trying out encrypted secrets
This commit is contained in:
parent
5d55315729
commit
e951f992c1
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
|||||||
*.swp
|
*.swp
|
||||||
old
|
old
|
||||||
result
|
result
|
||||||
|
keys
|
||||||
|
|||||||
47
flake.lock
47
flake.lock
@ -1,5 +1,25 @@
|
|||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
|
"agenix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1620877075,
|
||||||
|
"narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=",
|
||||||
|
"owner": "ryantm",
|
||||||
|
"repo": "agenix",
|
||||||
|
"rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "ryantm",
|
||||||
|
"repo": "agenix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1617631617,
|
"lastModified": 1617631617,
|
||||||
@ -20,11 +40,11 @@
|
|||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1617824794,
|
"lastModified": 1622312678,
|
||||||
"narHash": "sha256-UGkvzx0nIXHhNq/KwJLjXvKAQRE2V33MuX+UirvqrkQ=",
|
"narHash": "sha256-LsVDvO6TBnSQNNoV+Dt10+jx91eS74k8hf4zIOMAyR0=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "2aa20ae969f2597c4df10a094440a66e9d7f8c86",
|
"rev": "49706878e1580d796cc99b63574310405935113f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -52,11 +72,11 @@
|
|||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1620983891,
|
"lastModified": 1622314052,
|
||||||
"narHash": "sha256-E2OKVgGo/cUqDsrIeYGVx64b4cxgzd7+bX33NHL0rbA=",
|
"narHash": "sha256-DwrLZ6NXPzKpQx3RTjdwdmlGDr6kHVx2gaeHCWCb09Q=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "c4399b921fa7ff5f93ee10b3521b56b722ed74d8",
|
"rev": "684ae160a6e76590eafa3fca8061b6ad57bcc9ad",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -67,10 +87,10 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1621840840,
|
"lastModified": 1622103435,
|
||||||
"narHash": "sha256-o6h6+d5ZwrFmOTe+ma9s1Z9kyHsCW1C84IA8RZ9/fIU=",
|
"narHash": "sha256-5i5mGg402AANnSRQmWVo7lqiyw3taoMwX26oslOD9c4=",
|
||||||
"path": "/nix/store/jjsygkm01c9fg053m3l2ni1mny1iwmji-source",
|
"path": "/nix/store/xxh005q6l2rq1zrdni7id3xay8s53q2y-source",
|
||||||
"rev": "ea7d4aa9b8225abd6147339f0d56675d6f1f0fd1",
|
"rev": "5658fadedb748cb0bdbcb569a53bd6065a5704a9",
|
||||||
"type": "path"
|
"type": "path"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -80,11 +100,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1622103435,
|
"lastModified": 1622194753,
|
||||||
"narHash": "sha256-5i5mGg402AANnSRQmWVo7lqiyw3taoMwX26oslOD9c4=",
|
"narHash": "sha256-76qtvFp/vFEz46lz5iZMJ0mnsWQYmuGYlb0fHgKqqMg=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5658fadedb748cb0bdbcb569a53bd6065a5704a9",
|
"rev": "540dccb2aeaffa9dc69bfdc41c55abd7ccc6baa3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -112,6 +132,7 @@
|
|||||||
},
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
|
"agenix": "agenix",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs_2",
|
||||||
|
|||||||
11
flake.nix
11
flake.nix
@ -12,11 +12,19 @@
|
|||||||
url = "github:techieAgnostic/vim";
|
url = "github:techieAgnostic/vim";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
agenix = {
|
||||||
|
url = "github:ryantm/agenix";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
outputs = { self, nixpkgs, home-manager, nixos-hardware, swatch, vim, ...}: {
|
outputs = { self, nixpkgs, home-manager, agenix, nixos-hardware, swatch, vim, ...}: {
|
||||||
nixosConfigurations.iwakura = nixpkgs.lib.nixosSystem {
|
nixosConfigurations.iwakura = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = [
|
||||||
|
|
||||||
|
# enable secrets in the store
|
||||||
|
agenix.nixosModules.age
|
||||||
|
(import ./secrets)
|
||||||
|
|
||||||
# enable flakes or we'll be sad
|
# enable flakes or we'll be sad
|
||||||
(import ./modules/flakes)
|
(import ./modules/flakes)
|
||||||
@ -57,6 +65,7 @@
|
|||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
swatch.overlay
|
swatch.overlay
|
||||||
vim.overlay
|
vim.overlay
|
||||||
|
agenix.overlay
|
||||||
(import ./overlays/picom.nix)
|
(import ./overlays/picom.nix)
|
||||||
];
|
];
|
||||||
nix.registry.nixpkgs.flake = nixpkgs;
|
nix.registry.nixpkgs.flake = nixpkgs;
|
||||||
|
|||||||
@ -1,9 +1,10 @@
|
|||||||
{ pkgs, ... }: {
|
{ pkgs, ... }: {
|
||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
(import ../../overlays/emacs.nix)
|
(import ./overlay.nix)
|
||||||
];
|
];
|
||||||
services.emacs = {
|
services.emacs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
defaultEditor = true;
|
defaultEditor = true;
|
||||||
|
install = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@ -5,4 +5,7 @@
|
|||||||
(setq package-enable-at-startup nil)
|
(setq package-enable-at-startup nil)
|
||||||
(package-initialize)
|
(package-initialize)
|
||||||
'';
|
'';
|
||||||
|
home.file.".emacs.d/init.el".text = ''
|
||||||
|
(server-start)
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
|||||||
@ -6,15 +6,15 @@ in {
|
|||||||
emacs = emacsWithPackages (epkgs:
|
emacs = emacsWithPackages (epkgs:
|
||||||
(with epkgs.melpaStablePackages; [
|
(with epkgs.melpaStablePackages; [
|
||||||
magit
|
magit
|
||||||
zerodark-theme
|
evil
|
||||||
|
nix-mode
|
||||||
|
rainbow-delimiters
|
||||||
|
paredit
|
||||||
|
evil-surround
|
||||||
|
evil-textobj-anyblock
|
||||||
]) ++ (with epkgs.melpaPackages; [
|
]) ++ (with epkgs.melpaPackages; [
|
||||||
# undo-tree
|
racket-mode
|
||||||
# zoom-frm
|
|
||||||
]) ++ (with epkgs.elpaPackages; [
|
]) ++ (with epkgs.elpaPackages; [
|
||||||
auctex
|
]) ++ (with final; [
|
||||||
beacon
|
]));
|
||||||
nameless
|
|
||||||
]) ++ [
|
|
||||||
#prev.notmuch
|
|
||||||
]);
|
|
||||||
}
|
}
|
||||||
@ -32,6 +32,7 @@ in {
|
|||||||
shellAliases = {
|
shellAliases = {
|
||||||
nf = "neofetch --gtk2 off --gtk3 off --ascii_bold on";
|
nf = "neofetch --gtk2 off --gtk3 off --ascii_bold on";
|
||||||
ls = "ls --color";
|
ls = "ls --color";
|
||||||
|
ec = "emacsclient";
|
||||||
};
|
};
|
||||||
plugins = (map wrapPlugin [
|
plugins = (map wrapPlugin [
|
||||||
{ name = "fast-syntax-highlighting";
|
{ name = "fast-syntax-highlighting";
|
||||||
|
|||||||
9
secrets/default.nix
Normal file
9
secrets/default.nix
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
{
|
||||||
|
age = {
|
||||||
|
secrets = {
|
||||||
|
secret1.file = ./secret1.age;
|
||||||
|
};
|
||||||
|
# sshKeyPaths = [ ../keys ];
|
||||||
|
sshKeyPaths = [ "/home/thorn/.ssh/id_ed25519" ];
|
||||||
|
};
|
||||||
|
}
|
||||||
BIN
secrets/secret1.age
Normal file
BIN
secrets/secret1.age
Normal file
Binary file not shown.
10
secrets/secrets.nix
Normal file
10
secrets/secrets.nix
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
let
|
||||||
|
thorn = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIWOEyzcn4ybt6MHXOGP5TSzMXQeoB/pkf9RgQxYtbT2 thorn@iwakura";
|
||||||
|
users = [ thorn ];
|
||||||
|
|
||||||
|
iwakura = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIWOEyzcn4ybt6MHXOGP5TSzMXQeoB/pkf9RgQxYtbT2 thorn@iwakura";
|
||||||
|
systems = [ iwakura ];
|
||||||
|
in {
|
||||||
|
"secret1.age".publicKeys = [ thorn iwakura ];
|
||||||
|
}
|
||||||
|
|
||||||
@ -31,6 +31,7 @@
|
|||||||
# packages that are needed
|
# packages that are needed
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
# system stuff
|
# system stuff
|
||||||
|
agenix
|
||||||
htop gotop
|
htop gotop
|
||||||
neofetch scrot
|
neofetch scrot
|
||||||
git
|
git
|
||||||
@ -63,7 +64,7 @@
|
|||||||
racket
|
racket
|
||||||
stack ghc
|
stack ghc
|
||||||
idris idris2
|
idris idris2
|
||||||
cargo rustc
|
cargo rustc gcc
|
||||||
|
|
||||||
# games
|
# games
|
||||||
nethack crawl crawlTiles
|
nethack crawl crawlTiles
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user