trying out encrypted secrets
This commit is contained in:
parent
5d55315729
commit
e951f992c1
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
||||
*.swp
|
||||
old
|
||||
result
|
||||
keys
|
||||
|
47
flake.lock
47
flake.lock
@ -1,5 +1,25 @@
|
||||
{
|
||||
"nodes": {
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1620877075,
|
||||
"narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1617631617,
|
||||
@ -20,11 +40,11 @@
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1617824794,
|
||||
"narHash": "sha256-UGkvzx0nIXHhNq/KwJLjXvKAQRE2V33MuX+UirvqrkQ=",
|
||||
"lastModified": 1622312678,
|
||||
"narHash": "sha256-LsVDvO6TBnSQNNoV+Dt10+jx91eS74k8hf4zIOMAyR0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "2aa20ae969f2597c4df10a094440a66e9d7f8c86",
|
||||
"rev": "49706878e1580d796cc99b63574310405935113f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -52,11 +72,11 @@
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1620983891,
|
||||
"narHash": "sha256-E2OKVgGo/cUqDsrIeYGVx64b4cxgzd7+bX33NHL0rbA=",
|
||||
"lastModified": 1622314052,
|
||||
"narHash": "sha256-DwrLZ6NXPzKpQx3RTjdwdmlGDr6kHVx2gaeHCWCb09Q=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "c4399b921fa7ff5f93ee10b3521b56b722ed74d8",
|
||||
"rev": "684ae160a6e76590eafa3fca8061b6ad57bcc9ad",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -67,10 +87,10 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1621840840,
|
||||
"narHash": "sha256-o6h6+d5ZwrFmOTe+ma9s1Z9kyHsCW1C84IA8RZ9/fIU=",
|
||||
"path": "/nix/store/jjsygkm01c9fg053m3l2ni1mny1iwmji-source",
|
||||
"rev": "ea7d4aa9b8225abd6147339f0d56675d6f1f0fd1",
|
||||
"lastModified": 1622103435,
|
||||
"narHash": "sha256-5i5mGg402AANnSRQmWVo7lqiyw3taoMwX26oslOD9c4=",
|
||||
"path": "/nix/store/xxh005q6l2rq1zrdni7id3xay8s53q2y-source",
|
||||
"rev": "5658fadedb748cb0bdbcb569a53bd6065a5704a9",
|
||||
"type": "path"
|
||||
},
|
||||
"original": {
|
||||
@ -80,11 +100,11 @@
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1622103435,
|
||||
"narHash": "sha256-5i5mGg402AANnSRQmWVo7lqiyw3taoMwX26oslOD9c4=",
|
||||
"lastModified": 1622194753,
|
||||
"narHash": "sha256-76qtvFp/vFEz46lz5iZMJ0mnsWQYmuGYlb0fHgKqqMg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5658fadedb748cb0bdbcb569a53bd6065a5704a9",
|
||||
"rev": "540dccb2aeaffa9dc69bfdc41c55abd7ccc6baa3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -112,6 +132,7 @@
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"home-manager": "home-manager",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
|
11
flake.nix
11
flake.nix
@ -12,12 +12,20 @@
|
||||
url = "github:techieAgnostic/vim";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
agenix = {
|
||||
url = "github:ryantm/agenix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
outputs = { self, nixpkgs, home-manager, nixos-hardware, swatch, vim, ...}: {
|
||||
};
|
||||
outputs = { self, nixpkgs, home-manager, agenix, nixos-hardware, swatch, vim, ...}: {
|
||||
nixosConfigurations.iwakura = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
|
||||
# enable secrets in the store
|
||||
agenix.nixosModules.age
|
||||
(import ./secrets)
|
||||
|
||||
# enable flakes or we'll be sad
|
||||
(import ./modules/flakes)
|
||||
|
||||
@ -57,6 +65,7 @@
|
||||
nixpkgs.overlays = [
|
||||
swatch.overlay
|
||||
vim.overlay
|
||||
agenix.overlay
|
||||
(import ./overlays/picom.nix)
|
||||
];
|
||||
nix.registry.nixpkgs.flake = nixpkgs;
|
||||
|
@ -1,9 +1,10 @@
|
||||
{ pkgs, ... }: {
|
||||
nixpkgs.overlays = [
|
||||
(import ../../overlays/emacs.nix)
|
||||
(import ./overlay.nix)
|
||||
];
|
||||
services.emacs = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
install = true;
|
||||
};
|
||||
}
|
||||
|
@ -5,4 +5,7 @@
|
||||
(setq package-enable-at-startup nil)
|
||||
(package-initialize)
|
||||
'';
|
||||
home.file.".emacs.d/init.el".text = ''
|
||||
(server-start)
|
||||
'';
|
||||
}
|
||||
|
@ -6,15 +6,15 @@ in {
|
||||
emacs = emacsWithPackages (epkgs:
|
||||
(with epkgs.melpaStablePackages; [
|
||||
magit
|
||||
zerodark-theme
|
||||
evil
|
||||
nix-mode
|
||||
rainbow-delimiters
|
||||
paredit
|
||||
evil-surround
|
||||
evil-textobj-anyblock
|
||||
]) ++ (with epkgs.melpaPackages; [
|
||||
# undo-tree
|
||||
# zoom-frm
|
||||
racket-mode
|
||||
]) ++ (with epkgs.elpaPackages; [
|
||||
auctex
|
||||
beacon
|
||||
nameless
|
||||
]) ++ [
|
||||
#prev.notmuch
|
||||
]);
|
||||
]) ++ (with final; [
|
||||
]));
|
||||
}
|
@ -32,6 +32,7 @@ in {
|
||||
shellAliases = {
|
||||
nf = "neofetch --gtk2 off --gtk3 off --ascii_bold on";
|
||||
ls = "ls --color";
|
||||
ec = "emacsclient";
|
||||
};
|
||||
plugins = (map wrapPlugin [
|
||||
{ name = "fast-syntax-highlighting";
|
||||
|
9
secrets/default.nix
Normal file
9
secrets/default.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{
|
||||
age = {
|
||||
secrets = {
|
||||
secret1.file = ./secret1.age;
|
||||
};
|
||||
# sshKeyPaths = [ ../keys ];
|
||||
sshKeyPaths = [ "/home/thorn/.ssh/id_ed25519" ];
|
||||
};
|
||||
}
|
BIN
secrets/secret1.age
Normal file
BIN
secrets/secret1.age
Normal file
Binary file not shown.
10
secrets/secrets.nix
Normal file
10
secrets/secrets.nix
Normal file
@ -0,0 +1,10 @@
|
||||
let
|
||||
thorn = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIWOEyzcn4ybt6MHXOGP5TSzMXQeoB/pkf9RgQxYtbT2 thorn@iwakura";
|
||||
users = [ thorn ];
|
||||
|
||||
iwakura = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIWOEyzcn4ybt6MHXOGP5TSzMXQeoB/pkf9RgQxYtbT2 thorn@iwakura";
|
||||
systems = [ iwakura ];
|
||||
in {
|
||||
"secret1.age".publicKeys = [ thorn iwakura ];
|
||||
}
|
||||
|
@ -31,6 +31,7 @@
|
||||
# packages that are needed
|
||||
packages = with pkgs; [
|
||||
# system stuff
|
||||
agenix
|
||||
htop gotop
|
||||
neofetch scrot
|
||||
git
|
||||
@ -63,7 +64,7 @@
|
||||
racket
|
||||
stack ghc
|
||||
idris idris2
|
||||
cargo rustc
|
||||
cargo rustc gcc
|
||||
|
||||
# games
|
||||
nethack crawl crawlTiles
|
||||
|
Loading…
Reference in New Issue
Block a user