bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Baldur update + secrets setup

Browse source
This commit is contained in:
Filippo Berto 2022-12-19 23:14:11 +01:00
parent 351538a33d
commit e5675984bb
Signed by: bertof
GPG key ID: 9DBF7E6A1D2CE9ED
6 changed files with 51 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

21
flake.lock generated
View file

@ -1,5 +1,25 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1665870395,
"narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
"owner": "ryantm",
"repo": "agenix",
"rev": "a630400067c6d03c9b3e0455347dc8559db14288",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@ -287,6 +307,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",

17
flake.nix
View file

@ -4,14 +4,9 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/release-22.11"; nixpkgs.url = "github:NixOS/nixpkgs/release-22.11";
nixpkgs-u.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-u.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = { home-manager = { url = "github:nix-community/home-manager/release-22.05"; inputs.nixpkgs.follows = "nixpkgs"; };
url = "github:nix-community/home-manager/release-22.05";
inputs.nixpkgs.follows = "nixpkgs"; agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; };
};
# home-manager-u = {
# url = "github:nix-community/home-manager";
# inputs.nixpkgs.follows = "nixpkgs-u";
# };
deploy-rs = { url = "github:serokell/deploy-rs"; inputs = { nixpkgs.follows = "nixpkgs"; }; }; deploy-rs = { url = "github:serokell/deploy-rs"; inputs = { nixpkgs.follows = "nixpkgs"; }; };
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
nixos-generators = { url = "github:nix-community/nixos-generators"; inputs = { nixpkgs.follows = "nixpkgs"; }; }; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs = { nixpkgs.follows = "nixpkgs"; }; };
@ -25,13 +20,13 @@
, nixpkgs , nixpkgs
, nixpkgs-u , nixpkgs-u
, home-manager , home-manager
, agenix
, deploy-rs , deploy-rs
, flake-utils , flake-utils
, nixos-generators , nixos-generators
, nixos-hardware , nixos-hardware
, nix-rice , nix-rice
, pre-commit-hooks , pre-commit-hooks
, ...
}: }:
let let
config = { config = {
@ -116,6 +111,10 @@
# Home manager configuration # Home manager configuration
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ home-manager = { useGlobalPkgs = true; useUserPackages = true; }; } { home-manager = { useGlobalPkgs = true; useUserPackages = true; }; }
agenix.nixosModule
{
# age.secrets.oauth_proxy_client_credentials.file = ./secrets/oauth_proxy_client_credentials.age;
}
./nixos_modules/bertof_user.nix ./nixos_modules/bertof_user.nix
./nixos_modules/distributed.nix ./nixos_modules/distributed.nix

1
nixos_modules/bertof_user.nix
View file

@ -6,6 +6,7 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhxOjo9Ac9hVd3eOR56F6sClUMUh1m7VpcmzA18dslj bertof@odin" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhxOjo9Ac9hVd3eOR56F6sClUMUh1m7VpcmzA18dslj bertof@odin"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mcf8fbMo1eXqSJeVFWaweB+JOU+67dFuf8laZKZZG bertof@thor" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mcf8fbMo1eXqSJeVFWaweB+JOU+67dFuf8laZKZZG bertof@thor"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbG791lSOl8Rqoy+KkdKiOJnOMRg02+HZ/VrlrWMYAX bertof@baldur" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbG791lSOl8Rqoy+KkdKiOJnOMRg02+HZ/VrlrWMYAX bertof@baldur"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPbbgBCzRsIO6giIVCgTUMgBCrexgvHmq8pis5A4ievH bertof@loki"
]; ];
}; };
} }

26
nixos_modules/extended_registry.nix
View file

@ -1,26 +1,16 @@
{ {
nix.registry = { nix.registry = {
agenix = {
from = { id = "agenix"; type = "indirect"; };
to = { type = "github"; owner = "ryantm"; repo = "agenix"; };
};
my-templates = { my-templates = {
from = { from = { id = "my-templates"; type = "indirect"; };
id = "my-templates"; to = { type = "github"; owner = "bertof"; repo = "flake-templates"; };
type = "indirect";
};
to = {
type = "github";
owner = "bertof";
repo = "flake-templates";
};
}; };
tex2nix = { tex2nix = {
from = { from = { id = "tex2nix"; type = "indirect"; };
id = "tex2nix"; to = { type = "github"; owner = "Mic92"; repo = "tex2nix"; };
type = "indirect";
};
to = {
type = "github";
owner = "Mic92";
repo = "tex2nix";
};
}; };
}; };
} }

1
nixos_modules/installer.nix
View file

@ -7,7 +7,6 @@
}; };
users.users.root = { users.users.root = {
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W bertof@odin" # OLD
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhxOjo9Ac9hVd3eOR56F6sClUMUh1m7VpcmzA18dslj bertof@odin" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhxOjo9Ac9hVd3eOR56F6sClUMUh1m7VpcmzA18dslj bertof@odin"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mcf8fbMo1eXqSJeVFWaweB+JOU+67dFuf8laZKZZG bertof@thor" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mcf8fbMo1eXqSJeVFWaweB+JOU+67dFuf8laZKZZG bertof@thor"
]; ];

13
secrets/secrets.nix Normal file
View file

@ -0,0 +1,13 @@
# let
# bertof_odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhxOjo9Ac9hVd3eOR56F6sClUMUh1m7VpcmzA18dslj";
# bertof_thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mcf8fbMo1eXqSJeVFWaweB+JOU+67dFuf8laZKZZG";
# bertof_baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbG791lSOl8Rqoy+KkdKiOJnOMRg02+HZ/VrlrWMYAX";
# users = [ bertof_odin bertof_thor bertof_baldur ];
# baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9G8I75gOfB1QJhZU9z+UaYovWq05OfK2FVKtCb8Xxh";
# thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbMiGx/QZ/RKgad3UNyEzgLfqRU0zBo8n0AU3s244Zw";
# systems = [ thor baldur ];
# in
{
# # "oauth_proxy_client_credentials.age".publicKeys = users ++ systems;
}