home: use agenix modules via flake

Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
2024-05-28 06:21:56 +05:30
parent 2831c62ee2
commit 51281913ac
5 changed files with 292 additions and 265 deletions
--- a/home/default.nix
+++ b/home/default.nix
@@ -5,49 +5,75 @@ let
    ./modules/programs.nix
    globalArgs
  ];
+
+  mkPkgs = system: import inputs.nixpkgs {
+    inherit system;
+    config = {
+      allowUnfree = true;
+      allowBroken = true;
+      allowInsecure = true;
+    };
+    overlays = [ self.overlays.default ];
+  };
 in
 {
-  flake.homeConfigurations = {
-    natto = inputs.home-manager.lib.homeManagerConfiguration {
-      modules = [
+  flake.homeConfigurations =
+    let
+
+      nattoModules = [
        ./natto
-        ./modules/secret.nix
+        ./modules/laptop.nix
        inputs.hyprland.homeManagerModules.default
+        inputs.agenix.homeManagerModules.default
      ] ++ commonModules;
-      pkgs = self.legacyPackages.x86_64-linux;
-    };
+    in
+    {
+      natto-laptop = inputs.home-manager.lib.homeManagerConfiguration {
+        modules = nattoModules ++ [
+          { laptop = true; }
+        ];
+        pkgs = mkPkgs "x86_64-linux";
+      };

-    spark = inputs.home-manager.lib.homeManagerConfiguration {
-      modules = [{
-        home = {
-          homeDirectory = "/home/spark";
-          username = "spark";
-          stateVersion = "23.05";
-        };
-      }] ++ commonModules;
-      pkgs = self.legacyPackages.aarch64-linux;
-    };
+      natto = inputs.home-manager.lib.homeManagerConfiguration {
+        modules = nattoModules;
+        pkgs = mkPkgs "x86_64-linux";
+      };

-    bat = inputs.home-manager.lib.homeManagerConfiguration {
-      modules = [{
-        home = {
-          homeDirectory = "/home/bat";
-          username = "bat";
-          stateVersion = "23.05";
-        };
-      }] ++ commonModules;
-      pkgs = self.legacyPackages.x86_64-linux;
-    };
+    }

-    spin = inputs.home-manager.lib.homeManagerConfiguration {
-      modules = [{
-        home = {
-          homeDirectory = "/home/spin";
-          username = "spin";
-          stateVersion = "23.05";
-        };
-      }] ++ commonModules;
-      pkgs = self.legacyPackages.x86_64-linux;
+    // {
+      spark = inputs.home-manager.lib.homeManagerConfiguration {
+        modules = [{
+          home = {
+            homeDirectory = "/home/spark";
+            username = "spark";
+            stateVersion = "23.05";
+          };
+        }] ++ commonModules;
+        pkgs = self.legacyPackages.aarch64-linux;
+      };
+
+      bat = inputs.home-manager.lib.homeManagerConfiguration {
+        modules = [{
+          home = {
+            homeDirectory = "/home/bat";
+            username = "bat";
+            stateVersion = "23.05";
+          };
+        }] ++ commonModules;
+        pkgs = self.legacyPackages.x86_64-linux;
+      };
+
+      spin = inputs.home-manager.lib.homeManagerConfiguration {
+        modules = [{
+          home = {
+            homeDirectory = "/home/spin";
+            username = "spin";
+            stateVersion = "23.05";
+          };
+        }] ++ commonModules;
+        pkgs = self.legacyPackages.x86_64-linux;
+      };
    };
-  };
 }
--- a/home/modules/secret.nix
+++ b/home/modules/secret.nix
@@ -1,93 +0,0 @@
-/* Module by @ryantm in github:ryantm/agenix */
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.age;
-  ageBin = "${pkgs.rage}/bin/rage";
-  users = config.users.users;
-  home_ = config.home.homeDirectory;
-  username_ = config.home.username;
-  identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.sshKeyPaths);
-  installSecret = secretType: ''
-    echo "decrypting ${secretType.file} to ${secretType.path}..." 
-    TMP_FILE="${secretType.path}.tmp"
-    mkdir -p $(dirname ${secretType.path})
-    (umask 0400; ${ageBin} --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
-    chmod ${secretType.mode} "$TMP_FILE"
-    chown ${secretType.owner} "$TMP_FILE"
-    mv -f "$TMP_FILE" '${secretType.path}'
-  '';
-
-  secretType = types.submodule ({ config, ... }: {
-    options = {
-      name = mkOption {
-        type = types.str;
-        default = config._module.args.name;
-        description = ''
-          Name of the file used in /run/secrets
-        '';
-      };
-      file = mkOption {
-        type = types.path;
-        description = ''
-          Age file the secret is loaded from.
-        '';
-      };
-      path = mkOption {
-        type = types.str;
-        default = "${home_}/.secrets/${config.name}";
-        description = ''
-          Path where the decrypted secret is installed.
-        '';
-      };
-      mode = mkOption {
-        type = types.str;
-        default = "0400";
-        description = ''
-          Permissions mode of the in octal.
-        '';
-      };
-      owner = mkOption {
-        type = types.str;
-        default = "${username_}";
-        description = ''
-          User of the file.
-        '';
-      };
-    };
-  });
-in
-{
-
-  options.age = {
-    secrets = mkOption {
-      type = types.attrsOf secretType;
-      default = { };
-      description = ''
-        Attrset of secrets.
-      '';
-    };
-
-    sshKeyPaths = mkOption {
-      type = types.listOf types.path;
-      default = [ ];
-      description = ''
-        Path to SSH keys to be used as identities in age decryption.
-      '';
-    };
-  };
-  config = mkIf (cfg.secrets != { }) {
-    assertions = [{
-      assertion = cfg.sshKeyPaths != [ ];
-      message = "age.sshKeyPaths must be set.";
-    }];
-    home.activation = {
-      decryptSecrets = lib.hm.dag.entryBefore [ "writeBoundary" ] (concatStrings (map installSecret (builtins.attrValues cfg.secrets)));
-    };
-  };
-}
-
-
--- a/home/natto/stuff.nix
+++ b/home/natto/stuff.nix
@@ -4,7 +4,7 @@
    userDirs.enable = true;
  };

-  age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
+  age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];

  home = {
    pointerCursor = {