jordan/nix-config
1
1
Fork 0
Code Issues 14 Pull Requests Actions Projects 3 Wiki Activity

Migrate secrets to separate repo

Browse Source
This commit is contained in:
Jordan Holt 2023-12-16 18:39:00 +00:00
parent f9cf5758e3
commit aa5a4e27a3
Signed by: jordan
GPG Key ID: B8CFFF61F1CCF520
5 changed files with 29 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
flake.lock generated
View File

@ -86,11 +86,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1702195709, "lastModified": 1702676849,
"narHash": "sha256-+zRjWkm5rKqQ57PuLZ3JF3xi3vPMiOJzItb1m/43Cq4=", "narHash": "sha256-XqcREaTS38/QOsN8fk8PP325/UXHyF9enbP5ZPw5aiA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "6761b8188b860f374b457eddfdb05c82eef9752f", "rev": "aa99c2f4e9847cbb7e46fac0844ea1eb164b3b3a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -137,9 +137,26 @@
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"secrets": "secrets",
"thunderbird-gnome-theme": "thunderbird-gnome-theme" "thunderbird-gnome-theme": "thunderbird-gnome-theme"
} }
}, },
"secrets": {
"flake": false,
"locked": {
"lastModified": 1702750793,
"narHash": "sha256-w4ajlpX4k+9HBgmRhMaWMfHsNEs1M4ncKtJGXZcHqe8=",
"ref": "refs/heads/master",
"rev": "08e2b6b214e43e8bf3b3db9b7819fd27a1038c86",
"revCount": 1,
"type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
},
"original": {
"type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
}
},
"thunderbird-gnome-theme": { "thunderbird-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {

6
flake.nix
View File

@ -12,13 +12,17 @@
url = "github:rafaelmardojai/firefox-gnome-theme"; url = "github:rafaelmardojai/firefox-gnome-theme";
flake = false; flake = false;
}; };
secrets = {
url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git";
flake = false;
};
thunderbird-gnome-theme = { thunderbird-gnome-theme = {
url = "github:rafaelmardojai/thunderbird-gnome-theme"; url = "github:rafaelmardojai/thunderbird-gnome-theme";
flake = false; flake = false;
}; };
}; };
outputs = inputs @ { self, nixpkgs, agenix, home-manager, ... }: outputs = inputs @ { self, nixpkgs, agenix, home-manager, secrets, ... }:
let let
nixpkgsForSystem = system: inputs.nixpkgs; nixpkgsForSystem = system: inputs.nixpkgs;
overlays = [ overlays = [

8
hosts/odyssey/default.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, inputs, ... }:
{ {
imports = [ imports = [
@ -50,8 +50,8 @@
}; };
}; };
age.secrets."odyssey_borg_passphrase" = { age.secrets."odyssey-passphrase" = {
file = ../../secrets/odyssey_borg_passphrase.age; file = "${inputs.secrets}/passwords/services/borg/odyssey-passphrase.age";
}; };
services.borgmatic = { services.borgmatic = {
@ -64,7 +64,7 @@
{ label = "borgbase"; path = "ssh://iqwu22oq@iqwu22oq.repo.borgbase.com/./repo"; } { label = "borgbase"; path = "ssh://iqwu22oq@iqwu22oq.repo.borgbase.com/./repo"; }
]; ];
storage = { storage = {
encryption_passcommand = "cat ${config.age.secrets.odyssey_borg_passphrase.path}"; encryption_passcommand = "cat ${config.age.secrets.odyssey-passphrase.path}";
ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key"; ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key";
}; };
retention = { retention = {

10
secrets.nix
View File

@ -1,10 +0,0 @@
let
jordan = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS";
users = [ jordan ];
odyssey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJre8/cjdoUnbTu0x4ClTITcq4lq+FjpEyJBbLbOlox7";
systems = [ odyssey ];
in
{
"secrets/odyssey_borg_passphrase.age".publicKeys = [ jordan odyssey ];
}

BIN
secrets/odyssey_borg_passphrase.age
View File

Binary file not shown.