Price/dots
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: remove secrets dir from repo to submodule
Some checks failed
Check Formatting of Files / Check-Formatting (push) Failing after 38s
Details

Browse Source
This commit is contained in:
Price Hiller 2024-09-26 23:43:49 -05:00
parent a20a554d00
commit 2fae212062
Signed by: Price
GPG Key ID: C3FADDE7A8534BEB
13 changed files with 55 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitmodules vendored
View File

@ -22,3 +22,6 @@
[submodule "dots/.config/zsh/config/plugins/powerlevel10k"]
path = users/price/dots/.config/zsh/config/plugins/powerlevel10k
url = https://github.com/romkatv/powerlevel10k.git
[submodule "secrets"]
path = secrets
url = ssh://gitea@git.orion-technologies.io:2220/Price/Secrets.git

69
flake.lock
View File

@ -56,11 +56,11 @@
]
},
"locked": {
"lastModified": 1725738410,
"narHash": "sha256-7qb9cJrHnWSs1UPa76GKGhZTzq9r01MPrLcM5ky36cI=",
"lastModified": 1727370667,
"narHash": "sha256-i0yF7uAE0Msn5aH3UwxbaV3lxN9e5FhzeX/rnxW17A0=",
"ref": "refs/heads/Development",
"rev": "21bdbe569c959d06c02d9e492ba6c737bab92244",
"revCount": 100,
"rev": "a805e823d8006b9597af871f7ba1a18d9daaedad",
"revCount": 101,
"type": "git",
"url": "https://git.orion-technologies.io/blog/blog"
},
@ -150,11 +150,11 @@
]
},
"locked": {
"lastModified": 1727249977,
"narHash": "sha256-lAqOCDI4B6hA+t+KHSm/Go8hQF/Ob5sgXaIRtMAnMKw=",
"lastModified": 1727359191,
"narHash": "sha256-5PltTychnExFwzpEnY3WhOywaMV/M6NxYI/y3oXuUtw=",
"owner": "nix-community",
"repo": "disko",
"rev": "c1c472f4cd91e4b0703e02810a8c7ed30186b6fa",
"rev": "67dc29be3036cc888f0b9d4f0a788ee0f6768700",
"type": "github"
},
"original": {
@ -174,11 +174,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1727281458,
"narHash": "sha256-wp4a4+dDAjFYm5tI5BjjgcE4hdjpDcv5U3O+07xjwVc=",
"lastModified": 1727411519,
"narHash": "sha256-9xQF78yyNv/dkJ56HKVtJLRM6aoytIk6VPyNlR25Zyk=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "e81b6546fb597e6204bd6ef1bd0e6d35d498be20",
"rev": "a4ee09a79bdebef57ee7b1b74586c6d1f438541a",
"type": "github"
},
"original": {
@ -406,11 +406,11 @@
]
},
"locked": {
"lastModified": 1727246346,
"narHash": "sha256-TcUaKtya339Asu+g6KTJ8h7KiKcKXKp2V+At+7tksyY=",
"lastModified": 1727383923,
"narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1e22ef1518fb175d762006f9cae7f6312b8caedb",
"rev": "ffe2d07e771580a005e675108212597e5b367d2d",
"type": "github"
},
"original": {
@ -479,11 +479,11 @@
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1727264689,
"narHash": "sha256-SwPqM1ZvLsmbBXyGP0egysO/JQWQb9GhqgURt2PMKyk=",
"lastModified": 1727380702,
"narHash": "sha256-1YUAqvZc9YOUERyPiaOGYEg2fIf20+yIWGhzB0Ke6j8=",
"owner": "nixos",
"repo": "nix",
"rev": "6c37d815145369cbb9136f3aaa01f5fcd25d9db6",
"rev": "0ed67e5b7ee9ad8fae162e1b10b25d22ada2b1f3",
"type": "github"
},
"original": {
@ -526,11 +526,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1727294711,
"narHash": "sha256-7G6JIC7Vb26C48oFmpwOr1OuOJK8YEJwF3w3yN7Byyc=",
"lastModified": 1727412098,
"narHash": "sha256-ujxF8U/dzaIeF5E9oG7INl4xC8pCjoxprTdtGoagjp0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c7412922a1d6acdc40250ba8e6460fd39c3fc2c7",
"rev": "f9c724d55b077d109a521f90736bfc4095ccd67d",
"type": "github"
},
"original": {
@ -557,11 +557,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1727129439,
"narHash": "sha256-nPyrcFm6FSk7CxzVW4x2hu62aLDghNcv9dX6DF3dXw8=",
"lastModified": 1727264057,
"narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "babc25a577c3310cce57c72d5bed70f4c3c3843a",
"rev": "759537f06e6999e141588ff1c9be7f3a5c060106",
"type": "github"
},
"original": {
@ -589,11 +589,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1726937504,
"narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=",
"lastModified": 1727122398,
"narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9357f4f23713673f310988025d9dc261c20e70c6",
"rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093",
"type": "github"
},
"original": {
@ -617,6 +617,7 @@
"nix": "nix",
"nixpkgs": "nixpkgs_3",
"nixpkgs-master": "nixpkgs-master",
"secrets": "secrets",
"wezterm": "wezterm"
}
},
@ -662,6 +663,24 @@
"type": "github"
}
},
"secrets": {
"flake": false,
"locked": {
"lastModified": 1727412130,
"narHash": "sha256-pifu78oIrAsnU8Iu51iXSPT331mJ6ehHy5iX/ZTQsSE=",
"ref": "refs/heads/main",
"rev": "8c078e598aeb9f4ead31cba2e8a62c7e77d75151",
"revCount": 1,
"submodules": true,
"type": "git",
"url": "file:secrets"
},
"original": {
"submodules": true,
"type": "git",
"url": "file:secrets"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,

8
flake.nix
View File

@ -39,6 +39,10 @@
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
secrets = {
url = "git+file:secrets?submodules=1";
flake = false;
};
};
outputs =
@ -200,7 +204,7 @@
inputs.disko.nixosModules.disko
{
config =
(import "${self}/secrets" {
(import "${inputs.secrets}" {
agenix = false;
inherit clib;
}).${hostname};
@ -228,7 +232,7 @@
inputs.disko.nixosModules.disko
{
config =
(import "${self}/secrets" {
(import "${inputs.secrets}" {
agenix = false;
inherit clib;
}).${hostname};

1
secrets Submodule

@ -0,0 +1 @@
Subproject commit 8c078e598aeb9f4ead31cba2e8a62c7e77d75151

61
secrets/default.nix
View File

@ -1,61 +0,0 @@
{
agenix ? false,
clib ? import ../clib { },
}:
let
masterKeys = [
"age1yubikey1qfnj0k4mkzrn8ef5llwh2sv6hd7ckr0qml3n9hzdpz9c59ypvryhyst87k0"
"age1ur2lr3z6d2eftgxcalc6s5x9840ew9x43upl9k23wg0ugacrn5as4zl6sj"
];
hosts = {
luna =
let
secrets = "hosts/luna";
in
{
users-root-pw = "${secrets}/users-root-pw.age";
users-price-pw = "${secrets}/users-price-pw.age";
gitea-db-pass = "${secrets}/gitea-db-pass.age";
gitea-runner-token = "${secrets}/gitea-runner-token.age";
gh-ts-autotag-runner-token = "${secrets}/gh-ts-autotag-runner-token.age";
};
orion =
let
secrets = "hosts/orion";
in
{
users-root-pw = "${secrets}/users-root-pw.age";
users-price-pw = "${secrets}/users-price-pw.age";
};
};
in
if agenix then
(builtins.listToAttrs (
builtins.concatMap (
host:
let
hostSecrets = (builtins.getAttr host hosts);
in
(builtins.map (
hostSecretName:
let
secret = (builtins.getAttr hostSecretName hostSecrets);
in
{
name = builtins.toString secret;
value = {
publicKeys = [ (import ./../hosts/${host}/pubkey.nix) ] ++ masterKeys;
};
}
) (builtins.attrNames hostSecrets))
) (builtins.attrNames hosts)
))
else
(builtins.mapAttrs (
host: secrets:
(clib.recursiveMerge (
builtins.map (secretName: { age.secrets.${secretName}.file = ./${secrets.${secretName}}; }) (
builtins.attrNames hosts.${host}
)
))
) hosts)

14
secrets/hosts/luna/gh-ts-autotag-runner-token.age
View File

@ -1,14 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFdvUU04QSA3d0F4
VUVXallDK0k3SzRCQitWdm9oWnZUakNQaFNsb0xQY0lzNFE4YWdRCmRJM3h3QXpw
ODVSTlNUL21Xc3gwcnMzQU1qWkx4bGV5dmtMZllPTkg5VDgKLT4gWDI1NTE5IFBv
T1hvcFVoakxSWXhwejJMMUYvUk0wRDJuS1JWREllRnoxZlpsTGlhQUEKSll1Z2dB
RkN4c2tDNzZDMDFYbzBaR3k2NTl5K0pGVjVWNjJ4aFBueTlkVQotPiBwaXYtcDI1
NiBySnMxSEEgQTJGb1BnSEZDZXkxZ3QrWVM1TVZocEdoaHlNYWY4UTZ0OWl2ejNa
K0dxbGEKL0F4NzJJeDRNTEt0TEdvV2tCUHBqNXh5QWllM1pIeEVzWHk1bldKRVU1
ZwotPiBWcy1mWW1SLWdyZWFzZSBBID4kLHlfCjBWb1VkclpRb2YvZnE1R3o5MmYr
NmlkcVdnUUNuM3hQQThHcWtLYXpVdkJiZTRXdVR3ZzV4dE9XNUxTZmdtSU0KcnVZ
aC90bWhRMDF3Ci0tLSBaeVpobG1MV2pXa09tYUhQOFhPS2tVNlJuYlNIM1JBWHV6
TzdySk5zVGxvCoc4tXEI5A6I5GJjkMdwkeloNCivh3VsT2VDZHNUZp8uexGj6pd+
Wjq8ITM6bdKKrRircy3Odra3Y4Uk91l5
-----END AGE ENCRYPTED FILE-----

16
secrets/hosts/luna/gitea-db-pass.age
View File

@ -1,16 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFdvUU04QSA2dU5y
dkdJS0txSXMrK3dCTmRCMy9PK0Erc1JRdXFIS0xjTnZMdTdKL1VVCjBRNnExK2VV
WXhLYXZMd2xuL2huMzJidjQxRW5BeGdSaEl0cU9jcHk3RkUKLT4gWDI1NTE5IFFX
em1EQ1krSzlDeDhvbnQ0NVJFbHRUeDMzMmFhLzBTdVNUKy96VWtZVjgKUjc0ZTJI
alJpdklVcFJtbS9zb3VENlYzWTNKNXpyM1BIUlZlTkYybDlabwotPiBwaXYtcDI1
NiBySnMxSEEgQXBXRERMVUtrVG1pOVdPcUhVOXAwNEI0UzcyN1d2b0tBUnU2YXZt
UTQ4S00KbDZJRHM5S1RoQXpWNXdtVUlocCtVMHdxSmNJMG5JME9CQXV4VTI4M0tq
cwotPiB4fWBFZlMtZ3JlYXNlCjdCMTliL0g1WkwxQ0JYcVl1UGNMN0dLa3ZQbFo0
U3pUWW9RbC9vSld6b1YyCi0tLSBFZ01JSmZFd3U2MVI0Q3F5UzB5ZE5VcGhWa1d2
NnI1NEJHcDZQRlM2ZmpNCooDm4de6FOOArgsQV6GmCqrNzGI39OOcEZJuYf/BqbL
ENzXqCun0pXKBvZMLlIaXMVeXuEq1xgvzmcmvwzwko8iYAWedRraYhdX/mT8SwEk
ZfSl0+lzN4DqswosNlZsdGE05OAv1E9MW2DVJn9+nHxsN9/kb20neHqpajef4nn2
WXp5TEfypf2MsL7XuAMGbqhEKsNszronl/HftefQA2/ipf9Zl039Eaw7my7tr6H+
v5VsdZxA5qj+0MNytrOFk/kaVFLWk0ce7t4fRF8=
-----END AGE ENCRYPTED FILE-----

13
secrets/hosts/luna/gitea-runner-token.age
View File

@ -1,13 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFdvUU04QSBDcVpl
L1lOTjduL1FkSUYzRnZtODU0ZWlQZmhGb0RxWmEyL0N1cmMrNkI4Cmd6MjJ6MlV3
QUIyVVBIQkVqVS9FdVIvMy9PWmhyWjd4T0phNmF1dExxUGcKLT4gWDI1NTE5IFRt
M1FyQ3FVTXZVcUFmb0FGNTVEZVlWdWpUMStwdzFMWFRWQ2c5MnNEUmcKeTdDaERE
SmhXd1BNR2k3L1p5QWZhU1pmMG5pWTRScUlHdU9lSnV1Qng5UQotPiBwaXYtcDI1
NiBySnMxSEEgQXhBRjE1em9QVWZDZTRuejhPcktjTlJTRlNBbmpiRmJUc2lVVlNv
cW5FUzQKSDUzREtNQ0U4RXZCT3hFdjQ3WGprTUNDYWkzYzE4RWdZa3ZuVElwdVJP
ZwotPiBHU00hJGQtZ3JlYXNlCklxZTIvYkMvSXMzdVdJaDMzWHoxNFM3ZGg5MEFI
VTJGTDNOSU1nCi0tLSBFclM5dWo3cUpmUWtPU2p4Rm1PaUxSUlc5dkxPMlFteFV3
YU53SFN2aEFnCib9f9NosXZNda+xHPTfnYMgxvHRiI1RGg050+Ak2HhRFRCmAs96
k70HPhmp6z7K76EbE7PTOHh4eZT3vK0EQWcMj1aS4iDFLWG3hMUHUP4=
-----END AGE ENCRYPTED FILE-----

15
secrets/hosts/luna/users-price-pw.age
View File

@ -1,15 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFdvUU04QSBKek5B
RWhneDgyY2MzUVJuYU5CNDdFenY2cTQyNTJ2TDhnN2pidkpNYjBFCkFWV0F3Mmsx
cGxMOEwxU2RSVlFnRXQvUG5sZDkxdkRMRE5lNUlVdVBJZkkKLT4gWDI1NTE5IHJk
bFcwSkxGdjBoYUtwWFAvSkVRL0c0eVFtRThoWDNCUlNDMFJHMXBWeTQKZEdIUTlB
UnhvRGRGY0lJR1hiNUV4b0oxL0RNU3I0VVJkbXhxa0QvUFlrUQotPiBwaXYtcDI1
NiBySnMxSEEgQXo2azJGUjR5ZUFMVXRmZm12NzhVaGNxb1JCZHdYQm1TTG5QSi93
WTFJTGEKZW5pdnRUbmFlM1FNV3RtQVJmd3NVSmszT0hCZUc2V285Y0RDRTNGVlNZ
QQotPiBiYV0sLWdyZWFzZSAycFUxYSBxOF97dCBwKiB2Q1JeCjRKQ3czL1RtUTVZ
RVBUQTMwVVJtUEJBdUJXVDlZVVVVeENuY0ZhUWRLbXBycTEzSHhWaFltb1pLN3k5
UQotLS0gWk96N3U1aElBL1NBUzQ2UlFpSmdTWnN2cHpPaWV4aXAyb211dHJRekYw
awpMQoWOGu/d8JcDYMr5954FuagIGNhNMRb7IBQpXQpDT9fjOCnkngU8p4YxcF5V
sgReOo63cA0LnbXS+3v2oSDHCyiHKr25sTF4Bxw//jzg49uxT4Wsv9ieBlDTD2zn
K6E+pph5fIkHAGpL
-----END AGE ENCRYPTED FILE-----

17
secrets/hosts/luna/users-root-pw.age
View File

@ -1,17 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFdvUU04QSBhQnh6
VFF0aUcrMnVBWjhNYVBzSjBucmljTWxCOFBXZHJSUzlVK3BGSUVNCmE2cW0zWi9G
Z0ZmdTNzS1M2VENKbjh0cFhqcFV4QnphcXRyaTBSb00zZ2sKLT4gWDI1NTE5IERx
bEhYQmhzdG03K3hYa0RuenNHYzh6YWYwWWpWZFYvME92Q0RkdGJZWDAKVzdsQnl5
WTRCVGg4NGlCRGNFWEtaem5YUGwyMElvZlJ6dmF1R29kU20zQQotPiBwaXYtcDI1
NiBySnMxSEEgQStkTmx2VEZrYkZaWmJUbmo5bWVpRUtlbHo2UzhDbkM4Y1IxWGVB
emExZ1QKdURmYUYzYzc0MjBSWm4wNjZ6dkJmRnRqWVg4Mzl6cGhRSTd2b25yREhu
UQotPiBQTVMxQHUtZ3JlYXNlIHReZSRFcwoza1VtM2tuY2EvL1ZQSjJHcmpoWFFQ
anRxeU5BM3lCUGFWMTM4T1NSOVFUazVQMnk3SnhZYnArRFB5bFRESnd6CjAwNE9R
STRteUQ5ZGZ6UzV0K05NdkNkU1NWRGpKdVM3Y094SWpHU2poam5aemFVL3JsS2Y1
V3lNSEZQbEl5OAotLS0gZlFMQTY1OXNiSloyd0tjQlhZbXBKcW9yeFZYb0cyOWJl
Y0p5clV5TkttdwrM3du1ZKJdqqpWmrbEJgio/UqzyrHth2Vlse1Z7sej6F2qQs0h
2flj9CQ76ynEw4Prmv+HDd1hWhFXjsJjduASeEXnj/zM1mlEb/T/yFttjzev2OFj
YHcGYKje+Lx7TTTSeS2R1eCEkGlJ2900scW1R0uthW1NeYQP3xeCR9lVx43RNfc+
26RlwjPJ
-----END AGE ENCRYPTED FILE-----

15
secrets/hosts/orion/users-price-pw.age
View File

@ -1,15 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdGaStLdyAyZW5W
THZJbXFlZUorRWxaYlFPUFJXUzZQQTRpVVBwN3J6RUZQelFGbUdvCm1CRHJ5TVJn
dmZ1d3FPWEp6Um0waGpzU05mWE5OYTlkeGJES2NYUkhHVGcKLT4gWDI1NTE5IDEr
S2lkakdFSXRoY21FNUJ5bDVpNFpLeHpIMzliM1MzcC8zSkwvTUZDUVUKS2Rhd04w
QjFRbWEzdW14eXB0cGdTT29mMGxKSHpxaElsOVRFVng1ZXVCOAotPiBwaXYtcDI1
NiBySnMxSEEgQW84SzR0Z1NEeEhqcVBuakw2UXVSNnQ0NzB6UVVHdlROVHRJdWFV
N3k1eloKd1g5ajRNL3FTaWVvYThNcVQvZ05tTzd2dTljRkFHUFRwaWVha3VXZlJB
ZwotPiAib21MLWdyZWFzZSBOR1FzI2AgWQpodS9zT2sxRjBDdVlaNnUxczBlK3RP
SFFFMEZNNU9rZnBON2RtbWJBeHIxZ3Jvei84MEk0Ci0tLSAvZk8wV01yZVA3WWRV
Z2FkZUE5c280YzRVOVZ0UkhBTGh1Y2xzczRoWmx3ChgcsPLWQ02kHswc7FWFNkct
WvK6lt8GBlfp/GFfShsEKsvmOajnhRI2rcGJ/HrYhF8aiybmd+hPvniCCwKaf7p7
1pa0m8HlRaj0T9+nS0zc3bFaUEsCTkLA3QlBNrfbiPG7OBsCRVJGNpyIwF06j8+G
of048rxXg4S7waj/oC2F6/m/PpF6PJjwtdc=
-----END AGE ENCRYPTED FILE-----

15
secrets/hosts/orion/users-root-pw.age
View File

@ -1,15 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdGaStLdyA2T2Zp
MTZYUEx3Qnp2TE5rdGpvU2lnVU1ucy9XcmsxYjZFYXBrZVBQQTBnCkdyU0NxRGlS
cVhzSUNPeVhoeWJuRlA0N1QySHpVNTFOeFZhRWg1YkZaNnMKLT4gWDI1NTE5IGts
SW9WMVdqWTdjR2Y5ellmNDFLSjRRbkVaQkJYcE1OaDRueTRKUnl1Z1UKQ0F3RTRq
ckIxdWVrSmZtZmh4Z0cyd2ZSTWNCRWdvdlVoSjM4TzBZKzJBawotPiBwaXYtcDI1
NiBySnMxSEEgQW5IcjAwR09SbEpXeFdhV1NqaHJ3Vmt4ODRsWVNnaWNMcW1tWjQz
ZmN4YXMKenQ0Y0hjYmVwOWpXcHpzTkk4dHVRajdmUmEweUtGNTEzWEJpSm5zSjhx
ZwotPiBBeE9wVXhoLWdyZWFzZSBUU29cPjU3CkpTYmFtVUw1MFVoZUkvbnZ4dUxk
eUNMSjB3RnJwbEhWeUJMUHZCaGc3NXRHUThIWVgvK1VzZ21FV3hXNwotLS0gQzRM
dTBjR3VmR0l0dmhTWW1LSzRtV2VVV2w1K2ovOXhNcmZWRXFGRkV3RQqlv8HBlqO0
lrRz0tZ/hnlOmgYTrOBjHhzWOLZQk7bamvWAZ0W6EEk9+K+I6zuN/5igUbC7QXXp
ZLb/u4eIEJt6FKRGkRvGh9gFOJwfkkBgSAp+LG6/47X1t9wYgfCT3cWmie8zkcv8
yScx++bEVscLAsJit1XslWOEOOlP1yXFoeZ02oEVbZEFVefC
-----END AGE ENCRYPTED FILE-----

1
secrets/secrets.nix
View File

@ -1 +0,0 @@
import ./default.nix { agenix = true; }