feat(nix-hm): add initial integration of agenix
This commit is contained in:
parent
0ccb675a7f
commit
88749bbc68
230
flake.lock
230
flake.lock
@ -1,9 +1,57 @@
|
||||
{
|
||||
"nodes": {
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"agenix": "agenix_2",
|
||||
"crane": "crane",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709831932,
|
||||
"narHash": "sha256-WsP8rOFa/SqYNbVtYJ/l2mWWOgyDTJFbITMV8tv0biI=",
|
||||
"owner": "yaxitech",
|
||||
"repo": "ragenix",
|
||||
"rev": "06de099ef02840ec463419f12de73729d458e1eb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "yaxitech",
|
||||
"repo": "ragenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"agenix_2": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"home-manager": "home-manager",
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
],
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1707830867,
|
||||
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"bob": {
|
||||
"inputs": {
|
||||
"bob": "bob_2",
|
||||
"flake-utils": "flake-utils",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
@ -35,9 +83,53 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1708794349,
|
||||
"narHash": "sha256-jX+B1VGHT0ruHHL5RwS8L21R6miBn4B6s9iVyUJsJJY=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "2c94ff9a6fbeb9f3ea0107f28688edbe9c81deaa",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700795494,
|
||||
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lnl7",
|
||||
"ref": "master",
|
||||
"repo": "nix-darwin",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"emacs-overlay": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
@ -131,7 +223,7 @@
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705309234,
|
||||
@ -149,14 +241,14 @@
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"lastModified": 1705309234,
|
||||
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -167,7 +259,7 @@
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_3"
|
||||
"systems": "systems_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
@ -185,7 +277,25 @@
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"inputs": {
|
||||
"systems": "systems_4"
|
||||
"systems": "systems_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_5": {
|
||||
"inputs": {
|
||||
"systems": "systems_6"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705309234,
|
||||
@ -201,9 +311,9 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_5": {
|
||||
"flake-utils_6": {
|
||||
"inputs": {
|
||||
"systems": "systems_5"
|
||||
"systems": "systems_7"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701680307,
|
||||
@ -219,7 +329,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_6": {
|
||||
"flake-utils_7": {
|
||||
"locked": {
|
||||
"lastModified": 1659877975,
|
||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||
@ -234,9 +344,9 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_7": {
|
||||
"flake-utils_8": {
|
||||
"inputs": {
|
||||
"systems": "systems_6"
|
||||
"systems": "systems_8"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705309234,
|
||||
@ -309,6 +419,28 @@
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703113217,
|
||||
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
@ -330,7 +462,7 @@
|
||||
},
|
||||
"kanagawa-gtk": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_4",
|
||||
"flake-utils": "flake-utils_5",
|
||||
"kanagawa-gtk": "kanagawa-gtk_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
@ -382,7 +514,7 @@
|
||||
},
|
||||
"neovim-flake": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_5",
|
||||
"flake-utils": "flake-utils_6",
|
||||
"nixpkgs": [
|
||||
"neovim-nightly-overlay",
|
||||
"nixpkgs"
|
||||
@ -428,7 +560,7 @@
|
||||
},
|
||||
"nixgl": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_6",
|
||||
"flake-utils": "flake-utils_7",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
@ -526,10 +658,11 @@
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"bob": "bob",
|
||||
"emacs-overlay": "emacs-overlay",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"home-manager": "home-manager",
|
||||
"flake-utils": "flake-utils_4",
|
||||
"home-manager": "home-manager_2",
|
||||
"kanagawa-gtk": "kanagawa-gtk",
|
||||
"neovim-nightly-overlay": "neovim-nightly-overlay",
|
||||
"nixgl": "nixgl",
|
||||
@ -539,6 +672,31 @@
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"agenix",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1708740535,
|
||||
"narHash": "sha256-NCTw235XwSDbeTAtAwg/hOeNOgwYhVq7JjDdbkOgBeA=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "9b24383d77f598716fa0cbb8b48c97249f5ee1af",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rust-overlay_2": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"wezterm",
|
||||
@ -653,6 +811,36 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_7": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_8": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"waybar": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_2",
|
||||
@ -676,14 +864,14 @@
|
||||
},
|
||||
"wezterm": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_7",
|
||||
"flake-utils": "flake-utils_8",
|
||||
"freetype2": "freetype2",
|
||||
"harfbuzz": "harfbuzz",
|
||||
"libpng": "libpng",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-overlay": "rust-overlay",
|
||||
"rust-overlay": "rust-overlay_2",
|
||||
"zlib": "zlib"
|
||||
},
|
||||
"locked": {
|
||||
|
36
flake.nix
36
flake.nix
@ -27,6 +27,10 @@
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nixgl.url = "github:guibou/nixGL";
|
||||
agenix = {
|
||||
url = "github:yaxitech/ragenix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = inputs@{ self, home-manager, nixpkgs, ... }:
|
||||
@ -45,6 +49,7 @@
|
||||
};
|
||||
modules = [
|
||||
({
|
||||
imports = [ inputs.agenix.homeManagerModules.default ];
|
||||
nixpkgs.overlays = [
|
||||
inputs.neovim-nightly-overlay.overlay
|
||||
inputs.emacs-overlay.overlays.emacs
|
||||
@ -58,11 +63,10 @@
|
||||
wrapProgram $out/bin/lxappearance --prefix GDK_BACKEND : x11
|
||||
'';
|
||||
});
|
||||
opensnitch-ui = prev.opensnitch-ui.overrideAttrs
|
||||
(oldAttrs: {
|
||||
propagatedBuildInputs = oldAttrs.propagatedBuildInputs
|
||||
++ [ prev.python311Packages.qt-material ];
|
||||
});
|
||||
opensnitch-ui = prev.opensnitch-ui.overrideAttrs (oldAttrs: {
|
||||
propagatedBuildInputs = oldAttrs.propagatedBuildInputs
|
||||
++ [ prev.python311Packages.qt-material ];
|
||||
});
|
||||
})
|
||||
];
|
||||
home = {
|
||||
@ -74,5 +78,25 @@
|
||||
./config
|
||||
];
|
||||
};
|
||||
};
|
||||
} // inputs.flake-utils.lib.eachDefaultSystem (system:
|
||||
let
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
overlays = [ inputs.agenix.overlays.default ];
|
||||
};
|
||||
in {
|
||||
devShells.default = pkgs.mkShell {
|
||||
packages = with pkgs; [
|
||||
age
|
||||
age-plugin-yubikey
|
||||
pkgs.agenix
|
||||
nixos-rebuild
|
||||
pkgs.deploy-rs
|
||||
];
|
||||
shellHook = ''
|
||||
export RULES="$PWD/secrets/secrets.nix"
|
||||
nix eval --json --file ./.nixd.nix > .nixd.json
|
||||
'';
|
||||
};
|
||||
});
|
||||
}
|
||||
|
48
lib/default.nix
Normal file
48
lib/default.nix
Normal file
@ -0,0 +1,48 @@
|
||||
# Some of these functions were taken from https://github.com/NixOS/nixpkgs/blob/master/lib/
|
||||
{ lib ? (import <nixpkgs> { }).lib }:
|
||||
rec {
|
||||
hasSuffix =
|
||||
suffix:
|
||||
string:
|
||||
let
|
||||
lenSuffix = builtins.stringLength suffix;
|
||||
lenString = builtins.stringLength string;
|
||||
in
|
||||
(
|
||||
lenString >= lenSuffix && (builtins.substring (lenString - lenSuffix) lenString string) == suffix
|
||||
);
|
||||
recurseDir = dir:
|
||||
let
|
||||
dirContents = builtins.readDir dir;
|
||||
in
|
||||
(builtins.concatMap
|
||||
(dirItem:
|
||||
let
|
||||
itemType = builtins.getAttr dirItem dirContents;
|
||||
itemPath = dir + "/${dirItem}";
|
||||
in
|
||||
if itemType == "directory" then
|
||||
(recurseDir itemPath)
|
||||
else
|
||||
[ itemPath ])
|
||||
(builtins.attrNames dirContents));
|
||||
recurseFilesInDir = dir: suffix:
|
||||
(builtins.filter (file: hasSuffix "${suffix}" file) (recurseDir dir));
|
||||
recurseFilesInDirs = dirs: suffix:
|
||||
(builtins.concatMap (dir: (recurseFilesInDir dir "${suffix}")) dirs);
|
||||
# Full credit to https://stackoverflow.com/questions/54504685/nix-function-to-merge-attributes-records-recursively-and-concatenate-arrays/54505212#54505212
|
||||
recursiveMerge = attrList:
|
||||
let
|
||||
f = attrPath:
|
||||
lib.zipAttrsWith (n: values:
|
||||
if lib.tail values == [ ]
|
||||
then lib.head values
|
||||
else if lib.all builtins.isList values
|
||||
then lib.unique (lib.concatLists values)
|
||||
else if lib.all builtins.isAttrs values
|
||||
then f (attrPath ++ [ n ]) values
|
||||
else lib.last values
|
||||
);
|
||||
in
|
||||
f [ ] attrList;
|
||||
}
|
18
secrets/default.nix
Normal file
18
secrets/default.nix
Normal file
@ -0,0 +1,18 @@
|
||||
{ agenix ? true, lib ? import ../lib { } }:
|
||||
let
|
||||
keys = [
|
||||
"age1yubikey1qfnj0k4mkzrn8ef5llwh2sv6hd7ckr0qml3n9hzdpz9c59ypvryhyst87k0"
|
||||
"age1ur2lr3z6d2eftgxcalc6s5x9840ew9x43upl9k23wg0ugacrn5as4zl6sj"
|
||||
];
|
||||
secrets = let dir = "files";
|
||||
in {
|
||||
};
|
||||
in if agenix then
|
||||
(builtins.listToAttrs (builtins.concatMap (secretName: [{
|
||||
name = builtins.toString secretName;
|
||||
value.publicKeys = keys;
|
||||
}]) (builtins.attrNames secrets)))
|
||||
else
|
||||
(lib.recursiveMerge (builtins.map (secretName: {
|
||||
age.secrets.${secretName}.file = ./${secrets.${secretName}};
|
||||
}) (builtins.attrNames secrets)))
|
1
secrets/secrets.nix
Normal file
1
secrets/secrets.nix
Normal file
@ -0,0 +1 @@
|
||||
import ./default.nix { agenix = true; }
|
Loading…
Reference in New Issue
Block a user