tstarr/dotfiles
1
0
Fork 0
mirror of https://github.com/starr-dusT/dotfiles.git synced 2025-02-19 19:27:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

first agenix key setup

Browse Source
This commit is contained in:
Tyler Starr 2024-07-21 11:52:02 -07:00
parent 19df43df3a
commit 92bbe4d059
7 changed files with 133 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
home/private_dot_ssh/config
View File

@ -1,3 +1,3 @@
Host github.com Host github.com
AddKeysToAgent yes AddKeysToAgent yes
IdentityFile ~/.ssh/keys/github_personal IdentityFile /run/agenix/git/github_personal

0
home/private_dot_ssh/keys/.placeholder
View File

BIN
provision/age-secrets/git/github_personal.age Normal file
View File

Binary file not shown.

10
provision/age-secrets/secrets.nix Normal file
View File

@ -0,0 +1,10 @@
let
kestrel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2iE16XVkriD0x6GhnqmvGDA1qNBibvHVIi5xY+c7Iu";
systems = [ kestrel ];
tstarr_kestrel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINr2BUUToMswbAbxZMXarl2pQEomM+jADyZbEK31VGu/";
users = [ tstarr_kestrel ];
in
{
"git/github_personal.age".publicKeys = users ++ systems;
}

114
provision/flake.lock generated
View File

@ -1,6 +1,70 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1720546205,
"narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=",
"owner": "ryantm",
"repo": "agenix",
"rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -55,8 +119,8 @@
"hyprlang": "hyprlang", "hyprlang": "hyprlang",
"hyprutils": "hyprutils", "hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner", "hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"systems": "systems", "systems": "systems_2",
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
@ -218,11 +282,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1719075281, "lastModified": 1703013332,
"narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=", "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af", "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -249,6 +313,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1719075281,
"narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1720031269, "lastModified": 1720031269,
"narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=",
@ -264,7 +344,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1719468428, "lastModified": 1719468428,
"narHash": "sha256-vN5xJAZ4UGREEglh3lfbbkIj+MPEYMuqewMn4atZFaQ=", "narHash": "sha256-vN5xJAZ4UGREEglh3lfbbkIj+MPEYMuqewMn4atZFaQ=",
@ -282,17 +362,18 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"home-manager": "home-manager", "agenix": "agenix",
"home-manager": "home-manager_2",
"hyprland": "hyprland", "hyprland": "hyprland",
"hyprland-contrib": "hyprland-contrib", "hyprland-contrib": "hyprland-contrib",
"jovian-nixos": "jovian-nixos", "jovian-nixos": "jovian-nixos",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_3",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
@ -310,6 +391,21 @@
} }
}, },
"systems": { "systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",

7
provision/flake.nix
View File

@ -12,6 +12,7 @@
flake = false; flake = false;
}; };
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
agenix.url = "github:ryantm/agenix";
hyprland.url = "github:hyprwm/Hyprland"; hyprland.url = "github:hyprwm/Hyprland";
hyprland-contrib = { hyprland-contrib = {
url = "github:hyprwm/contrib"; url = "github:hyprwm/contrib";
@ -19,7 +20,7 @@
}; };
}; };
outputs = inputs @ { self, nixpkgs, home-manager, jovian-nixos, sops-nix, hyprland, ... }: outputs = inputs @ { self, nixpkgs, home-manager, jovian-nixos, sops-nix, agenix,hyprland, ... }:
let let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import nixpkgs { pkgs = import nixpkgs {
@ -37,6 +38,7 @@
./hosts/kestrel/configuration.nix ./hosts/kestrel/configuration.nix
./hosts/kestrel/hardware.nix ./hosts/kestrel/hardware.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
agenix.nixosModules.default
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
@ -59,6 +61,7 @@
./hosts/shivan/configuration.nix ./hosts/shivan/configuration.nix
./hosts/shivan/hardware.nix ./hosts/shivan/hardware.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
agenix.nixosModules.default
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
@ -81,6 +84,7 @@
./hosts/torus/configuration.nix ./hosts/torus/configuration.nix
./hosts/torus/hardware.nix ./hosts/torus/hardware.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
agenix.nixosModules.default
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
@ -103,6 +107,7 @@
./hosts/bulwark/configuration.nix ./hosts/bulwark/configuration.nix
./hosts/bulwark/hardware.nix ./hosts/bulwark/hardware.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
agenix.nixosModules.default
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;

13
provision/modules/system/secrets.nix
View File

@ -1,11 +1,20 @@
{ config, lib, pkgs, user, ... }: { config, lib, pkgs, user, inputs, ... }:
let cfg = config.modules.system.secrets; let cfg = config.modules.system.secrets;
in { in {
options.modules.system.secrets.enable = lib.mkEnableOption "secrets"; options.modules.system.secrets.enable = lib.mkEnableOption "secrets";
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [
inputs.agenix.packages.x86_64-linux.default
];
age.secrets."git/github_personal" = {
file = ../../age-secrets/git/github_personal.age;
owner = "${user}";
group = "users";
};
sops = let sops = let
ncHost = (if config.networking.hostName == "torus" then "nextcloud" else "${user}"); ncHost = (if config.networking.hostName == "torus" then "nextcloud" else "${user}");
in { in {