diff --git a/flake.lock b/flake.lock index 00a2c21..36a52f8 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1716561646, + "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", + "owner": "ryantm", + "repo": "agenix", + "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "blobs": { "flake": false, "locked": { @@ -20,7 +41,7 @@ "inputs": { "flake-compat": "flake-compat", "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -37,10 +58,32 @@ "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "emacs-overlay": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { @@ -60,7 +103,7 @@ "filehost": { "inputs": { "cargo2nix": "cargo2nix", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "rust-overlay": "rust-overlay_2", "utils": "utils" }, @@ -222,7 +265,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1710146030, @@ -313,6 +356,27 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -366,8 +430,8 @@ "hyprcursor": "hyprcursor", "hyprlang": "hyprlang", "hyprwayland-scanner": "hyprwayland-scanner", - "nixpkgs": "nixpkgs_5", - "systems": "systems_2", + "nixpkgs": "nixpkgs_6", + "systems": "systems_3", "xdph": "xdph" }, "locked": { @@ -388,7 +452,7 @@ }, "hyprland-contrib": { "inputs": { - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1716228712, @@ -544,7 +608,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1716686274, @@ -562,11 +626,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1716509168, - "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { @@ -616,119 +680,7 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1654275867, - "narHash": "sha256-pt14ZE4jVPGvfB2NynGsl34pgXfOqum5YJNpDK4+b9E=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7a20c208aacf4964c19186dcad51f89165dc7ed0", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "release-22.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1667085444, - "narHash": "sha256-1SAlbifAAb+u8n52DUk6mB5oWv95o0qwRMHOMH3bS5g=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "15093c384e8a099930d966232c79359b14adcb5a", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "release-22.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1665296151, - "narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "14ccaaedd95a488dd7ae142757884d8e125b3363", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1716330097, - "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1712163089, - "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1716619601, - "narHash": "sha256-9dUxZf8MOqJH3vjbhrz7LH4qTcnRsPSBU1Q50T7q/X8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "47e03a624662ce399e55c45a5f6da698fc72c797", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { - "locked": { - "lastModified": 1716715802, - "narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_9": { + "nixpkgs_10": { "locked": { "lastModified": 1716588411, "narHash": "sha256-CdAZ3o459+1mAgILcdJfMBQAwUXupVe2cVTknvxs5kQ=", @@ -744,13 +696,141 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1716509168, + "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1654275867, + "narHash": "sha256-pt14ZE4jVPGvfB2NynGsl34pgXfOqum5YJNpDK4+b9E=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7a20c208aacf4964c19186dcad51f89165dc7ed0", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "release-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1667085444, + "narHash": "sha256-1SAlbifAAb+u8n52DUk6mB5oWv95o0qwRMHOMH3bS5g=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "15093c384e8a099930d966232c79359b14adcb5a", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "release-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1665296151, + "narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "14ccaaedd95a488dd7ae142757884d8e125b3363", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1716330097, + "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1712163089, + "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1716619601, + "narHash": "sha256-9dUxZf8MOqJH3vjbhrz7LH4qTcnRsPSBU1Q50T7q/X8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "47e03a624662ce399e55c45a5f6da698fc72c797", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1716715802, + "narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nvim-overlay": { "inputs": { "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_3", "hercules-ci-effects": "hercules-ci-effects", "neovim-src": "neovim-src", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "pre-commit-hooks": "pre-commit-hooks" }, "locked": { @@ -796,16 +876,17 @@ }, "root": { "inputs": { + "agenix": "agenix", "emacs-overlay": "emacs-overlay", "filehost": "filehost", "flake-parts": "flake-parts", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "hyprland": "hyprland", "hyprland-contrib": "hyprland-contrib", "mailserver": "mailserver", "nbfc": "nbfc", "nix-gaming": "nix-gaming", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nvim-overlay": "nvim-overlay", "stable": "stable" } @@ -840,7 +921,7 @@ "rust-overlay_2": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1667011705, @@ -888,6 +969,21 @@ } }, "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -902,7 +998,7 @@ "type": "github" } }, - "systems_3": { + "systems_4": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -917,7 +1013,7 @@ "type": "github" } }, - "systems_4": { + "systems_5": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -949,7 +1045,7 @@ }, "utils_2": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1709126324, @@ -967,7 +1063,7 @@ }, "utils_3": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1710146030, diff --git a/flake.nix b/flake.nix index 1f0ba60..a6676cf 100644 --- a/flake.nix +++ b/flake.nix @@ -25,18 +25,16 @@ emacs-overlay.url = github:nix-community/emacs-overlay; nvim-overlay = { url = github:nix-community/neovim-nightly-overlay; - # inputs.nixpkgs.url = github:nixos/nixpkgs?rev=fad51abd42ca17a60fc1d4cb9382e2d79ae31836; }; hyprland = { type = "git"; url = "https://github.com/hyprwm/Hyprland"; submodules = true; - # inputs.nixpkgs.follows = "nixpkgs"; }; hyprland-contrib = { url = github:hyprwm/contrib; - #inputs.nixpkgs.follows = "nixpkgs"; }; + agenix.url = github:ryantm/agenix; }; outputs = inputs@{ self, ... }: diff --git a/home/default.nix b/home/default.nix index 22948af..8e66689 100644 --- a/home/default.nix +++ b/home/default.nix @@ -5,49 +5,75 @@ let ./modules/programs.nix globalArgs ]; + + mkPkgs = system: import inputs.nixpkgs { + inherit system; + config = { + allowUnfree = true; + allowBroken = true; + allowInsecure = true; + }; + overlays = [ self.overlays.default ]; + }; in { - flake.homeConfigurations = { - natto = inputs.home-manager.lib.homeManagerConfiguration { - modules = [ + flake.homeConfigurations = + let + + nattoModules = [ ./natto - ./modules/secret.nix + ./modules/laptop.nix inputs.hyprland.homeManagerModules.default + inputs.agenix.homeManagerModules.default ] ++ commonModules; - pkgs = self.legacyPackages.x86_64-linux; - }; + in + { + natto-laptop = inputs.home-manager.lib.homeManagerConfiguration { + modules = nattoModules ++ [ + { laptop = true; } + ]; + pkgs = mkPkgs "x86_64-linux"; + }; - spark = inputs.home-manager.lib.homeManagerConfiguration { - modules = [{ - home = { - homeDirectory = "/home/spark"; - username = "spark"; - stateVersion = "23.05"; - }; - }] ++ commonModules; - pkgs = self.legacyPackages.aarch64-linux; - }; + natto = inputs.home-manager.lib.homeManagerConfiguration { + modules = nattoModules; + pkgs = mkPkgs "x86_64-linux"; + }; - bat = inputs.home-manager.lib.homeManagerConfiguration { - modules = [{ - home = { - homeDirectory = "/home/bat"; - username = "bat"; - stateVersion = "23.05"; - }; - }] ++ commonModules; - pkgs = self.legacyPackages.x86_64-linux; - }; + } - spin = inputs.home-manager.lib.homeManagerConfiguration { - modules = [{ - home = { - homeDirectory = "/home/spin"; - username = "spin"; - stateVersion = "23.05"; - }; - }] ++ commonModules; - pkgs = self.legacyPackages.x86_64-linux; + // { + spark = inputs.home-manager.lib.homeManagerConfiguration { + modules = [{ + home = { + homeDirectory = "/home/spark"; + username = "spark"; + stateVersion = "23.05"; + }; + }] ++ commonModules; + pkgs = self.legacyPackages.aarch64-linux; + }; + + bat = inputs.home-manager.lib.homeManagerConfiguration { + modules = [{ + home = { + homeDirectory = "/home/bat"; + username = "bat"; + stateVersion = "23.05"; + }; + }] ++ commonModules; + pkgs = self.legacyPackages.x86_64-linux; + }; + + spin = inputs.home-manager.lib.homeManagerConfiguration { + modules = [{ + home = { + homeDirectory = "/home/spin"; + username = "spin"; + stateVersion = "23.05"; + }; + }] ++ commonModules; + pkgs = self.legacyPackages.x86_64-linux; + }; }; - }; } diff --git a/home/modules/secret.nix b/home/modules/secret.nix deleted file mode 100644 index 2e89810..0000000 --- a/home/modules/secret.nix +++ /dev/null @@ -1,93 +0,0 @@ -/* Module by @ryantm in github:ryantm/agenix */ - -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.age; - ageBin = "${pkgs.rage}/bin/rage"; - users = config.users.users; - home_ = config.home.homeDirectory; - username_ = config.home.username; - identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.sshKeyPaths); - installSecret = secretType: '' - echo "decrypting ${secretType.file} to ${secretType.path}..." - TMP_FILE="${secretType.path}.tmp" - mkdir -p $(dirname ${secretType.path}) - (umask 0400; ${ageBin} --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}") - chmod ${secretType.mode} "$TMP_FILE" - chown ${secretType.owner} "$TMP_FILE" - mv -f "$TMP_FILE" '${secretType.path}' - ''; - - secretType = types.submodule ({ config, ... }: { - options = { - name = mkOption { - type = types.str; - default = config._module.args.name; - description = '' - Name of the file used in /run/secrets - ''; - }; - file = mkOption { - type = types.path; - description = '' - Age file the secret is loaded from. - ''; - }; - path = mkOption { - type = types.str; - default = "${home_}/.secrets/${config.name}"; - description = '' - Path where the decrypted secret is installed. - ''; - }; - mode = mkOption { - type = types.str; - default = "0400"; - description = '' - Permissions mode of the in octal. - ''; - }; - owner = mkOption { - type = types.str; - default = "${username_}"; - description = '' - User of the file. - ''; - }; - }; - }); -in -{ - - options.age = { - secrets = mkOption { - type = types.attrsOf secretType; - default = { }; - description = '' - Attrset of secrets. - ''; - }; - - sshKeyPaths = mkOption { - type = types.listOf types.path; - default = [ ]; - description = '' - Path to SSH keys to be used as identities in age decryption. - ''; - }; - }; - config = mkIf (cfg.secrets != { }) { - assertions = [{ - assertion = cfg.sshKeyPaths != [ ]; - message = "age.sshKeyPaths must be set."; - }]; - home.activation = { - decryptSecrets = lib.hm.dag.entryBefore [ "writeBoundary" ] (concatStrings (map installSecret (builtins.attrValues cfg.secrets))); - }; - }; -} - - diff --git a/home/natto/stuff.nix b/home/natto/stuff.nix index 80dd100..60dd4e5 100644 --- a/home/natto/stuff.nix +++ b/home/natto/stuff.nix @@ -4,7 +4,7 @@ userDirs.enable = true; }; - age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; + age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; home = { pointerCursor = {