pupbrained/nix-config
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

move secrets into flake so i dont need impure anymore

Browse source
This commit is contained in:
Mars 2024-07-31 00:33:42 -04:00
parent 5b0a9850bc
commit ad4158596a
Signed by: pupbrained
GPG key ID: 0FF5B8826803F895
5 changed files with 22 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flake.in.nix
View file

@ -88,7 +88,7 @@
git git
nvfetcher nvfetcher
statix statix
(writeScriptBin "build" "nix fmt && nh os switch . -- --impure") (writeScriptBin "build" "nix fmt && flake switch")
(writeScriptBin "up" "nix flake update") (writeScriptBin "up" "nix flake update")
]; ];
}; };

1
flake.nix
View file

@ -1,5 +1,4 @@
# Do not modify! This file is generated. # Do not modify! This file is generated.
{ {
inputs = { inputs = {
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";

10
secrets/passwd.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 Rnre+g OUN16bvLoM64rGq1M1TkQyRBOHygfDfhlQ5GS+8tZ1A
m3TVkE8x+XycNBUGMEPNO24kZT+vlCVCPM/IP44hTt8
-> ssh-ed25519 TwwU0w GA9PhE+RTCMGgV4UP/Km0ok8d6T/lEiqC2pRilhd+h8
uELdOpsKjQacjZooio7PMN/qjT5gHt+8ofaKNZNjJCo
--- S7SPN5ps/jdCjG+3c6aN6UgKC958ISDvJx7UjVDwrFQ
/Òä<C392>Ø÷;Ô@é¶Ã2ˆ¢öW/Œ){ä!1*ÎÂî»Ø 4¢ÓÕöÎZ`Êd‡*t ;DÌ
xŸÒÊÞK%Ǫ‰r_ŒÓ]Oœ±¤¥Ä†=\N¹ô¬à
…Ÿ·Öeüz 1y0ݿÓÒèoþpnÿ,˜cÒÔÑÀðµ
ò.

6
secrets/secrets.nix Normal file
View file

@ -0,0 +1,6 @@
let
marshall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2vmQG3o3yMTXUbHYM7evCpUo/V+gK8Lofajt/hEjrB navis";
system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJe8dn/plNp53zGSzHTZjjrQbo94WWMZf7508agyIwQQ agenix";
in {
"passwd.age".publicKeys = [marshall system];
}

9
systems/x86_64-linux/navis/default.nix
View file

@ -51,7 +51,7 @@ with lib // pkgs // inputs; {
''; '';
age = { age = {
secrets.passwd.file = /etc/secrets/passwd.age; secrets.passwd.file = "${self}/secrets/passwd.age";
identityPaths = ["/persist/root/.ssh/id_ed25519"]; identityPaths = ["/persist/root/.ssh/id_ed25519"];
}; };
@ -102,7 +102,7 @@ with lib // pkgs // inputs; {
systemPackages = [ systemPackages = [
agenix.packages.${system}.default agenix.packages.${system}.default
gnome.nautilus nautilus
internal.lightly-boehs-qt6 internal.lightly-boehs-qt6
looking-glass-client looking-glass-client
snowfallorg.flake snowfallorg.flake
@ -119,7 +119,6 @@ with lib // pkgs // inputs; {
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/etc/NetworkManager" "/etc/NetworkManager"
"/etc/secrets"
"/etc/ssh" "/etc/ssh"
"/root/.ssh" "/root/.ssh"
"/var/lib/bluetooth" "/var/lib/bluetooth"
@ -468,9 +467,9 @@ with lib // pkgs // inputs; {
bluetooth.enable = true; bluetooth.enable = true;
i2c.enable = true; i2c.enable = true;
opengl = { graphics = {
enable = true; enable = true;
driSupport32Bit = true; enable32Bit = true;
extraPackages = [ extraPackages = [
vaapiVdpau vaapiVdpau
nvidia-vaapi-driver nvidia-vaapi-driver