Compare commits

...

2 commits

Author SHA1 Message Date
Ingolf Wagner
acaead0f81
🚧 working with everything defined here and secrets is not a flake, just a folder
Some checks failed
Build all NixOS Configurations / nix build (push) Failing after 50s
2025-06-14 01:08:28 +02:00
Ingolf Wagner
1fe658d7d7
🚧 working agenix setup with separate repository 2025-06-14 00:30:03 +02:00
7 changed files with 188 additions and 44 deletions

196
flake.lock generated
View file

@ -1,5 +1,26 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1747575206,
"narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
"owner": "ryantm",
"repo": "agenix",
"rev": "4835b1dc898959d8547a871ef484930675cb47f1",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"base16": {
"inputs": {
"fromYaml": "fromYaml"
@ -81,7 +102,7 @@
"nixpkgs"
],
"sops-nix": "sops-nix",
"systems": "systems",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
},
"locked": {
@ -104,7 +125,7 @@
"clan-core"
],
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1739428569,
@ -120,6 +141,28 @@
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"data-mesher": {
"inputs": {
"flake-parts": [
@ -153,7 +196,7 @@
},
"devshell": {
"inputs": {
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1741473158,
@ -192,7 +235,7 @@
},
"devshell_3": {
"inputs": {
"nixpkgs": "nixpkgs_10"
"nixpkgs": "nixpkgs_11"
},
"locked": {
"lastModified": 1735644329,
@ -485,7 +528,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
"systems": "systems_3"
},
"locked": {
"lastModified": 1726560853,
@ -533,7 +576,7 @@
},
"flake-utils_5": {
"inputs": {
"systems": "systems_4"
"systems": "systems_5"
},
"locked": {
"lastModified": 1694529238,
@ -677,15 +720,16 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1749657191,
"narHash": "sha256-QLilaHuhGxiwhgceDWESj9gFcKIdEp7+9lRqNGpN8S4=",
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "faeab32528a9360e9577ff4082de2d35c6bbe1ce",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
@ -714,10 +758,30 @@
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1749657191,
"narHash": "sha256-QLilaHuhGxiwhgceDWESj9gFcKIdEp7+9lRqNGpN8S4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "faeab32528a9360e9577ff4082de2d35c6bbe1ce",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"landingpage": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1709213960,
@ -814,7 +878,7 @@
"nixgl": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1713543440,
@ -837,7 +901,7 @@
"nix-vm-test": "nix-vm-test",
"nixos-images": "nixos-images",
"nixos-stable": "nixos-stable",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"treefmt-nix": "treefmt-nix_3"
},
"locked": {
@ -927,11 +991,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1717196966,
"narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
"lastModified": 1745391562,
"narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
"rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
"type": "github"
},
"original": {
@ -1036,6 +1100,22 @@
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1749143949,
"narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1722073938,
"narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=",
@ -1052,6 +1132,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1717196966,
"narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1722073938,
"narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=",
@ -1067,7 +1163,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1645527175,
"narHash": "sha256-WeewqaO48sCctiN+iwgZZEJRU29Si7vHHoLCINAvuk8=",
@ -1082,7 +1178,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1660551188,
"narHash": "sha256-a1LARMMYQ8DPx1BgoI/UN4bXe12hhZkCNqdxNi6uS0g=",
@ -1097,7 +1193,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1749201760,
"narHash": "sha256-LEZbj+VD/AR/dWL5ns1gMwzMvp4mLlv4WalxmZTKy5Y=",
@ -1113,7 +1209,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1749558678,
"narHash": "sha256-DUVAe8E2X2QM0dAnTGlTiqemMqUMMyIeCH7UeNo0g64=",
@ -1129,7 +1225,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1632855891,
"narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=",
@ -1143,7 +1239,7 @@
"type": "indirect"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1749411262,
"narHash": "sha256-gRBkeW9l5lb/90lv1waQFNT+18OhITs11HENarh6vNo=",
@ -1159,22 +1255,6 @@
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1749143949,
"narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": [
@ -1224,7 +1304,7 @@
"polygon-art": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_7"
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1688766095,
@ -1292,23 +1372,25 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"clan-core": "clan-core",
"clan-fact-generators": "clan-fact-generators",
"devshell": "devshell",
"flake-parts": "flake-parts_2",
"healthchecks": "healthchecks",
"home-manager": "home-manager",
"home-manager": "home-manager_2",
"home-manager-utils": "home-manager-utils",
"landingpage": "landingpage",
"nix-topology": "nix-topology",
"nixgl": "nixgl",
"nixos-anywhere": "nixos-anywhere",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"nixpkgs-unstable-small": "nixpkgs-unstable-small",
"permown": "permown",
"polygon-art": "polygon-art",
"private-parts": "private-parts",
"secrets": "secrets",
"share-http": "share-http",
"srvos": "srvos",
"stylix": "stylix",
@ -1317,6 +1399,19 @@
"treefmt-nix": "treefmt-nix_9"
}
},
"secrets": {
"flake": false,
"locked": {
"lastModified": 1749855716,
"narHash": "sha256-evIY+zvJk9N8Z9PWFswq/9gsgrPONAC8S77PjgzcZbY=",
"path": "/home/palo/dev/nixos/secrets",
"type": "path"
},
"original": {
"path": "/home/palo/dev/nixos/secrets",
"type": "path"
}
},
"share-http": {
"inputs": {
"flake-parts": "flake-parts_6",
@ -1363,7 +1458,7 @@
},
"srvos": {
"inputs": {
"nixpkgs": "nixpkgs_8"
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1749431367,
@ -1397,7 +1492,7 @@
"nixpkgs"
],
"nur": "nur",
"systems": "systems_3",
"systems": "systems_4",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
@ -1478,6 +1573,21 @@
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"taskshell": {
"inputs": {
"flake-utils": "flake-utils_5",
@ -1503,7 +1613,7 @@
"taskwarrior": {
"inputs": {
"flake-parts": "flake-parts_8",
"nixpkgs": "nixpkgs_9",
"nixpkgs": "nixpkgs_10",
"taskshell": "taskshell",
"treefmt-nix": "treefmt-nix_7"
},

View file

@ -53,10 +53,17 @@
# inputs.nixpkgs.follows = "nixpkgs";
#};
agenix.url = "github:ryantm/agenix";
secrets.url = "path:///home/palo/dev/nixos/secrets";
secrets.flake = false;
};
outputs =
inputs@{
agenix,
secrets,
clan-core,
clan-fact-generators,
devshell,
@ -469,6 +476,8 @@
private-parts.nixosModules.cherry
homeManagerModules
stylixModules
agenix.nixosModules.default
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;

View file

@ -22,6 +22,8 @@
./ssh-chungus.nix
./ssh-cherry.nix
./service-attic.nix
./ferdium.nix
./nix-ld.nix

View file

@ -0,0 +1,13 @@
{ config, inputs, ... }:
{
services.atticd = {
enable = true;
environmentFile = config.age.secrets.attic_env.path;
};
age.secrets.attic_env.file = "${inputs.secrets}/cherry_attic_server_token.age";
age.secrets.attic_env.owner = config.services.atticd.user;
age.secrets.attic_env.group = config.services.atticd.group;
age.secrets.attic_env.path = "/etc/attic/attic_env";
}

View file

@ -45,7 +45,6 @@
./service-atuin.nix
./service-forgejo.nix
./service-cups.nix
# ./service-paperless-backup.nix
# ./service-paperless-tika.nix

View file

@ -23,6 +23,7 @@
packages = [
inputs.clan-core.packages.${system}.clan-cli
inputs.agenix.packages.${system}.default
];
};
};

10
secrets.nix Normal file
View file

@ -0,0 +1,10 @@
let
palo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILE1jxUxvujFaj8kSjwJuNVRUinNuHsGeXUGVG6/lA1O";
users = [ palo ];
cherry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlU4UCMW/1l72JdjuRrDnMneAZksrz5SOSIAr4AV1Tp";
systems = [ cherry ];
in
{
"../secrets/cherry_attic_server_token.age".publicKeys = users ++ [ cherry ];
}