feat: move some things to a private flake, finally :D

flake.lock

@@ -21,6 +21,27 @@
         "type": "github"
       }
     },
+    "agenix_2": {
+      "inputs": {
+        "darwin": "darwin_2",
+        "home-manager": "home-manager_3",
+        "nixpkgs": "nixpkgs_3",
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1723293904,
+        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "catppuccin": {
       "locked": {
         "lastModified": 1730458408,
@@ -58,6 +79,29 @@
         "type": "github"
       }
     },
+    "darwin_2": {
+      "inputs": {
+        "nixpkgs": [
+          "private-config",
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -135,11 +179,33 @@
         ]
       },
       "locked": {
-        "lastModified": 1730450782,
+        "lastModified": 1730490306,
-        "narHash": "sha256-0AfApF8aexgB6o34qqLW2cCX4LaWJajBVdU6ddiWZBM=",
+        "narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "8ca921e5a806b5b6171add542defe7bdac79d189",
+        "rev": "1743615b61c7285976f85b303a36cdf88a556503",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_3": {
+      "inputs": {
+        "nixpkgs": [
+          "private-config",
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703113217,
+        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
         "type": "github"
       },
       "original": {
@@ -205,11 +271,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1730368399,
+        "lastModified": 1730537918,
-        "narHash": "sha256-F8vJtG389i9fp3k2/UDYHMed3PLCJYfxCqwiVP7b9ig=",
+        "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "da14839ac5f38ee6adbdb4e6db09b5eef6d6ccdc",
+        "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560",
         "type": "github"
       },
       "original": {
@@ -251,6 +317,57 @@
         "type": "github"
       }
     },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1703013332,
+        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1730200266,
+        "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "private-config": {
+      "inputs": {
+        "agenix": "agenix_2",
+        "nixpkgs": "nixpkgs_4"
+      },
+      "locked": {
+        "lastModified": 1730545394,
+        "narHash": "sha256-0W9hg1ceZlUN4lYbJBZjMj5STjqbduh/3Ii992R+N3c=",
+        "ref": "refs/heads/main",
+        "rev": "c21ab83a4fa707424323371eac5a5cf718cdbe60",
+        "revCount": 8,
+        "type": "git",
+        "url": "ssh://git@git.catgirl.dog/etwas/private-nix-configs"
+      },
+      "original": {
+        "type": "git",
+        "url": "ssh://git@git.catgirl.dog/etwas/private-nix-configs"
+      }
+    },
     "root": {
       "inputs": {
         "agenix": "agenix",
@@ -260,6 +377,7 @@
         "nix-index-database": "nix-index-database",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_2",
+        "private-config": "private-config",
         "spicetify-nix": "spicetify-nix"
       }
     },
@@ -271,11 +389,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730434620,
+        "lastModified": 1730521028,
-        "narHash": "sha256-TRMTZ9nAU31tGTPQpf4ylUYDW+JfpYFbBQrZYf1/xj4=",
+        "narHash": "sha256-vZtg4J+jOADDKgS+s821PeJiTXfawan8mzX3JM3xjqc=",
         "owner": "Gerg-L",
         "repo": "spicetify-nix",
-        "rev": "defcdbfdf0890df65685e25e8920d68035cb7720",
+        "rev": "191323d81e19efa0be5071e17263851e62f35685",
         "type": "github"
       },
       "original": {
@@ -313,6 +431,21 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -30,6 +30,9 @@
       url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    # public in nix store, but not here :3<
+    private-config.url = "git+ssh://git@git.catgirl.dog/etwas/private-nix-configs";
   };
 
   outputs =
@@ -41,6 +44,7 @@
       spicetify-nix,
       nix-index-database,
       lix-module,
+      private-config,
       ...
     }@inputs:
     {
@@ -49,6 +53,7 @@
           inherit inputs;
           inherit spicetify-nix;
           inherit agenix;
+          inherit private-config;
         };
 
         system = "x86_64-linux";
@@ -58,7 +63,7 @@
           nixos-hardware.nixosModules.framework-13-7040-amd
           lix-module.nixosModules.default
           nix-index-database.nixosModules.nix-index
-          agenix.nixosModules.default
+          private-config.nixosModules.default
           ./modules
           ./home
         ];

home/default.nix

@@ -42,6 +42,7 @@
           inputs.spicetify-nix.homeManagerModules.default
           inputs.nix-index-database.hmModules.nix-index
           inputs.agenix.homeManagerModules.age
+          inputs.private-config.homeManagerModules.default
         ]
         ++ [
           ./essentials

home/essentials/git.nix

@@ -1,19 +1,12 @@
 {
   programs.git = {
     enable = true;
-    userName = "EinEtwas";
-    userEmail = "ein@etwas.me";
 
     extraConfig = {
       push.autoSetupRemote = true;
       init.defaultBranch = "main";
 
       pull.rebase = true;
-
-      # Sign all commits using ssh key
-      commit.gpgsign = true;
-      gpg.format = "ssh";
-      user.signingkey = "/home/rhea/.ssh/etwas_sign_key";
     };
 
     delta.catppuccin.enable = true;

home/essentials/ssh.nix

@@ -1,51 +1,5 @@
 {
   programs.ssh = {
     enable = true;
-
-    matchBlocks = {
-      "1bvps" = {
-        host = "1bvps";
-        hostname = "178.254.43.196";
-        identityFile = [ "/home/rhea/.ssh/id_1bvps" ];
-      };
-
-      "1bvps-ip" = {
-        host = "178.254.43.196";
-        hostname = "178.254.43.196";
-        identityFile = [ "/home/rhea/.ssh/id_1bvps" ];
-      };
-
-      "gcd-etwas" = {
-        host = "gcd-etwas";
-        hostname = "git.catgirl.dog";
-        identityFile = [ "/home/rhea/.ssh/id_gcd_etwas" ];
-        user = "git";
-        port = 222;
-      };
-
-      "gcd-etwas-fullurl" = {
-        host = "git.catgirl.dog";
-        hostname = "git.catgirl.dog";
-        identityFile = [ "/home/rhea/.ssh/id_gcd_etwas" ];
-        user = "git";
-        port = 222;
-      };
-
-      "gh-etwas" = {
-        host = "github.com";
-        hostname = "github.com";
-        identityFile = [ "/home/rhea/.ssh/id_gh_etwas" ];
-        user = "git";
-        port = 22;
-      };
-
-      "glrwth-tuda" = {
-        host = "git.rwth-aachen.de";
-        hostname = "git.rwth-aachen.de";
-        identityFile = [ "/home/rhea/.ssh/id_glrwth_tuda" ];
-        user = "git";
-        port = 22;
-      };
-    };
   };
 }

modules/utils/agenix.nix

@@ -1,53 +0,0 @@
-{ config, ... }:
-{
-  # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey
-  age = {
-    identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
-
-    secrets = {
-      access-tokens-github.file = ../../secrets/gh_argstr.age;
-
-      fbda-wg-privkey.file = ../../secrets/fbda_wg_priv_key.age;
-      fbda-wg-psk.file = ../../secrets/fbda_wg_psk.age;
-
-      obvps-id = {
-        file = ../../secrets/1bvps.age;
-        path = "/home/rhea/.ssh/id_1bvps";
-        owner = "rhea";
-        symlink = false;
-      };
-
-      gh_etwas = {
-        file = ../../secrets/gh_token.age;
-        path = "/home/rhea/.ssh/id_gh_etwas";
-        owner = "rhea";
-        symlink = false;
-      };
-
-      gcd_etwas = {
-        file = ../../secrets/gcd_etwas.age;
-        path = "/home/rhea/.ssh/id_gcd_etwas";
-        owner = "rhea";
-        symlink = false;
-      };
-
-      glrwth_tuda = {
-        file = ../../secrets/glrwth_token.age;
-        path = "/home/rhea/.ssh/id_glrwth_tuda";
-        owner = "rhea";
-        symlink = false;
-      };
-
-      etwas_sign_key = {
-        file = ../../secrets/sign_etwas.age;
-        path = "/home/rhea/.ssh/etwas_sign_key";
-        owner = "rhea";
-        symlink = false;
-      };
-    };
-  };
-
-  nix.extraOptions = ''
-    !include ${config.age.secrets.access-tokens-github.path}
-  '';
-}

modules/utils/default.nix

@@ -1,6 +1,5 @@
 {
   imports = [
-    ./agenix.nix
     ./auth.nix
   ];
 }

secrets/1bvps.age

@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 7JS6dg Rx58PIoePOwy88y9iiNJDV4GCp+rlNY7oZCKOcvbfiU
-PjKbjgArVPyZqUbWAjcuoINcBy2Wyp70Jox06xJxJag
---- af4TkBlucpaVjj5D05TnvGImoCKDkVLLGhW4hst9bos
-$v`G‹
[Èž­GVÉÒОVGa	Ùâ·àùóý>œGL˜²S’Ch‚Fþ<46> ýc{ Q¾†Þ´Ýx;ƒOT—7òïiÀ¢’¦ˆ&ð>¢ {ÍŸ0¼X0ÒÅUgd¯,
-
|%¼L0¨<30>Ç!®ìQÖ½ˆ#_û_c“xlT—$i<>ÓFï½3¦þÏ»KÙ~ncVÎÙi­¢%¡–ÿ°©<K¤ ½?e´¸)g·¯v¢"ù%C™õÆZ.<ò¡<C3B2> °ß”©Ø0 ˆúL;Ôv¹n®ã“ÕÈŸw·Ï„’îdð‡£›\Š9€Ou’ï£Pò›Tê}¶Õ§ó}›n+±ã$æMLjíriF”fÓðkâI›om 7¥Ô×![Æ!>G[~d³ò<>ó;
IŽé¢x«é±9eËš7ÕúÞÐ<C39E>ÖL"k}Ô
-ÊFL™—P9iy‘ª¤¦õkÞ<ÿ¢
F¢ùâ/ÖÖm!PH¹l­E]sþÝBxÃès:M©Ø1èe>ÄÁGb¸q¦ÝOB°jôS6[
-~´8£øÞèñî%óø	Pé§a‰òð°Ûu>רÒY<ÑNb

secrets/secrets.nix

@@ -1,14 +0,0 @@
-let
-  rhea-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJynM8SLRXRrfGRJd43T4wabsOHFcWeeuTym9h7vl7Io";
-  systems = [ rhea-laptop ];
-in
-{
-  "gh_argstr.age".publicKeys = [ rhea-laptop ];
-  "gh_token.age".publicKeys = [ rhea-laptop ];
-  "1bvps.age".publicKeys = [ rhea-laptop ];
-  "gcd_etwas.age".publicKeys = [ rhea-laptop ];
-  "sign_etwas.age".publicKeys = [ rhea-laptop ];
-  "fbda_wg_priv_key.age".publicKeys = [ rhea-laptop ];
-  "fbda_wg_psk.age".publicKeys = [ rhea-laptop ];
-  "glrwth_token.age".publicKeys = [ rhea-laptop ];
-}