peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat(secrets): add initial secrets.nix configuration

Browse Source
This commit is contained in:
Giulio De Pasquale 2024-12-06 20:49:18 +00:00
parent 8fbd2cc84a
commit 9b1cef61f2
5 changed files with 140 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
flake.lock generated
View File

@ -1,5 +1,26 @@
{
"nodes": {
"agenix-flake": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"cachix": {
"inputs": {
"devenv": [
@ -14,7 +35,7 @@
"teslamate-flake",
"devenv"
],
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1728672398,
@ -31,13 +52,35 @@
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix-flake",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"devenv": {
"inputs": {
"cachix": "cachix",
"flake-compat": "flake-compat",
"git-hooks": "git-hooks",
"nix": "nix",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1732298876,
@ -182,15 +225,36 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix-flake",
"nixpkgs"
]
},
"locked": {
"lastModified": 1732319136,
"narHash": "sha256-wpmPl6FkAF9Jj5C/rzANgpUjfzQrUYOn267LnzKU2uI=",
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f8831cc700030e11fc91da9ef6270593e6440edc",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1733482664,
"narHash": "sha256-ZD+h1fwvZs+Xvg46lzTWveAqyDe18h9m7wZnTIJfFZ4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e38d3dd1d355a003cc63e8fe6ff66ef2257509ed",
"type": "github"
},
"original": {
@ -236,7 +300,7 @@
],
"flake-parts": "flake-parts",
"libgit2": "libgit2",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"nixpkgs-23-11": [
"teslamate-flake",
"devenv"
@ -267,11 +331,11 @@
},
"nixos-unstable": {
"locked": {
"lastModified": 1732377093,
"narHash": "sha256-vJ7axNT6AOtzH2B+nDvObibKuzPImIgYjumk2uG9PyE=",
"lastModified": 1733505731,
"narHash": "sha256-B3jYxAIMhBdH5ayiSVoXsi4zvInRbZB5eEUac5mboUQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9c4b9f2f99ea64aeb0dd466e2974bf8aa240a117",
"rev": "f145dbde156efee66276502a2ecbfd60ed81c18d",
"type": "github"
},
"original": {
@ -283,11 +347,27 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1732377064,
"narHash": "sha256-d7iJuzyWeeFYP1HTsS/jMmyD4X2dfi02uKWcju6AaJU=",
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e10d3ce766fc170730ceaeb5a913ebb3bd70f840",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1733506536,
"narHash": "sha256-hmTCczt4tDKyKNtm0UOp78oHSDnJU3qZHX80KEEu1lI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "260a02d2ee673c2e4a4cfe8bc6c78ce8ea39c08c",
"type": "github"
},
"original": {
@ -297,7 +377,7 @@
"type": "github"
}
},
"nixpkgs_2": {
"nixpkgs_3": {
"locked": {
"lastModified": 1730531603,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
@ -313,7 +393,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1717432640,
"narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
@ -329,7 +409,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1716977621,
"narHash": "sha256-Q1UQzYcMJH4RscmpTkjlgqQDX5yi1tZL0O345Ri6vXQ=",
@ -345,7 +425,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1732014248,
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
@ -384,10 +464,11 @@
},
"root": {
"inputs": {
"home-manager": "home-manager",
"agenix-flake": "agenix-flake",
"home-manager": "home-manager_2",
"local-unstable": "local-unstable",
"nixos-unstable": "nixos-unstable",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"nvidia-patch": "nvidia-patch",
"teslamate-flake": "teslamate-flake"
}
@ -407,12 +488,27 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"teslamate-flake": {
"inputs": {
"devenv": "devenv",
"devenv-root": "devenv-root",
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"treefmt-nix": "treefmt-nix"
},
"locked": {
@ -453,7 +549,7 @@
},
"utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,

10
flake.nix
View File

@ -4,6 +4,7 @@
nixos-unstable.url = "github:NixOS/nixpkgs/master";
local-unstable.url = "path:///home/giulio/dev/nixpkgs";
teslamate-flake.url = "github:teslamate-org/teslamate/v1.32.0";
agenix-flake.url = "github:ryantm/agenix";
home-manager = {
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
@ -14,7 +15,7 @@
};
};
outputs = { self, nixpkgs, nixos-unstable, local-unstable, home-manager, teslamate-flake, nvidia-patch }:
outputs = { self, nixpkgs, nixos-unstable, local-unstable, home-manager, teslamate-flake, nvidia-patch, agenix-flake }:
let
sysLinuxX64 = "x86_64-linux";
sysDarwin = "aarch64-darwin";
@ -50,10 +51,16 @@
overlays = extOverlays;
};
agenixPkgs = import agenix-flake {
inherit system config;
overlays = extOverlays;
};
overlays = [
(final: prev: { inherit unstablePkgs; })
(final: prev: { inherit localPkgs; })
(final: prev: { inherit teslamatePkgs; })
(final: prev: { inherit agenixPkgs; })
] ++ extOverlays;
};
@ -91,6 +98,7 @@
}];
imports = [
teslamate-flake.nixosModules.default
agenix-flake.nixosModules.default
];
};
};

2
hosts/architect/default.nix
View File

@ -42,6 +42,8 @@ in
./postgres.nix
];
age.identityPaths = [ "/root/.ssh/id_ed25519" ];
architect = {
networks.lan = {
interface = "enp6s0";

5
secrets/matrix-synapse.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 7eGqHw GXtk20+d3LLJB30kQokGRPRa56fmb+lX9YDvIYBQwHg
Us0v7drXPZXBdfhPFjnnHj31r2eKBZ7UytSHggFxf1E
--- pXsX3lmuff2Zc4FDBZCBBL4nwBvVZowjc7kgQTjr9oA
S/íÚ±®.*Àl,ÉïLg©(ÙÖc<C396><63>X7xµ³~+ltrdnØ¡¥À åaw—Á°½0Œ¹ÜO8ðœû±«g•¶ô7ãâÿÊú8­dO ˜ôøñàÄ«z@ŠOîD}ö5'¸ fÙ¼ÚM휶uo«Cƒ˜Ê<E2809A>ÄWÅ›ã ×»þ=bóÉØŸK¿pþΊkµëoôŠµz×<7A>ZHˆ&è¢vo¢Òµí¤=z¾”€êŽ ;˜µÍ

8
secrets/secrets.nix Normal file
View File

@ -0,0 +1,8 @@
let
pubkeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICu7rSsZ+d3BkppimNHJj8xL5jfl5RxMU0+Q5cue0LUu root@architect"
];
in
{
"secrets/matrix-synapse.age".publicKeys = pubkeys;
}