diff --git a/flake.lock b/flake.lock index 61ccb17..3bfa6c7 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "agenix-flake": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "owner": "ryantm", + "repo": "agenix", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "cachix": { "inputs": { "devenv": [ @@ -14,7 +35,7 @@ "teslamate-flake", "devenv" ], - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1728672398, @@ -31,13 +52,35 @@ "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix-flake", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "devenv": { "inputs": { "cachix": "cachix", "flake-compat": "flake-compat", "git-hooks": "git-hooks", "nix": "nix", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1732298876, @@ -182,15 +225,36 @@ "home-manager": { "inputs": { "nixpkgs": [ + "agenix-flake", "nixpkgs" ] }, "locked": { - "lastModified": 1732319136, - "narHash": "sha256-wpmPl6FkAF9Jj5C/rzANgpUjfzQrUYOn267LnzKU2uI=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "f8831cc700030e11fc91da9ef6270593e6440edc", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733482664, + "narHash": "sha256-ZD+h1fwvZs+Xvg46lzTWveAqyDe18h9m7wZnTIJfFZ4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "e38d3dd1d355a003cc63e8fe6ff66ef2257509ed", "type": "github" }, "original": { @@ -236,7 +300,7 @@ ], "flake-parts": "flake-parts", "libgit2": "libgit2", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-23-11": [ "teslamate-flake", "devenv" @@ -267,11 +331,11 @@ }, "nixos-unstable": { "locked": { - "lastModified": 1732377093, - "narHash": "sha256-vJ7axNT6AOtzH2B+nDvObibKuzPImIgYjumk2uG9PyE=", + "lastModified": 1733505731, + "narHash": "sha256-B3jYxAIMhBdH5ayiSVoXsi4zvInRbZB5eEUac5mboUQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9c4b9f2f99ea64aeb0dd466e2974bf8aa240a117", + "rev": "f145dbde156efee66276502a2ecbfd60ed81c18d", "type": "github" }, "original": { @@ -283,11 +347,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732377064, - "narHash": "sha256-d7iJuzyWeeFYP1HTsS/jMmyD4X2dfi02uKWcju6AaJU=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e10d3ce766fc170730ceaeb5a913ebb3bd70f840", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1733506536, + "narHash": "sha256-hmTCczt4tDKyKNtm0UOp78oHSDnJU3qZHX80KEEu1lI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "260a02d2ee673c2e4a4cfe8bc6c78ce8ea39c08c", "type": "github" }, "original": { @@ -297,7 +377,7 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs_3": { "locked": { "lastModified": 1730531603, "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", @@ -313,7 +393,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1717432640, "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", @@ -329,7 +409,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1716977621, "narHash": "sha256-Q1UQzYcMJH4RscmpTkjlgqQDX5yi1tZL0O345Ri6vXQ=", @@ -345,7 +425,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1732014248, "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", @@ -384,10 +464,11 @@ }, "root": { "inputs": { - "home-manager": "home-manager", + "agenix-flake": "agenix-flake", + "home-manager": "home-manager_2", "local-unstable": "local-unstable", "nixos-unstable": "nixos-unstable", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nvidia-patch": "nvidia-patch", "teslamate-flake": "teslamate-flake" } @@ -407,12 +488,27 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "teslamate-flake": { "inputs": { "devenv": "devenv", "devenv-root": "devenv-root", "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -453,7 +549,7 @@ }, "utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1710146030, diff --git a/flake.nix b/flake.nix index a21358e..283b7f8 100644 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,7 @@ nixos-unstable.url = "github:NixOS/nixpkgs/master"; local-unstable.url = "path:///home/giulio/dev/nixpkgs"; teslamate-flake.url = "github:teslamate-org/teslamate/v1.32.0"; + agenix-flake.url = "github:ryantm/agenix"; home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; @@ -14,7 +15,7 @@ }; }; - outputs = { self, nixpkgs, nixos-unstable, local-unstable, home-manager, teslamate-flake, nvidia-patch }: + outputs = { self, nixpkgs, nixos-unstable, local-unstable, home-manager, teslamate-flake, nvidia-patch, agenix-flake }: let sysLinuxX64 = "x86_64-linux"; sysDarwin = "aarch64-darwin"; @@ -50,10 +51,16 @@ overlays = extOverlays; }; + agenixPkgs = import agenix-flake { + inherit system config; + overlays = extOverlays; + }; + overlays = [ (final: prev: { inherit unstablePkgs; }) (final: prev: { inherit localPkgs; }) (final: prev: { inherit teslamatePkgs; }) + (final: prev: { inherit agenixPkgs; }) ] ++ extOverlays; }; @@ -91,6 +98,7 @@ }]; imports = [ teslamate-flake.nixosModules.default + agenix-flake.nixosModules.default ]; }; }; diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix index 134e702..8ba7495 100644 --- a/hosts/architect/default.nix +++ b/hosts/architect/default.nix @@ -42,6 +42,8 @@ in ./postgres.nix ]; + age.identityPaths = [ "/root/.ssh/id_ed25519" ]; + architect = { networks.lan = { interface = "enp6s0"; diff --git a/secrets/matrix-synapse.age b/secrets/matrix-synapse.age new file mode 100644 index 0000000..ecfde61 --- /dev/null +++ b/secrets/matrix-synapse.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 7eGqHw GXtk20+d3LLJB30kQokGRPRa56fmb+lX9YDvIYBQwHg +Us0v7drXPZXBdfhPFjnnHj31r2eKBZ7UytSHggFxf1E +--- pXsX3lmuff2Zc4FDBZCBBL4nwBvVZowjc7kgQTjr9oA +S/ڱ.*l,Lg(c[X7x~+ltrdnء aw0O8g78dOīz@OD}5' fټM휶uoCʐW ׻=b؟KpΊkoz׍ZH&voҵ=z ; \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..7f2a253 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,8 @@ +let + pubkeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICu7rSsZ+d3BkppimNHJj8xL5jfl5RxMU0+Q5cue0LUu root@architect" + ]; +in +{ + "secrets/matrix-synapse.age".publicKeys = pubkeys; +}