move secrets into flake so i dont need impure anymore

2024-07-31 00:33:42 -04:00 · 2024-07-31 00:33:42 -04:00 · ad4158596a
parent 5b0a9850bc
commit ad4158596a
5 changed files with 22 additions and 8 deletions
--- a/flake.in.nix
+++ b/flake.in.nix
@ -88,7 +88,7 @@
                git
                nvfetcher
                statix
-                (writeScriptBin "build" "nix fmt && nh os switch . -- --impure")
+                (writeScriptBin "build" "nix fmt && flake switch")
                (writeScriptBin "up" "nix flake update")
              ];
            };
--- a/flake.nix
+++ b/flake.nix
@ -1,5 +1,4 @@
 # Do not modify! This file is generated.
-
 {
  inputs = {
    agenix.url = "github:ryantm/agenix";
@ -43,4 +42,4 @@
    treefmt-nix.url = "github:numtide/treefmt-nix";
  };
  outputs = inputs: inputs.flakegen ./flake.in.nix inputs;
-}
+}
--- a/secrets/passwd.age
+++ b/secrets/passwd.age
@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 Rnre+g OUN16bvLoM64rGq1M1TkQyRBOHygfDfhlQ5GS+8tZ1A
+m3TVkE8x+XycNBUGMEPNO24kZT+vlCVCPM/IP44hTt8
+-> ssh-ed25519 TwwU0w GA9PhE+RTCMGgV4UP/Km0ok8d6T/lEiqC2pRilhd+h8
+uELdOpsKjQacjZooio7PMN/qjT5gHt+8ofaKNZNjJCo
+--- S7SPN5ps/jdCjG+3c6aN6UgKC958ISDvJx7UjVDwrFQ
+/Òä<C392>Ø÷;Ô@é¶Ã2ˆ‡¢öW/Œ){ä!1*ÎÂî»Ø 4¢ÓÕöÎZ`Êd‡*›t ;DÌ
+xŸÒÊÞK%Çª‰r_ŒÓ]Oœ±¤¥Ä†=\N¹ô¬à’=â
+…Ÿ·Öeüz
1y0Ý¿Ã“Òèoþpn’ÿ,˜cÒÔÑÀðµ
+ò.
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,6 @@
+let
+  marshall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2vmQG3o3yMTXUbHYM7evCpUo/V+gK8Lofajt/hEjrB navis";
+  system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJe8dn/plNp53zGSzHTZjjrQbo94WWMZf7508agyIwQQ agenix";
+in {
+  "passwd.age".publicKeys = [marshall system];
+}
--- a/systems/x86_64-linux/navis/default.nix
+++ b/systems/x86_64-linux/navis/default.nix
@ -51,7 +51,7 @@ with lib // pkgs // inputs; {
  '';

  age = {
-    secrets.passwd.file = /etc/secrets/passwd.age;
+    secrets.passwd.file = "${self}/secrets/passwd.age";
    identityPaths = ["/persist/root/.ssh/id_ed25519"];
  };

@ -102,7 +102,7 @@ with lib // pkgs // inputs; {

    systemPackages = [
      agenix.packages.${system}.default
-      gnome.nautilus
+      nautilus
      internal.lightly-boehs-qt6
      looking-glass-client
      snowfallorg.flake
@ -119,7 +119,6 @@ with lib // pkgs // inputs; {
      hideMounts = true;
      directories = [
        "/etc/NetworkManager"
-        "/etc/secrets"
        "/etc/ssh"
        "/root/.ssh"
        "/var/lib/bluetooth"
@ -468,9 +467,9 @@ with lib // pkgs // inputs; {
    bluetooth.enable = true;
    i2c.enable = true;

-    opengl = {
+    graphics = {
      enable = true;
-      driSupport32Bit = true;
+      enable32Bit = true;
      extraPackages = [
        vaapiVdpau
        nvidia-vaapi-driver