natto1784/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

home: use agenix modules via flake

Browse Source 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
This commit is contained in:
Amneesh Singh
2024-05-28 06:21:56 +05:30
parent 2831c62ee2
commit 51281913ac
5 changed files with 292 additions and 265 deletions
Download Patch File Download Diff File Expand all files Collapse all files

360
flake.lock generated
View File

@@ -1,5 +1,26 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1716561646,
"narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
"owner": "ryantm",
"repo": "agenix",
"rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
@@ -20,7 +41,7 @@
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay"
},
"locked": {
@@ -37,10 +58,32 @@
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"emacs-overlay": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
@@ -60,7 +103,7 @@
"filehost": {
"inputs": {
"cargo2nix": "cargo2nix",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"rust-overlay": "rust-overlay_2",
"utils": "utils"
},
@@ -222,7 +265,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
@@ -313,6 +356,27 @@
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
@@ -366,8 +430,8 @@
"hyprcursor": "hyprcursor",
"hyprlang": "hyprlang",
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": "nixpkgs_5",
"systems": "systems_2",
"nixpkgs": "nixpkgs_6",
"systems": "systems_3",
"xdph": "xdph"
},
"locked": {
@@ -388,7 +452,7 @@
},
"hyprland-contrib": {
"inputs": {
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1716228712,
@@ -544,7 +608,7 @@
"nix-gaming": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_7"
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1716686274,
@@ -562,11 +626,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1716509168,
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github"
},
"original": {
@@ -616,119 +680,7 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1654275867,
"narHash": "sha256-pt14ZE4jVPGvfB2NynGsl34pgXfOqum5YJNpDK4+b9E=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7a20c208aacf4964c19186dcad51f89165dc7ed0",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1667085444,
"narHash": "sha256-1SAlbifAAb+u8n52DUk6mB5oWv95o0qwRMHOMH3bS5g=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "15093c384e8a099930d966232c79359b14adcb5a",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1665296151,
"narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "14ccaaedd95a488dd7ae142757884d8e125b3363",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1716330097,
"narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1712163089,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1716619601,
"narHash": "sha256-9dUxZf8MOqJH3vjbhrz7LH4qTcnRsPSBU1Q50T7q/X8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "47e03a624662ce399e55c45a5f6da698fc72c797",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1716715802,
"narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"nixpkgs_10": {
"locked": {
"lastModified": 1716588411,
"narHash": "sha256-CdAZ3o459+1mAgILcdJfMBQAwUXupVe2cVTknvxs5kQ=",
@@ -744,13 +696,141 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1716509168,
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1654275867,
"narHash": "sha256-pt14ZE4jVPGvfB2NynGsl34pgXfOqum5YJNpDK4+b9E=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7a20c208aacf4964c19186dcad51f89165dc7ed0",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1667085444,
"narHash": "sha256-1SAlbifAAb+u8n52DUk6mB5oWv95o0qwRMHOMH3bS5g=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "15093c384e8a099930d966232c79359b14adcb5a",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1665296151,
"narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "14ccaaedd95a488dd7ae142757884d8e125b3363",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1716330097,
"narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1712163089,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1716619601,
"narHash": "sha256-9dUxZf8MOqJH3vjbhrz7LH4qTcnRsPSBU1Q50T7q/X8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "47e03a624662ce399e55c45a5f6da698fc72c797",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1716715802,
"narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nvim-overlay": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts_3",
"hercules-ci-effects": "hercules-ci-effects",
"neovim-src": "neovim-src",
"nixpkgs": "nixpkgs_9",
"nixpkgs": "nixpkgs_10",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
@@ -796,16 +876,17 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"emacs-overlay": "emacs-overlay",
"filehost": "filehost",
"flake-parts": "flake-parts",
"home-manager": "home-manager",
"home-manager": "home-manager_2",
"hyprland": "hyprland",
"hyprland-contrib": "hyprland-contrib",
"mailserver": "mailserver",
"nbfc": "nbfc",
"nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs_8",
"nixpkgs": "nixpkgs_9",
"nvim-overlay": "nvim-overlay",
"stable": "stable"
}
@@ -840,7 +921,7 @@
"rust-overlay_2": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1667011705,
@@ -888,6 +969,21 @@
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -902,7 +998,7 @@
"type": "github"
}
},
"systems_3": {
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -917,7 +1013,7 @@
"type": "github"
}
},
"systems_4": {
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -949,7 +1045,7 @@
},
"utils_2": {
"inputs": {
"systems": "systems_3"
"systems": "systems_4"
},
"locked": {
"lastModified": 1709126324,
@@ -967,7 +1063,7 @@
},
"utils_3": {
"inputs": {
"systems": "systems_4"
"systems": "systems_5"
},
"locked": {
"lastModified": 1710146030,

4
flake.nix
View File

@@ -25,18 +25,16 @@
emacs-overlay.url = github:nix-community/emacs-overlay;
nvim-overlay = {
url = github:nix-community/neovim-nightly-overlay;
# inputs.nixpkgs.url = github:nixos/nixpkgs?rev=fad51abd42ca17a60fc1d4cb9382e2d79ae31836;
};
hyprland = {
type = "git";
url = "https://github.com/hyprwm/Hyprland";
submodules = true;
# inputs.nixpkgs.follows = "nixpkgs";
};
hyprland-contrib = {
url = github:hyprwm/contrib;
#inputs.nixpkgs.follows = "nixpkgs";
};
agenix.url = github:ryantm/agenix;
};
outputs = inputs@{ self, ... }:

36
home/default.nix
View File

@@ -5,18 +5,44 @@ let
./modules/programs.nix
globalArgs
];
mkPkgs = system: import inputs.nixpkgs {
inherit system;
config = {
allowUnfree = true;
allowBroken = true;
allowInsecure = true;
};
overlays = [ self.overlays.default ];
};
in
{
flake.homeConfigurations = {
natto = inputs.home-manager.lib.homeManagerConfiguration {
modules = [
flake.homeConfigurations =
let
nattoModules = [
./natto
./modules/secret.nix
./modules/laptop.nix
inputs.hyprland.homeManagerModules.default
inputs.agenix.homeManagerModules.default
] ++ commonModules;
pkgs = self.legacyPackages.x86_64-linux;
in
{
natto-laptop = inputs.home-manager.lib.homeManagerConfiguration {
modules = nattoModules ++ [
{ laptop = true; }
];
pkgs = mkPkgs "x86_64-linux";
};
natto = inputs.home-manager.lib.homeManagerConfiguration {
modules = nattoModules;
pkgs = mkPkgs "x86_64-linux";
};
}
// {
spark = inputs.home-manager.lib.homeManagerConfiguration {
modules = [{
home = {

93
home/modules/secret.nix
View File

@@ -1,93 +0,0 @@
/* Module by @ryantm in github:ryantm/agenix */
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.age;
ageBin = "${pkgs.rage}/bin/rage";
users = config.users.users;
home_ = config.home.homeDirectory;
username_ = config.home.username;
identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.sshKeyPaths);
installSecret = secretType: ''
echo "decrypting ${secretType.file} to ${secretType.path}..."
TMP_FILE="${secretType.path}.tmp"
mkdir -p $(dirname ${secretType.path})
(umask 0400; ${ageBin} --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
chmod ${secretType.mode} "$TMP_FILE"
chown ${secretType.owner} "$TMP_FILE"
mv -f "$TMP_FILE" '${secretType.path}'
'';
secretType = types.submodule ({ config, ... }: {
options = {
name = mkOption {
type = types.str;
default = config._module.args.name;
description = ''
Name of the file used in /run/secrets
'';
};
file = mkOption {
type = types.path;
description = ''
Age file the secret is loaded from.
'';
};
path = mkOption {
type = types.str;
default = "${home_}/.secrets/${config.name}";
description = ''
Path where the decrypted secret is installed.
'';
};
mode = mkOption {
type = types.str;
default = "0400";
description = ''
Permissions mode of the in octal.
'';
};
owner = mkOption {
type = types.str;
default = "${username_}";
description = ''
User of the file.
'';
};
};
});
in
{
options.age = {
secrets = mkOption {
type = types.attrsOf secretType;
default = { };
description = ''
Attrset of secrets.
'';
};
sshKeyPaths = mkOption {
type = types.listOf types.path;
default = [ ];
description = ''
Path to SSH keys to be used as identities in age decryption.
'';
};
};
config = mkIf (cfg.secrets != { }) {
assertions = [{
assertion = cfg.sshKeyPaths != [ ];
message = "age.sshKeyPaths must be set.";
}];
home.activation = {
decryptSecrets = lib.hm.dag.entryBefore [ "writeBoundary" ] (concatStrings (map installSecret (builtins.attrValues cfg.secrets)));
};
};
}

2
home/natto/stuff.nix
View File

@@ -4,7 +4,7 @@
userDirs.enable = true;
};
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
home = {
pointerCursor = {