From fa284555344e440c56265f34976d7aa2ba33af49 Mon Sep 17 00:00:00 2001 From: EinEtwas Date: Sat, 2 Nov 2024 12:09:14 +0100 Subject: [PATCH] feat: move some things to a private flake, finally :D --- flake.lock | 151 ++++++++++++++++++++++++++++++++--- flake.nix | 7 +- home/default.nix | 1 + home/essentials/git.nix | 7 -- home/essentials/ssh.nix | 46 ----------- modules/utils/agenix.nix | 53 ------------ modules/utils/default.nix | 1 - secrets/1bvps.age | 8 -- secrets/fbda_wg_priv_key.age | Bin 257 -> 0 bytes secrets/fbda_wg_psk.age | Bin 257 -> 0 bytes secrets/gcd_etwas.age | Bin 623 -> 0 bytes secrets/gh_argstr.age | Bin 339 -> 0 bytes secrets/gh_token.age | Bin 306 -> 0 bytes secrets/glrwth_token.age | Bin 623 -> 0 bytes secrets/secrets.nix | 14 ---- secrets/sign_etwas.age | Bin 623 -> 0 bytes 16 files changed, 149 insertions(+), 139 deletions(-) delete mode 100644 modules/utils/agenix.nix delete mode 100644 secrets/1bvps.age delete mode 100644 secrets/fbda_wg_priv_key.age delete mode 100644 secrets/fbda_wg_psk.age delete mode 100644 secrets/gcd_etwas.age delete mode 100644 secrets/gh_argstr.age delete mode 100644 secrets/gh_token.age delete mode 100644 secrets/glrwth_token.age delete mode 100644 secrets/secrets.nix delete mode 100644 secrets/sign_etwas.age diff --git a/flake.lock b/flake.lock index 97c790d..f7476a6 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,27 @@ "type": "github" } }, + "agenix_2": { + "inputs": { + "darwin": "darwin_2", + "home-manager": "home-manager_3", + "nixpkgs": "nixpkgs_3", + "systems": "systems_3" + }, + "locked": { + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "owner": "ryantm", + "repo": "agenix", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "catppuccin": { "locked": { "lastModified": 1730458408, @@ -58,6 +79,29 @@ "type": "github" } }, + "darwin_2": { + "inputs": { + "nixpkgs": [ + "private-config", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -135,11 +179,33 @@ ] }, "locked": { - "lastModified": 1730450782, - "narHash": "sha256-0AfApF8aexgB6o34qqLW2cCX4LaWJajBVdU6ddiWZBM=", + "lastModified": 1730490306, + "narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=", "owner": "nix-community", "repo": "home-manager", - "rev": "8ca921e5a806b5b6171add542defe7bdac79d189", + "rev": "1743615b61c7285976f85b303a36cdf88a556503", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "private-config", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "type": "github" }, "original": { @@ -205,11 +271,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730368399, - "narHash": "sha256-F8vJtG389i9fp3k2/UDYHMed3PLCJYfxCqwiVP7b9ig=", + "lastModified": 1730537918, + "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "da14839ac5f38ee6adbdb4e6db09b5eef6d6ccdc", + "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560", "type": "github" }, "original": { @@ -251,6 +317,57 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1730200266, + "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "private-config": { + "inputs": { + "agenix": "agenix_2", + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1730545394, + "narHash": "sha256-0W9hg1ceZlUN4lYbJBZjMj5STjqbduh/3Ii992R+N3c=", + "ref": "refs/heads/main", + "rev": "c21ab83a4fa707424323371eac5a5cf718cdbe60", + "revCount": 8, + "type": "git", + "url": "ssh://git@git.catgirl.dog/etwas/private-nix-configs" + }, + "original": { + "type": "git", + "url": "ssh://git@git.catgirl.dog/etwas/private-nix-configs" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -260,6 +377,7 @@ "nix-index-database": "nix-index-database", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", + "private-config": "private-config", "spicetify-nix": "spicetify-nix" } }, @@ -271,11 +389,11 @@ ] }, "locked": { - "lastModified": 1730434620, - "narHash": "sha256-TRMTZ9nAU31tGTPQpf4ylUYDW+JfpYFbBQrZYf1/xj4=", + "lastModified": 1730521028, + "narHash": "sha256-vZtg4J+jOADDKgS+s821PeJiTXfawan8mzX3JM3xjqc=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "defcdbfdf0890df65685e25e8920d68035cb7720", + "rev": "191323d81e19efa0be5071e17263851e62f35685", "type": "github" }, "original": { @@ -313,6 +431,21 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 417f42e..2f09634 100644 --- a/flake.nix +++ b/flake.nix @@ -30,6 +30,9 @@ url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # public in nix store, but not here :3< + private-config.url = "git+ssh://git@git.catgirl.dog/etwas/private-nix-configs"; }; outputs = @@ -41,6 +44,7 @@ spicetify-nix, nix-index-database, lix-module, + private-config, ... }@inputs: { @@ -49,6 +53,7 @@ inherit inputs; inherit spicetify-nix; inherit agenix; + inherit private-config; }; system = "x86_64-linux"; @@ -58,7 +63,7 @@ nixos-hardware.nixosModules.framework-13-7040-amd lix-module.nixosModules.default nix-index-database.nixosModules.nix-index - agenix.nixosModules.default + private-config.nixosModules.default ./modules ./home ]; diff --git a/home/default.nix b/home/default.nix index 0ace438..9e06f7b 100644 --- a/home/default.nix +++ b/home/default.nix @@ -42,6 +42,7 @@ inputs.spicetify-nix.homeManagerModules.default inputs.nix-index-database.hmModules.nix-index inputs.agenix.homeManagerModules.age + inputs.private-config.homeManagerModules.default ] ++ [ ./essentials diff --git a/home/essentials/git.nix b/home/essentials/git.nix index a974d91..e23bc4c 100644 --- a/home/essentials/git.nix +++ b/home/essentials/git.nix @@ -1,19 +1,12 @@ { programs.git = { enable = true; - userName = "EinEtwas"; - userEmail = "ein@etwas.me"; extraConfig = { push.autoSetupRemote = true; init.defaultBranch = "main"; pull.rebase = true; - - # Sign all commits using ssh key - commit.gpgsign = true; - gpg.format = "ssh"; - user.signingkey = "/home/rhea/.ssh/etwas_sign_key"; }; delta.catppuccin.enable = true; diff --git a/home/essentials/ssh.nix b/home/essentials/ssh.nix index 3e6d680..929cc51 100644 --- a/home/essentials/ssh.nix +++ b/home/essentials/ssh.nix @@ -1,51 +1,5 @@ { programs.ssh = { enable = true; - - matchBlocks = { - "1bvps" = { - host = "1bvps"; - hostname = "178.254.43.196"; - identityFile = [ "/home/rhea/.ssh/id_1bvps" ]; - }; - - "1bvps-ip" = { - host = "178.254.43.196"; - hostname = "178.254.43.196"; - identityFile = [ "/home/rhea/.ssh/id_1bvps" ]; - }; - - "gcd-etwas" = { - host = "gcd-etwas"; - hostname = "git.catgirl.dog"; - identityFile = [ "/home/rhea/.ssh/id_gcd_etwas" ]; - user = "git"; - port = 222; - }; - - "gcd-etwas-fullurl" = { - host = "git.catgirl.dog"; - hostname = "git.catgirl.dog"; - identityFile = [ "/home/rhea/.ssh/id_gcd_etwas" ]; - user = "git"; - port = 222; - }; - - "gh-etwas" = { - host = "github.com"; - hostname = "github.com"; - identityFile = [ "/home/rhea/.ssh/id_gh_etwas" ]; - user = "git"; - port = 22; - }; - - "glrwth-tuda" = { - host = "git.rwth-aachen.de"; - hostname = "git.rwth-aachen.de"; - identityFile = [ "/home/rhea/.ssh/id_glrwth_tuda" ]; - user = "git"; - port = 22; - }; - }; }; } diff --git a/modules/utils/agenix.nix b/modules/utils/agenix.nix deleted file mode 100644 index fb2a7a5..0000000 --- a/modules/utils/agenix.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ config, ... }: -{ - # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey - age = { - identityPaths = [ "/var/lib/persistent/host_id_ed25519" ]; - - secrets = { - access-tokens-github.file = ../../secrets/gh_argstr.age; - - fbda-wg-privkey.file = ../../secrets/fbda_wg_priv_key.age; - fbda-wg-psk.file = ../../secrets/fbda_wg_psk.age; - - obvps-id = { - file = ../../secrets/1bvps.age; - path = "/home/rhea/.ssh/id_1bvps"; - owner = "rhea"; - symlink = false; - }; - - gh_etwas = { - file = ../../secrets/gh_token.age; - path = "/home/rhea/.ssh/id_gh_etwas"; - owner = "rhea"; - symlink = false; - }; - - gcd_etwas = { - file = ../../secrets/gcd_etwas.age; - path = "/home/rhea/.ssh/id_gcd_etwas"; - owner = "rhea"; - symlink = false; - }; - - glrwth_tuda = { - file = ../../secrets/glrwth_token.age; - path = "/home/rhea/.ssh/id_glrwth_tuda"; - owner = "rhea"; - symlink = false; - }; - - etwas_sign_key = { - file = ../../secrets/sign_etwas.age; - path = "/home/rhea/.ssh/etwas_sign_key"; - owner = "rhea"; - symlink = false; - }; - }; - }; - - nix.extraOptions = '' - !include ${config.age.secrets.access-tokens-github.path} - ''; -} diff --git a/modules/utils/default.nix b/modules/utils/default.nix index e857f2f..12f5c32 100644 --- a/modules/utils/default.nix +++ b/modules/utils/default.nix @@ -1,6 +1,5 @@ { imports = [ - ./agenix.nix ./auth.nix ]; } diff --git a/secrets/1bvps.age b/secrets/1bvps.age deleted file mode 100644 index 106f62f..0000000 --- a/secrets/1bvps.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 7JS6dg Rx58PIoePOwy88y9iiNJDV4GCp+rlNY7oZCKOcvbfiU -PjKbjgArVPyZqUbWAjcuoINcBy2Wyp70Jox06xJxJag ---- af4TkBlucpaVjj5D05TnvGImoCKDkVLLGhW4hst9bos -$v`G [ȞGVОVGa >GLSChF c{ Q޴x;OT7i&> {͟0X0Ugd, - |%L0!Qֽ#__cxlT$iF3ϻK~ncVi%G[~d;Ix9e˚7АL"k} -FLP9iyk<F/m!PHlE]sBxs:M1e>GbqOBjS6[ -~8% Pau>YSTsgrZD~VvT5v-)Ryc80H&H?`Zb=HUnY%zG9-PGNR-H&)$zz%owk4B~ zF5>nw0!;rx1PznN#9`9cg8+NrnH@M>2-YBJuI|wGak#i_UcrVQH7dx1;fv2z;LtUA HU9$|udBa&mVwNGmuna779&EiE8wQFm-dR7Q7nZ9-9Y zL@{VYHFr2^L_s!CGfPP|N;XM1SaEo3VOnZ=b8`yT?%-iow`5sl+#pe~oY9{D8|Vn& zxnSL}1C{Sdz@{^idS-N3`9ws1AW1df07IE0$DgG11}9f{wn|W?3DA~ghhjp0*U#X( HYzl=+I!j=z diff --git a/secrets/gcd_etwas.age b/secrets/gcd_etwas.age deleted file mode 100644 index 862078d58aaa1ed094b9c44dda22b96ffdc629dd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 623 zcmV-#0+9V-XJsvAZewzJaCB*JZZ2oeE%Y0lNin2h(g@N8^fEsE^BLzQ1ecO2}oti24WLSrEQ2O32)S?z?qeKOpJ<`2%e`u2$nXW}~`ozzl zb2@7798|m+q6h`_XaN2P!E{EKE;HRRZ3}Pn01`@p7CS;oMv^iK?P2h*F0Fpu5cN_6#Ji zGao5bkcBR=LMsP?a6RAxy9&c^xrDIced4RU$wD@5{)?C9PR;qtKLO(J4Lp@%5;$K? zGdk3B3*T+wE)kiHkXLP!zad!rAGw9M@m&t-MGUq`kmQ#2UFa1>Y#TI)I)-h>sS@Q# JVnUUyt_X%F56=Jq diff --git a/secrets/gh_argstr.age b/secrets/gh_argstr.age deleted file mode 100644 index d7606ab88db3d7bfeff8e56816c178c9b48e7181..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 339 zcmV-Z0j&OEXJsvAZewzJaCB*JZZ2PI_8ZOHpr0 zdSqE`XHH{tK~igHWJ`EZZgVkdLU1udXl!&VH)(B8aAOKBEiE8cS8r8KV>5A0T4HiD zD`ZhNQCDzQWp+$gQ)zBkZ+T%uSxR?$c6LQFNNWmN{>Cg>lwymI$kXJ`7m(FAv-w#> z7nBisV?45qLkeHmnV3TGKtIRuGfy){p%BOYfkiA=dTo|?B0`-5QM}1WN!fXbR)OY- zkuXgljHVkHHdOG$V{+|40y~mWq^$dgH|cjyKDG{F|9vn6&z1VPO;hsg`Ym|Z0HV~= l^Vky~a3tyN7QK!F;q@E5hLZ@%weAiKl7vvW=Y#;}?BmoYi}C;f diff --git a/secrets/gh_token.age b/secrets/gh_token.age deleted file mode 100644 index 102ee8470ee8ab681a7dab067b924bff45bdc265..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 306 zcmV-20nPqlXJsvAZewzJaCB*JZZ2(Pj5(VR#Goz zIXFXec34Mkd2~`WdO2cHZ**xgS!PXdOfphILpTbOd!0{V&@KjbP9u5gOdLanO%A2KwX!h;Iot57yP2WLcb6?^AY}!6loA5m?D3YeGvyZE0|LYIZMBWpGGZZcas0MQBJ)K}8C2aAi$SR5o>5 za(Ov4Pf zZpb_q#%8jF%?BoEV6y}403ofV7W;n<4>`$+3BtU(SGS6+RmmsxvF^c?)Y=mD6LCJB zss#iw{*bY~zFM-WSO9Gk3iN~&m^OGX@w2tX(r5epjLgG+fshybmGu0| z(d#RXr0gm~US=!7w3F8TTf0B)x{Fz3@W$$A$O1~E)FKK z49nq{3J_ELzPae3k6iQTnB~RkCjABxD7y$l{_y91c1D~>xKP$fh|(Iz+eiPdh_0v zEjh_KbnQL2j7Gg`eK|x#a)zBeJ9Od0pNwH&v@JLd2)dW$U{^Kpn|SlZVJxNQ+^~D) z_OR?%I|+KBZ{FCYO!}ZRRuO?t3crEDs0>AkBq}8F7>(Cn7ptl6m)&p9(f&GAPe2DMgv;Y9q`}+5F^foc6xZJ^WLnQMOn3ybXkU+EQ`B}XN#H>GYjTebWQWX)e@)&!@Lc!xEfE5n9S`tr8-2gn*c<0!-e>(~H z83kS@UbHjlFUS!CpwcOS~8$9i}T?UvZS96+Gk^d*l{qT=qU z(C+U(&0hNf3q(cKKvKsODeTY_!gh^-)J!3%Hp-zFt=Gclx@9