feat: sops -> agenix
This commit is contained in:
parent
a0baf64b5a
commit
2abe42ea80
17 changed files with 212 additions and 125 deletions
7
.age/yk5ci.txt
Normal file
7
.age/yk5ci.txt
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# Serial: 17700673, Slot: 1
|
||||||
|
# Name: age identity 30be8d70
|
||||||
|
# Created: Sun, 02 Jul 2023 11:06:17 +0000
|
||||||
|
# PIN policy: Once (A PIN is required once per session, if set)
|
||||||
|
# Touch policy: Always (A physical touch is required for every decryption)
|
||||||
|
# Recipient: age1yubikey1qfkn095xth4ukxjye98ew4ul6xdkyz7sek0hd67yfjs5z6tv7q9jgnfchls
|
||||||
|
AGE-PLUGIN-YUBIKEY-1GYTSUQVZXZLG6UQYHVHNU
|
|
@ -12,6 +12,10 @@ end_of_line = lf
|
||||||
insert_final_newline = true
|
insert_final_newline = true
|
||||||
trim_trailing_whitespace = true
|
trim_trailing_whitespace = true
|
||||||
|
|
||||||
|
[*.age]
|
||||||
|
end_of_line = unset
|
||||||
|
insert_final_newline = unset
|
||||||
|
|
||||||
# go
|
# go
|
||||||
[*.go]
|
[*.go]
|
||||||
indent_style = tab
|
indent_style = tab
|
||||||
|
|
3
.gitattributes
vendored
3
.gitattributes
vendored
|
@ -2,6 +2,9 @@
|
||||||
flake.lock -diff
|
flake.lock -diff
|
||||||
lazy-lock.json -diff
|
lazy-lock.json -diff
|
||||||
|
|
||||||
|
# treat age as binary
|
||||||
|
*.age -text -diff
|
||||||
|
|
||||||
# git lfs
|
# git lfs
|
||||||
*.png filter=lfs diff=lfs merge=lfs -text
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
|
||||||
|
|
199
flake.lock
199
flake.lock
|
@ -1,5 +1,28 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
|
"agenix": {
|
||||||
|
"inputs": {
|
||||||
|
"darwin": "darwin",
|
||||||
|
"home-manager": "home-manager",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"systems": "systems"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1703433843,
|
||||||
|
"narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
|
||||||
|
"owner": "ryantm",
|
||||||
|
"repo": "agenix",
|
||||||
|
"rev": "417caa847f9383e111d1397039c9d4337d024bf0",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "ryantm",
|
||||||
|
"repo": "agenix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"caarlos0-nur": {
|
"caarlos0-nur": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -7,11 +30,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1701864263,
|
"lastModified": 1705371143,
|
||||||
"narHash": "sha256-70nBt0MNya8VPOpUAS3JNUfC4nF6yv/II2+sGmCTiDs=",
|
"narHash": "sha256-AYtYccMuUSXLYuasl5jIut5CIlMQR8jtqEnXeTKcROQ=",
|
||||||
"owner": "caarlos0",
|
"owner": "caarlos0",
|
||||||
"repo": "nur",
|
"repo": "nur",
|
||||||
"rev": "fa376e868b14b2661757ceed5ea762d62a1400ec",
|
"rev": "c2cb844944e47644062463ea38f014df6b400bc0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -43,15 +66,37 @@
|
||||||
"darwin": {
|
"darwin": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
"agenix",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704277720,
|
"lastModified": 1700795494,
|
||||||
"narHash": "sha256-meAKNgmh3goankLGWqqpw73pm9IvXjEENJloF0coskE=",
|
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
|
||||||
"owner": "lnl7",
|
"owner": "lnl7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "0dd382b70c351f528561f71a0a7df82c9d2be9a4",
|
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "lnl7",
|
||||||
|
"ref": "master",
|
||||||
|
"repo": "nix-darwin",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"darwin_2": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1705915768,
|
||||||
|
"narHash": "sha256-+Jlz8OAqkOwJlioac9wtpsCnjgGYUhvLpgJR/5tP9po=",
|
||||||
|
"owner": "lnl7",
|
||||||
|
"repo": "nix-darwin",
|
||||||
|
"rev": "1e706ef323de76236eb183d7784f3bd57255ec0b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -80,14 +125,14 @@
|
||||||
},
|
},
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems"
|
"systems": "systems_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1701680307,
|
"lastModified": 1705309234,
|
||||||
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -98,14 +143,14 @@
|
||||||
},
|
},
|
||||||
"flake-utils_2": {
|
"flake-utils_2": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_2"
|
"systems": "systems_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1701680307,
|
"lastModified": 1705309234,
|
||||||
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -122,11 +167,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1660459072,
|
"lastModified": 1703887061,
|
||||||
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
|
"narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
|
||||||
"owner": "hercules-ci",
|
"owner": "hercules-ci",
|
||||||
"repo": "gitignore.nix",
|
"repo": "gitignore.nix",
|
||||||
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
|
"rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -138,15 +183,36 @@
|
||||||
"home-manager": {
|
"home-manager": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
"agenix",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704980804,
|
"lastModified": 1703113217,
|
||||||
"narHash": "sha256-lPNNKdPqIYcjhhYIVwlajNt/HqVWbMOoSdNnwCvOP04=",
|
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "93e804e7f8a1eb88bde6117cd5046501e66aa4bd",
|
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"home-manager_2": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1706080884,
|
||||||
|
"narHash": "sha256-qhxisCrSraN5YWVb0lNCFH8ovqnCw5W9ldac4Dzr0Nw=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"rev": "6b28ab2d798c1c84e24053d95f4ee1dd9d81e2fb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -162,11 +228,11 @@
|
||||||
"rust-overlay": "rust-overlay"
|
"rust-overlay": "rust-overlay"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704956608,
|
"lastModified": 1706079808,
|
||||||
"narHash": "sha256-bpkRWf3eC9mwi74rypUbzPWqBWSF8YK0XRsw1/vB4Og=",
|
"narHash": "sha256-+C/G1OV5d8XN0fuXAuArXFfeOf2qRAKZ4MeoZdb2MPU=",
|
||||||
"owner": "nekowinston",
|
"owner": "nekowinston",
|
||||||
"repo": "nur",
|
"repo": "nur",
|
||||||
"rev": "37ceb1158257f3279865c2a541c28732f7f19566",
|
"rev": "d09ab5e733e44db665d5b89467c20038b2e05ba6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -182,11 +248,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704596958,
|
"lastModified": 1705806513,
|
||||||
"narHash": "sha256-BK3Ohsz7m8X6qVKFxDtr8KVcHipfr5hYE9PDIJevHbQ=",
|
"narHash": "sha256-FcOmNjhHFfPz2udZbRpZ1sfyhVMr+C2O8kOxPj+HDDk=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-index-database",
|
"repo": "nix-index-database",
|
||||||
"rev": "f46800ac5a6e9f892fe36e50821c5d85794ecc62",
|
"rev": "f8e04fbcebcc24cebc91989981bd45f69b963ed7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -206,11 +272,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704936062,
|
"lastModified": 1706059331,
|
||||||
"narHash": "sha256-S29+KmGZoe+dPI8iqvfg1FEgKcyUHh30r3EfK8+YjMA=",
|
"narHash": "sha256-SbBG2DENRMgAGVClEbTH6ZiX7BA0JrkwyoIu5mnJuVc=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-vscode-extensions",
|
"repo": "nix-vscode-extensions",
|
||||||
"rev": "7699526d3fb5e34fc02cf4614212cb69901cff76",
|
"rev": "699e64340b66ff33757e6533150242a6f76029aa",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -221,11 +287,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704194953,
|
"lastModified": 1705677747,
|
||||||
"narHash": "sha256-RtDKd8Mynhe5CFnVT8s0/0yqtWFMM9LmCzXv/YKxnq4=",
|
"narHash": "sha256-eyM3okYtMgYDgmYukoUzrmuoY4xl4FUujnsv/P6I/zI=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "bd645e8668ec6612439a9ee7e71f7eac4099d4f6",
|
"rev": "bbe7d8f876fbbe7c959c90ba2ae2852220573261",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -255,11 +321,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704722960,
|
"lastModified": 1705856552,
|
||||||
"narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=",
|
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d",
|
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -271,11 +337,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1705002794,
|
"lastModified": 1706089541,
|
||||||
"narHash": "sha256-kOd7hd8A1sGFZSYJGn+cEH3RSpGVAQ004Pd1lZabuIo=",
|
"narHash": "sha256-hYvDAhzOXFCRV6a7JmLT0YFfCXFQNR5sEJCPtj1wgrk=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nur",
|
"repo": "nur",
|
||||||
"rev": "753418854902ccec235420cf3ee6b8bb9da3de67",
|
"rev": "dd8575d44a907f816c799369432dc84cff6bf183",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -299,11 +365,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704913983,
|
"lastModified": 1705757126,
|
||||||
"narHash": "sha256-K/GuHFFriQhH3VPWMhm6bYelDuPyGGjGu1OF1EWUn5k=",
|
"narHash": "sha256-Eksr+n4Q8EYZKAN0Scef5JK4H6FcHc+TKNHb95CWm+c=",
|
||||||
"owner": "cachix",
|
"owner": "cachix",
|
||||||
"repo": "pre-commit-hooks.nix",
|
"repo": "pre-commit-hooks.nix",
|
||||||
"rev": "b0265634df1dc584585c159b775120e637afdb41",
|
"rev": "f56597d53fd174f796b5a7d3ee0b494f9e2285cc",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -314,19 +380,19 @@
|
||||||
},
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
|
"agenix": "agenix",
|
||||||
"caarlos0-nur": "caarlos0-nur",
|
"caarlos0-nur": "caarlos0-nur",
|
||||||
"catppuccin-vsc": "catppuccin-vsc",
|
"catppuccin-vsc": "catppuccin-vsc",
|
||||||
"darwin": "darwin",
|
"darwin": "darwin_2",
|
||||||
"flake-parts": "flake-parts",
|
"flake-parts": "flake-parts",
|
||||||
"flake-utils": "flake-utils",
|
"flake-utils": "flake-utils",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager_2",
|
||||||
"nekowinston-nur": "nekowinston-nur",
|
"nekowinston-nur": "nekowinston-nur",
|
||||||
"nix-index-database": "nix-index-database",
|
"nix-index-database": "nix-index-database",
|
||||||
"nix-vscode-extensions": "nix-vscode-extensions",
|
"nix-vscode-extensions": "nix-vscode-extensions",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs_2",
|
||||||
"nur": "nur",
|
"nur": "nur",
|
||||||
"pre-commit-hooks": "pre-commit-hooks",
|
"pre-commit-hooks": "pre-commit-hooks",
|
||||||
"sops": "sops",
|
|
||||||
"swayfx": "swayfx"
|
"swayfx": "swayfx"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -342,11 +408,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704593904,
|
"lastModified": 1705803528,
|
||||||
"narHash": "sha256-nDoXZDTRdgF3b4n3m011y99nYFewvOl9UpzFvP8Rb3c=",
|
"narHash": "sha256-nChqKQPRXxmGBEkHse39LjNpkNKk4U1xPQ4a4oYlUdw=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"rev": "c36fd70a99decfa6e110c86f296a97613034a680",
|
"rev": "bd7e8f4e122e11c934a576abc04327764f9bf19b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -355,30 +421,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"sops": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"nixpkgs-stable": [
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1691828918,
|
|
||||||
"narHash": "sha256-p8kvccP/qxUrASzGemRx2MB9Kefd9DzrtmJr5whhOCg=",
|
|
||||||
"owner": "Mic92",
|
|
||||||
"repo": "sops-nix",
|
|
||||||
"rev": "1c673ba1053ad3e421fe043702237497bda0c621",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "Mic92",
|
|
||||||
"repo": "sops-nix",
|
|
||||||
"rev": "1c673ba1053ad3e421fe043702237497bda0c621",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"swayfx": {
|
"swayfx": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": [],
|
"flake-compat": [],
|
||||||
|
@ -429,6 +471,21 @@
|
||||||
"repo": "default",
|
"repo": "default",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"systems_3": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": "root",
|
"root": "root",
|
||||||
|
|
15
flake.nix
15
flake.nix
|
@ -59,11 +59,13 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
devShells.default = config.pre-commit.devShell.overrideAttrs (old: {
|
devShells.default = pkgs.mkShell {
|
||||||
|
inherit (config.pre-commit.devShell) shellHook;
|
||||||
|
RULES = "./home/secrets/secrets.nix";
|
||||||
buildInputs = with pkgs;
|
buildInputs = with pkgs;
|
||||||
[alejandra just nil nix-output-monitor nvd]
|
[alejandra just nil nix-output-monitor nvd inputs'.agenix.packages.agenix]
|
||||||
++ lib.optionals stdenv.isDarwin [inputs.darwin.packages.${system}.darwin-rebuild];
|
++ lib.optionals stdenv.isDarwin [inputs'.darwin.packages.darwin-rebuild];
|
||||||
});
|
};
|
||||||
|
|
||||||
legacyPackages.homeConfigurations = let
|
legacyPackages.homeConfigurations = let
|
||||||
homeLib = import ./home/lib.nix {
|
homeLib = import ./home/lib.nix {
|
||||||
|
@ -131,10 +133,9 @@
|
||||||
|
|
||||||
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
|
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
nix-index-database.url = "github:nix-community/nix-index-database";
|
nix-index-database.url = "github:nix-community/nix-index-database";
|
||||||
sops = {
|
agenix = {
|
||||||
url = "github:Mic92/sops-nix/1c673ba1053ad3e421fe043702237497bda0c621";
|
url = "github:ryantm/agenix";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
inputs.nixpkgs-stable.follows = "nixpkgs";
|
|
||||||
};
|
};
|
||||||
swayfx = {
|
swayfx = {
|
||||||
url = "github:willpower3309/swayfx";
|
url = "github:willpower3309/swayfx";
|
||||||
|
|
|
@ -1,14 +1,9 @@
|
||||||
{
|
{config, ...}: {
|
||||||
config,
|
age.secrets."gitconfig-work".path = "${config.xdg.configHome}/git/gitconfig-work";
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
sops.secrets."gitconfig-work".path = "${config.xdg.configHome}/git/gitconfig-work";
|
|
||||||
programs.git.includes = [
|
programs.git.includes = [
|
||||||
{
|
{
|
||||||
condition = "gitdir:~/Code/work/";
|
condition = "gitdir:~/Code/work/";
|
||||||
path = config.sops.secrets.gitconfig-work.path;
|
path = config.age.secrets."gitconfig-work".path;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{config, ...}: {
|
{config, ...}: {
|
||||||
sops.secrets."aerc-accounts".path = "${config.xdg.configHome}/aerc/accounts.conf";
|
age.secrets."aerc-personal.conf".path = "${config.xdg.configHome}/aerc/accounts.conf";
|
||||||
programs = {
|
programs = {
|
||||||
aerc = {
|
aerc = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -7,7 +7,7 @@
|
||||||
general = {
|
general = {
|
||||||
default-save-path = "~/Downloads";
|
default-save-path = "~/Downloads";
|
||||||
pgp-provider = "gpg";
|
pgp-provider = "gpg";
|
||||||
# sops-nix manages the accounts.conf,
|
# agenix manages the accounts.conf,
|
||||||
# so the permissions appear unsafe to aerc
|
# so the permissions appear unsafe to aerc
|
||||||
unsafe-accounts-conf = true;
|
unsafe-accounts-conf = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
}: let
|
}: let
|
||||||
inherit (pkgs.stdenv.hostPlatform) isDarwin isLinux;
|
inherit (pkgs.stdenv.hostPlatform) isDarwin isLinux;
|
||||||
in {
|
in {
|
||||||
imports = [./apps ./secrets/sops.nix ./xdg.nix];
|
imports = [./apps ./secrets ./xdg.nix];
|
||||||
|
|
||||||
home = {
|
home = {
|
||||||
packages = with pkgs; ([
|
packages = with pkgs; ([
|
||||||
|
@ -29,7 +29,6 @@ in {
|
||||||
nvd
|
nvd
|
||||||
ranger
|
ranger
|
||||||
ripgrep
|
ripgrep
|
||||||
sops
|
|
||||||
wakatime
|
wakatime
|
||||||
watchexec
|
watchexec
|
||||||
]
|
]
|
||||||
|
@ -51,5 +50,5 @@ in {
|
||||||
taskwarrior.enable = true;
|
taskwarrior.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."wakatime-cfg".path = "${config.xdg.configHome}/wakatime/.wakatime.cfg";
|
age.secrets."wakatime.cfg".path = "${config.home.homeDirectory}/.wakatime.cfg";
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,10 +29,10 @@
|
||||||
|
|
||||||
modules = with inputs;
|
modules = with inputs;
|
||||||
[
|
[
|
||||||
nix-index-database.hmModules.nix-index
|
agenix.homeManagerModules.age
|
||||||
sops.homeManagerModules.sops
|
|
||||||
caarlos0-nur.homeManagerModules.default
|
caarlos0-nur.homeManagerModules.default
|
||||||
nekowinston-nur.homeManagerModules.default
|
nekowinston-nur.homeManagerModules.default
|
||||||
|
nix-index-database.hmModules.nix-index
|
||||||
./.
|
./.
|
||||||
]
|
]
|
||||||
++ pkgs.lib.optionals (!isNixOS) [hmStandaloneConfig];
|
++ pkgs.lib.optionals (!isNixOS) [hmStandaloneConfig];
|
||||||
|
|
9
home/secrets/aerc-personal.conf.age
Normal file
9
home/secrets/aerc-personal.conf.age
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> piv-p256 ML6NcA A4mXaV3COp2TW4o1cMv4XKmrckAUDszY32GwefWM/rwZ
|
||||||
|
fIrr28U6/mqw7VmqvtM5gnhHMBFJ0CSXRMDfbzr2w2o
|
||||||
|
-> ssh-ed25519 77w9rQ zN8P9J8uPmEnq+dPeAryP3fRJjsplJ2kdOBOP+2Ill8
|
||||||
|
RaHYOS1jxgg7OK8q1umvNGkAFZAbcCVnuQR1m5R5Dck
|
||||||
|
--- vcQ0gKhuBDr6RXf5D+RtysBljaik8LEs/jAK1VlQeV8
|
||||||
|
Î=;{µ£<C2A3>ÕÞ«|·=P®¨<C2AE>ŸÐS?̽
|
||||||
|
XDªfºˆŒL™\v7î<06>öwqá\€¯ðU$¨Û…»¨Ûº
|
||||||
|
R—ï÷Ñ;øj²;ßêÆ<C3AA>ø.ó<>”„…³´™°Ó(Ž.°ˆØBºý¦ùŽOɹ…œÉ(ÌíŒÚØÛ¾P§¬‡Ü¶c*¤ù|è☫‘ïèÕ˜Öt1ŸÏ«d»*Ù"UTÚóY“¹e‰¥©>€ç@´³Ee#ƒ›þÅŸo<C5B8>Jˆ1™²J£0…uöëWl®ìX¥¹®ãÿÖP›)n¥<6E><04>bÏ#„¦é‡síyrØØ[èæçÏ0êm®Þ®ê„a$ö̬š\‹qVEpì…”Ö¢îkýe¹¿)L’-¹õ.¤,í[²<>y5Zœh”øqh°ÅA¬qD¡«³ÖzWq¯‚Œt1…-ýkCèƽ´Ÿki¯·y¢¼é-«ë¢ÇÓET_lâ/Š_AĬ¡—¡Hé&x‹áO﹆U
|
18
home/secrets/default.nix
Normal file
18
home/secrets/default.nix
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
age = {
|
||||||
|
identityPaths = ["${config.home.homeDirectory}/.ssh/id_ed25519"];
|
||||||
|
|
||||||
|
secrets = with builtins;
|
||||||
|
listToAttrs (map (k: {
|
||||||
|
name = lib.removePrefix "home/secrets/" (lib.removeSuffix ".age" k);
|
||||||
|
value = {file = ./../.. + "/${k}";};
|
||||||
|
}) (attrNames (import ./secrets.nix)));
|
||||||
|
|
||||||
|
secretsDir = "/private/tmp/agenix";
|
||||||
|
secretsMountPoint = "/private/tmp/agenix.d";
|
||||||
|
};
|
||||||
|
}
|
7
home/secrets/gitconfig-work.age
Normal file
7
home/secrets/gitconfig-work.age
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> piv-p256 ML6NcA AqBNytZUiPR/Qtdhdm6/TDEzFKzEPaNrDm3Yp1t4eRCC
|
||||||
|
6gLCrwBAMefJkncql1W+WFxSo7gmOoIjxPfS1F8d/60
|
||||||
|
-> ssh-ed25519 77w9rQ r5VNI11Va7crZlfRImwJuIFNNrtmtBB7eSxO2rAWhwI
|
||||||
|
objRSVUnqq5JU66cJMyguFZx6/xH5p0VEb61S3VfSg4
|
||||||
|
--- GvRjramTigwFWBbx7b9jWk0V7Nf11M7wSTCxpYZwiM0
|
||||||
|
ª lë¤]s«Ù<C2AB>s÷Cêm@Ñ\<5C>ÚoŪ4LãÑÊÄîZ ’Çÿ"°Ã@l(dlɾÛ"õ¸r'&¤ ‡©žP̃p+;$õå,ÕŸ+"óWª'ÊùnB‘E*¿>$"Àzv~ßEË~è”Ö(̯UÌÅ©ë†×ÔCÀ¾þ-Û?ANÁٸⴕúŸBŸ’a“?èÄ鱫żյµ
|
|
@ -1,25 +0,0 @@
|
||||||
aerc-accounts: ENC[AES256_GCM,data:+/iBC++93F0hPhpY8x18h+1mC5AaYlCfctYRA10S5sWrWCPKVffXi9eFNqqxY/bwJlu5sn1nEvUYyXuQx0XUCB1ToGq6hbnRmivvi8RwVabBVltbujc50j0Pe8IwvyOA3gJIWpBJDwRSwwc9eouyTeJ5YBqiCwEIoFq6Z9yhTwYpNA5+SXM18lWq8lDhHXaV5i2JgLnxjwvd3oGBjBFpQ9hOgySbdFpZmCYPZ6AM6wThJBEbilYuCe9V7P6P5g8PxGSQFyx1f/trqDg3yoEBBz/YcI/Jj2315GqJltdEGdJP+9aevkLEmM4BFYpFl0Hkhvk4Ymu5DZQtVGsdLmfbMqSB9pRn4nOKcY3tG09oIuIiIVNXhrXRrI0QYqyQEzxycTBDRKhAUziGRCwuldIlqNoqbV6eECWVJAwHhgbin7Oe++IkKe2KRe2YfmwDBSoteucxQHpfKXnU0VmC,iv:ERGbzSfowSibJ4glaiTzUg0TaKtbuDH1P7sUno1WfAA=,tag:lrPOSIrEFNnknGKHcYpDyg==,type:str]
|
|
||||||
gitconfig-work: ENC[AES256_GCM,data:rjq9cKLkgS4to1Yt4NoYey63Rja2Gw03zmnBpnm9xp5O+yQKLiQ5x28cuNeKxa0jJavvwZzLjI9cY+bZk344zT/iepAwhtXu/TSUwxJySznTOd7K7jRfxOuL8e1AzP3kHMqYKKFAr2Ociu7F8YxgT3Ggd7SH5BcWJ+y/752xBeCOL/sOrg==,iv:GOs51bm3nYGh7np18se+Pvpvq8AN+LVQH7T9wcGtj1w=,tag:g3DtlfMef2NGDpe16E/nww==,type:str]
|
|
||||||
wakatime-cfg: ENC[AES256_GCM,data:qv8pJg0JqzCnOghN3qXtvYHAmUAZ7SLk7fZvAWktQkr/VvwhzZdilLFTkacvvMnlydseVYJKkmWMYdTqxHvit6QAiyujmzOP2H9IRc99vGx8HRB/ooHJPepdXbifMqMz9oE=,iv:0wzTqCM8MxAAP8JFsyrv0m2u83EMraHIfBqhSofbY2Q=,tag:Iz6LCTBoXd0x6d0eSl2nhA==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age: []
|
|
||||||
lastmodified: "2023-11-11T16:28:50Z"
|
|
||||||
mac: ENC[AES256_GCM,data:A77Dy8s77s/i84hqvJHYxMnKnXpfsvdz5tNU9gwYv1ai9UyminrzXxzw4OEnr6COR5fCK3BV+vVzYxSI535WU9Lt0yvrK/DZTFea+xhvsvb+OkXWsFgPB0zMe0JBd8LKa9Z7IEuMrSDy2JRKiZyKDprM33KmfBOsaJde8kFkflI=,iv:b3oZEWtlLgT+eZvnIILGpJ4kgViiNz6xEdkogQZ35Qk=,tag:KZlGdo6RWpRMifDvoM/NHQ==,type:str]
|
|
||||||
pgp:
|
|
||||||
- created_at: "2023-01-31T05:46:40Z"
|
|
||||||
enc: |
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hF4DAAAAAAAAAAASAQdAVvQXMOXKNhsEhO/niK0+M6eVZOhp5h2xZfRgdKaeDAMw
|
|
||||||
KUwc9D6b2HdD2kTQpn38gzi97P0NLPNcjHDN6xoYj78kZ55R9NYsd+56e7Ii9KnC
|
|
||||||
0l4BfGQPaC5CJv2d8QSr+vWQFYo4KzzWYsO0FJK9iAT097bjIa27RNlGHEbmabHY
|
|
||||||
iZhD89Vy8V8Gy26craSiuDYLDoZ8FgA916CO5VsFBz1lOQmwX+byqy1EgQDplOqa
|
|
||||||
=QE21
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: a476c39610e53a689a57bd0d0b89bc45007ee9cc
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
9
home/secrets/secrets.nix
Normal file
9
home/secrets/secrets.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
let
|
||||||
|
users.winston = "age1yubikey1qfkn095xth4ukxjye98ew4ul6xdkyz7sek0hd67yfjs5z6tv7q9jgnfchls";
|
||||||
|
systems.sashimi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIINxJEAR1Ql8bZqKgGmrnxvu5zwz+znis+RZo8jx0o0f";
|
||||||
|
default = [users.winston systems.sashimi];
|
||||||
|
in {
|
||||||
|
"home/secrets/aerc-personal.conf.age".publicKeys = default;
|
||||||
|
"home/secrets/gitconfig-work.age".publicKeys = default;
|
||||||
|
"home/secrets/wakatime.cfg.age".publicKeys = default;
|
||||||
|
}
|
|
@ -1,6 +0,0 @@
|
||||||
{config, ...}: {
|
|
||||||
sops = {
|
|
||||||
gnupg.home = config.programs.gpg.homedir;
|
|
||||||
defaultSopsFile = ./main.yaml;
|
|
||||||
};
|
|
||||||
}
|
|
10
home/secrets/wakatime.cfg.age
Normal file
10
home/secrets/wakatime.cfg.age
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> piv-p256 ML6NcA AoSi1hXuwt58WI4cr1nbHB0q5bmCAynsvn0WmLRtapPn
|
||||||
|
sE1zLn8L5BbL5jkTYTcUfWReFNuCLJaLOzkNHM3ivvg
|
||||||
|
-> ssh-ed25519 77w9rQ vGgv2nsE+vZt4LbVqyC0yukpaTB3+qji7c0404birEM
|
||||||
|
IO0ZCeZPLFX6tAzEYrjLJ3+rZoFmBY3nkd2c3pyZX4Q
|
||||||
|
--- P/DFeVKEfCEJdhTf7n2roAcCXIoFwwVzPMrH8iUBACI
|
||||||
|
–ýĆ$”‡ToË°
|
||||||
|
gW[=oş€f‹r
fJfHÓ/ĎŻ9.lˇcw`~†|źx™'OővţMšKÝÇ#:eb:
|
||||||
|
˝ô´Ö¶ą†ŐˇôŁĂxaÓ®‹dĎ3ĐŠł(Î\F·‡Ąőçń^cíĐčw
|
||||||
|
”ŕö˙ł…|«č•6ÇzŐŹÂ:´cÚ
|
|
@ -27,7 +27,6 @@ in {
|
||||||
NPM_CONFIG_USERCONFIG = "${configHome}/npm/npmrc";
|
NPM_CONFIG_USERCONFIG = "${configHome}/npm/npmrc";
|
||||||
RUSTUP_HOME = "${dataHome}/rustup";
|
RUSTUP_HOME = "${dataHome}/rustup";
|
||||||
W3M_DIR = "${dataHome}/w3m";
|
W3M_DIR = "${dataHome}/w3m";
|
||||||
WAKATIME_HOME = "${configHome}/wakatime";
|
|
||||||
WINEPREFIX = "${dataHome}/wine";
|
WINEPREFIX = "${dataHome}/wine";
|
||||||
};
|
};
|
||||||
sessionPath = [
|
sessionPath = [
|
||||||
|
|
Loading…
Reference in a new issue