trying out encrypted secrets

This commit is contained in:
Thorn Avery 2021-05-31 11:14:29 +00:00
parent 5d55315729
commit e951f992c1
11 changed files with 81 additions and 25 deletions

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
*.swp
old
result
keys

View File

@ -1,5 +1,25 @@
{
"nodes": {
"agenix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1620877075,
"narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=",
"owner": "ryantm",
"repo": "agenix",
"rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1617631617,
@ -20,11 +40,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1617824794,
"narHash": "sha256-UGkvzx0nIXHhNq/KwJLjXvKAQRE2V33MuX+UirvqrkQ=",
"lastModified": 1622312678,
"narHash": "sha256-LsVDvO6TBnSQNNoV+Dt10+jx91eS74k8hf4zIOMAyR0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2aa20ae969f2597c4df10a094440a66e9d7f8c86",
"rev": "49706878e1580d796cc99b63574310405935113f",
"type": "github"
},
"original": {
@ -52,11 +72,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1620983891,
"narHash": "sha256-E2OKVgGo/cUqDsrIeYGVx64b4cxgzd7+bX33NHL0rbA=",
"lastModified": 1622314052,
"narHash": "sha256-DwrLZ6NXPzKpQx3RTjdwdmlGDr6kHVx2gaeHCWCb09Q=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "c4399b921fa7ff5f93ee10b3521b56b722ed74d8",
"rev": "684ae160a6e76590eafa3fca8061b6ad57bcc9ad",
"type": "github"
},
"original": {
@ -67,10 +87,10 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1621840840,
"narHash": "sha256-o6h6+d5ZwrFmOTe+ma9s1Z9kyHsCW1C84IA8RZ9/fIU=",
"path": "/nix/store/jjsygkm01c9fg053m3l2ni1mny1iwmji-source",
"rev": "ea7d4aa9b8225abd6147339f0d56675d6f1f0fd1",
"lastModified": 1622103435,
"narHash": "sha256-5i5mGg402AANnSRQmWVo7lqiyw3taoMwX26oslOD9c4=",
"path": "/nix/store/xxh005q6l2rq1zrdni7id3xay8s53q2y-source",
"rev": "5658fadedb748cb0bdbcb569a53bd6065a5704a9",
"type": "path"
},
"original": {
@ -80,11 +100,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1622103435,
"narHash": "sha256-5i5mGg402AANnSRQmWVo7lqiyw3taoMwX26oslOD9c4=",
"lastModified": 1622194753,
"narHash": "sha256-76qtvFp/vFEz46lz5iZMJ0mnsWQYmuGYlb0fHgKqqMg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5658fadedb748cb0bdbcb569a53bd6065a5704a9",
"rev": "540dccb2aeaffa9dc69bfdc41c55abd7ccc6baa3",
"type": "github"
},
"original": {
@ -112,6 +132,7 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"home-manager": "home-manager",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",

View File

@ -12,12 +12,20 @@
url = "github:techieAgnostic/vim";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, home-manager, nixos-hardware, swatch, vim, ...}: {
};
outputs = { self, nixpkgs, home-manager, agenix, nixos-hardware, swatch, vim, ...}: {
nixosConfigurations.iwakura = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
# enable secrets in the store
agenix.nixosModules.age
(import ./secrets)
# enable flakes or we'll be sad
(import ./modules/flakes)
@ -57,6 +65,7 @@
nixpkgs.overlays = [
swatch.overlay
vim.overlay
agenix.overlay
(import ./overlays/picom.nix)
];
nix.registry.nixpkgs.flake = nixpkgs;

View File

@ -1,9 +1,10 @@
{ pkgs, ... }: {
nixpkgs.overlays = [
(import ../../overlays/emacs.nix)
(import ./overlay.nix)
];
services.emacs = {
enable = true;
defaultEditor = true;
install = true;
};
}

View File

@ -5,4 +5,7 @@
(setq package-enable-at-startup nil)
(package-initialize)
'';
home.file.".emacs.d/init.el".text = ''
(server-start)
'';
}

View File

@ -6,15 +6,15 @@ in {
emacs = emacsWithPackages (epkgs:
(with epkgs.melpaStablePackages; [
magit
zerodark-theme
evil
nix-mode
rainbow-delimiters
paredit
evil-surround
evil-textobj-anyblock
]) ++ (with epkgs.melpaPackages; [
# undo-tree
# zoom-frm
racket-mode
]) ++ (with epkgs.elpaPackages; [
auctex
beacon
nameless
]) ++ [
#prev.notmuch
]);
]) ++ (with final; [
]));
}

View File

@ -32,6 +32,7 @@ in {
shellAliases = {
nf = "neofetch --gtk2 off --gtk3 off --ascii_bold on";
ls = "ls --color";
ec = "emacsclient";
};
plugins = (map wrapPlugin [
{ name = "fast-syntax-highlighting";

9
secrets/default.nix Normal file
View File

@ -0,0 +1,9 @@
{
age = {
secrets = {
secret1.file = ./secret1.age;
};
# sshKeyPaths = [ ../keys ];
sshKeyPaths = [ "/home/thorn/.ssh/id_ed25519" ];
};
}

BIN
secrets/secret1.age Normal file

Binary file not shown.

10
secrets/secrets.nix Normal file
View File

@ -0,0 +1,10 @@
let
thorn = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIWOEyzcn4ybt6MHXOGP5TSzMXQeoB/pkf9RgQxYtbT2 thorn@iwakura";
users = [ thorn ];
iwakura = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIWOEyzcn4ybt6MHXOGP5TSzMXQeoB/pkf9RgQxYtbT2 thorn@iwakura";
systems = [ iwakura ];
in {
"secret1.age".publicKeys = [ thorn iwakura ];
}

View File

@ -31,6 +31,7 @@
# packages that are needed
packages = with pkgs; [
# system stuff
agenix
htop gotop
neofetch scrot
git
@ -63,7 +64,7 @@
racket
stack ghc
idris idris2
cargo rustc
cargo rustc gcc
# games
nethack crawl crawlTiles