Add agenix and secret files

2022-06-24 19:48:19 +01:00
parent 2d5f24059a
commit 6a0f22f4a4
7 changed files with 73 additions and 8 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,25 @@
 {
  "nodes": {
+    "agenix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1652712410,
+        "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
    "flake-compat": {
      "flake": false,
      "locked": {
@@ -42,11 +62,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1655199284,
-        "narHash": "sha256-R/g2ZWplGWVOfm2TyB4kR+YcOE/uWkgjkYrl/RYgJ/U=",
+        "lastModified": 1655928858,
+        "narHash": "sha256-qVOcb7WVDiqs2yseZwCZRsKT0be8bF3NZufdBZVvZXU=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "87d30c164849a7471d99749aa4d2d28b81564f69",
+        "rev": "e622bad16372aa5ada79a7fa749ec78715dffc54",
        "type": "github"
      },
      "original": {
@@ -80,11 +100,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1655130522,
-        "narHash": "sha256-5dzlxE4okyu+M39yeVtHWQXzDZQxFF5rUB1iY9R6Lb4=",
+        "lastModified": 1655807518,
+        "narHash": "sha256-5YV29Ry/DpAJc/0Hc/+ISVBAjwHpJvAkeKkcUG5lWsc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "13f08d71ceff5101321e0291854495a1ec153a5e",
+        "rev": "a72d7811be1162dd6804c4e36e5402d76fb6e921",
        "type": "github"
      },
      "original": {
@@ -97,10 +117,10 @@
      "flake": false,
      "locked": {
        "lastModified": 1653339422,
-        "narHash": "sha256-8nc7lcYOgih3YEmRMlBwZaLLJYpLPYKBlewqHqx8ieg=",
+        "narHash": "sha256-RNLq09vfj21TyYuUCeD6BNTNC6Ew8bLhQULZytN4Xx8=",
        "owner": "rycee",
        "repo": "nmd",
-        "rev": "9e7a20e6ee3f6751f699f79c0b299390f81f7bcd",
+        "rev": "91dee681dd1c478d6040a00835d73c0f4a4c5c29",
        "type": "gitlab"
      },
      "original": {
@@ -127,6 +147,7 @@
    },
    "root": {
      "inputs": {
+        "agenix": "agenix",
        "home-manager": "home-manager",
        "i3utils": "i3utils",
        "nixpkgs": "nixpkgs"
--- a/flake.nix
+++ b/flake.nix
@@ -4,6 +4,9 @@
  inputs = {
    nixpkgs.url = "nixpkgs/nixos-unstable";

+    agenix.url = "github:ryantm/agenix";
+    agenix.inputs.nixpkgs.follows = "nixpkgs";
+
    i3utils.url = "git+https://git.sr.ht/~dpatterbee/i3utils?ref=main";
    i3utils.inputs.nixpkgs.follows = "nixpkgs";

@@ -13,6 +16,7 @@

  outputs = {
    nixpkgs,
+    agenix,
    home-manager,
    i3utils,
    ...
@@ -39,6 +43,8 @@
        modules = [
          ./hosts/${hostname}/configuration.nix

+          agenix.nixosModule
+
          home-manager.nixosModules.home-manager
          {
            home-manager = {
--- a/secrets/dungflix_bucket_account_id.age
+++ b/secrets/dungflix_bucket_account_id.age
--- a/secrets/dungflix_bucket_account_key.age
+++ b/secrets/dungflix_bucket_account_key.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 qMgRFg Irqb4iQcHTUETqD+BBPoFr1QQIV02dJROYYdSpEn2Ho
+KlVjho++RUyFXS6AGz29OsI9TLxqW2TxHjJ1BqJ64Js
+-> ssh-ed25519 GzHGXw +XEY0p4nuuCTh7uTqD8aQgtZCf4FOYJgRqC73j4/Eyg
+5T26V3HGw3ULr+CH2T3zHWEKdswMhh6GcaaRunwIBRk
+-> oW+3SZ8-grease
+4UsmhTo2j4j9ADkyfpJYwA/tgI9QyoVg0Q5+SnRgoCEUNIXEtisUDb6tA0d38ESG
+GWo88UlYRxprf0pkHoSbOWuwkm30TBrLZDdCpD9l
+--- G7UoTANfq7HpiI86CFlCwJrVNaAZB5JHfoCQDNHdj2g
+	m	i<><69><17>C<EFBFBD><43><EFBFBD>oM<6F><4D>c<EFBFBD>*<2A>k<><6B><EFBFBD><EFBFBD><13><><14><>+L{N-j<><6A><EFBFBD><<3C>֪GH?<3F><><EFBFBD>}<04><><EFBFBD>i<EFBFBD>?<3F><>
--- a/secrets/rclone_password1.age
+++ b/secrets/rclone_password1.age
--- a/secrets/rclone_password2.age
+++ b/secrets/rclone_password2.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 qMgRFg BcsMQY9b21NALs0qC3BIzYJLmHl+iqhlKurRaZjIIn8
+yUN3kyNLaNKH8SUHgWvA/EuwTw3s9OU6sPcAHMcQ6lY
+-> ssh-ed25519 GzHGXw QeD6eWwzR7ccY/x+rs3AKZ9kFD9BDOkaF8uzLRf0BlA
+ARniDbHJi5t5/mEKFswtmd+ZG424pDUdS+l7Umv2AWo
+-> 3)d;D-grease FrB X180'+kS
+B6Z9HlNtDDwcSa84HNMIu2m22lOWefB4WBZ9L8dmSZ3CMqXIO+27Jc6OQpVS/ccK
+kvxN1bwlm3UR2lP2ST1UrCY
+--- 106DypKv/vMwxTx+8pA6B3EfcVX73XezJa4rD67Y3/g
+o<EFBFBD>M+<2B>ϝ\<5C><>Z<EFBFBD><5A>7<1E><><EFBFBD>V<EFBFBD><56>:lu<6C>ge]<5D>{9<><39><EFBFBD>!-s<><73>'t<>)8f<38>0<>[܇=g
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -0,0 +1,18 @@
+let
+  user1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJKbz+TjCBCQyGT1OIdyJp6NVldLekiZKZLHgLC3WyKW pingbox";
+  user2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBdj2kyVl2sbv6Y5kuUfyjszCs7nQWr+3rwaPiRiYDxj miniding";
+  user3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0Ps8eEFIkLe863bisGvSIVXZqedp9z5AC8RKyvZtcA me@danielpatterson.dev";
+  user4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOjVwYfjyZ7kd7idwfGNtS62VKAc34WIsjQvypMe0d8N dingserver";
+  users = [user1 user2 user3 user4];
+
+  # dingbox
+  system1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKvWmwFd0xZcF0HcyhmemvT5Q8rHOW/fQ56IoLSVAljv root@nixos";
+  # dingserver
+  system2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwfy5oG1heHoQlZgrTxqlW+oOTB8NdNcNm1IpKyqfIA root@nixos";
+  systems = [system1 system2];
+in {
+  "rclone_password1.age".publicKeys = [user4 system2];
+  "rclone_password2.age".publicKeys = [user4 system2];
+  "dungflix_bucket_account_id.age".publicKeys = [user4 system2];
+  "dungflix_bucket_account_key.age".publicKeys = [user4 system2];
+}