From bbf835d127f44d439c7a20fc6f08ff6f27ebddee Mon Sep 17 00:00:00 2001 From: Jordan Holt Date: Sun, 3 Dec 2023 21:59:44 +0000 Subject: [PATCH] Add secrets with agenix --- flake.lock | 84 +++++++++++++++++++++++++++- flake.nix | 12 ++-- secrets.nix | 10 ++++ secrets/odyssey_borg_passphrase.age | Bin 0 -> 567 bytes 4 files changed, 99 insertions(+), 7 deletions(-) create mode 100644 secrets.nix create mode 100644 secrets/odyssey_borg_passphrase.age diff --git a/flake.lock b/flake.lock index ff0858b..900d1df 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,47 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1701216516, + "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=", + "owner": "ryantm", + "repo": "agenix", + "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -17,6 +59,27 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1682203081, + "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -38,6 +101,22 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1677676435, + "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1701389149, "narHash": "sha256-rU1suTIEd5DGCaAXKW6yHoCfR1mnYjOXQFOaH7M23js=", @@ -54,9 +133,10 @@ }, "root": { "inputs": { + "agenix": "agenix", "firefox-gnome-theme": "firefox-gnome-theme", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs", + "home-manager": "home-manager_2", + "nixpkgs": "nixpkgs_2", "thunderbird-gnome-theme": "thunderbird-gnome-theme" } }, diff --git a/flake.nix b/flake.nix index f549431..90e56ad 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-23.11"; + agenix.url = "github:ryantm/agenix"; home-manager = { url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; @@ -17,7 +18,7 @@ }; }; - outputs = inputs @ { self, nixpkgs, home-manager, ... }: + outputs = inputs @ { self, nixpkgs, agenix, home-manager, ... }: let inherit (lib) attrValues; inherit (lib.my) mapModules mapModulesRec; @@ -44,7 +45,7 @@ nixosConfigurations = { atlas = nixpkgs.lib.nixosSystem { modules = [ - inputs.home-manager.nixosModules.home-manager + home-manager.nixosModules.home-manager { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; } (import ./modules) ./hosts/atlas @@ -53,7 +54,7 @@ }; eos = nixpkgs.lib.nixosSystem { modules = [ - inputs.home-manager.nixosModules.home-manager + home-manager.nixosModules.home-manager { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; } (import ./modules) ./hosts/eos @@ -62,7 +63,7 @@ }; helios = nixpkgs.lib.nixosSystem { modules = [ - inputs.home-manager.nixosModules.home-manager + home-manager.nixosModules.home-manager { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; } (import ./modules) ./hosts/helios @@ -71,7 +72,8 @@ }; odyssey = nixpkgs.lib.nixosSystem { modules = [ - inputs.home-manager.nixosModules.home-manager + home-manager.nixosModules.home-manager + agenix.nixosModules.default { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; } (import ./modules) ./hosts/odyssey diff --git a/secrets.nix b/secrets.nix new file mode 100644 index 0000000..cf926b2 --- /dev/null +++ b/secrets.nix @@ -0,0 +1,10 @@ +let + jordan = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS"; + users = [ jordan ]; + + odyssey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJre8/cjdoUnbTu0x4ClTITcq4lq+FjpEyJBbLbOlox7"; + systems = [ odyssey ]; +in +{ + "secrets/odyssey_borg_passphrase.age".publicKeys = [ jordan odyssey ]; +} diff --git a/secrets/odyssey_borg_passphrase.age b/secrets/odyssey_borg_passphrase.age new file mode 100644 index 0000000000000000000000000000000000000000..58558b282fedf3db338f63455c552842ad0832ab GIT binary patch literal 567 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyFvH#RjjEcY)eFo-ZUa*1>a$uiLPw#fD~FyS)GH81ol@~-qNj`9x5 z%go8B$SQCScT99GGYv{H3pFe&(oQ!sO)HBEibS_9t1!$Y$x$KH-P_TkILF(>u+Y0Q z*|Q)uB+DqsG`yrZBp}$wEwm&k(xOs3Lfat4Ih3o^)HlGZ}6l`0aijTc+dQoa(ajJs4N_tJOpRa;)X_P{(ev*!v zeLRzo4#>*o?k>%abH&(s>KYL9>UDK+w z%;&pqF_m|Io*7l_rTgUNf!z~-AGp7r@5