgnostic/vim";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
-  outputs = { self, nixpkgs, home-manager, nixos-hardware, swatch, vim, ...}: {
+  outputs = { self, nixpkgs, home-manager, agenix, nixos-hardware, swatch, vim, ...}: {
     nixosConfigurations.iwakura = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
       modules = [
+
+        # enable secrets in the store
+        agenix.nixosModules.age
+        (import ./secrets)
 	
         # enable flakes or we'll be sad
         (import ./modules/flakes)
@@ -57,6 +65,7 @@
           nixpkgs.overlays = [
             swatch.overlay
             vim.overlay
+            agenix.overlay
             (import ./overlays/picom.nix)
           ];
           nix.registry.nixpkgs.flake = nixpkgs;

modules/emacs/default.nix

@@ -1,9 +1,10 @@
 { pkgs, ... }: {
   nixpkgs.overlays = [
-    (import ../../overlays/emacs.nix)
+    (import ./overlay.nix)
   ];
   services.emacs = {
     enable = true;
     defaultEditor = true;
+    install = true;
   };
 }

modules/emacs/home.nix

@@ -5,4 +5,7 @@
     (setq package-enable-at-startup nil)
     (package-initialize)
   '';
+  home.file.".emacs.d/init.el".text = ''
+    (server-start)
+  '';
 }

overlays/emacs.nix → modules/emacs/overlay.nix

@@ -6,15 +6,15 @@ in {
   emacs = emacsWithPackages (epkgs:
     (with epkgs.melpaStablePackages; [
       magit
-      zerodark-theme
+      evil
+      nix-mode
+      rainbow-delimiters
+      paredit
+      evil-surround
+      evil-textobj-anyblock
     ]) ++ (with epkgs.melpaPackages; [
-      # undo-tree
-      # zoom-frm
+      racket-mode
     ]) ++ (with epkgs.elpaPackages; [
-      auctex
-      beacon
-      nameless
-    ]) ++ [
-      #prev.notmuch
-    ]);
+    ]) ++ (with final; [
+    ]));
 }

modules/zsh/home.nix

@@ -32,6 +32,7 @@ in {
     shellAliases = {
       nf = "neofetch --gtk2 off --gtk3 off --ascii_bold on";
       ls = "ls --color";
+      ec = "emacsclient";
     };
     plugins = (map wrapPlugin [
       { name = "fast-syntax-highlighting";

secrets/default.nix

@@ -0,0 +1,9 @@
+{
+  age = {
+    secrets = {
+      secret1.file = ./secret1.age;
+    };
+    # sshKeyPaths = [ ../keys ];
+    sshKeyPaths = [ "/home/thorn/.ssh/id_ed25519" ];
+  };
+}

secrets/secrets.nix

@@ -0,0 +1,10 @@
+let
+  thorn = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIWOEyzcn4ybt6MHXOGP5TSzMXQeoB/pkf9RgQxYtbT2 thorn@iwakura";
+  users = [ thorn ];
+
+  iwakura = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIWOEyzcn4ybt6MHXOGP5TSzMXQeoB/pkf9RgQxYtbT2 thorn@iwakura";
+  systems = [ iwakura ];
+in {
+  "secret1.age".publicKeys = [ thorn iwakura ];
+}
+

users/thorn/home.nix

@@ -31,6 +31,7 @@
     # packages that are needed
     packages = with pkgs; [
       # system stuff
+      agenix
       htop gotop
       neofetch scrot
       git
@@ -63,7 +64,7 @@
       racket
       stack ghc
       idris idris2
-      cargo rustc
+      cargo rustc gcc
 
       # games
       nethack crawl crawlTiles