From 6a0f22f4a496931a8be5446ce0a0b047ace9a194 Mon Sep 17 00:00:00 2001
From: Daniel Patterson <me@danielpatterson.dev>
Date: Fri, 24 Jun 2022 19:48:19 +0100
Subject: [PATCH] Add agenix and secret files

---
 flake.lock                              |  37 +++++++++++++++++++-----
 flake.nix                               |   6 ++++
 secrets/dungflix_bucket_account_id.age  | Bin 0 -> 436 bytes
 secrets/dungflix_bucket_account_key.age |  10 +++++++
 secrets/rclone_password1.age            | Bin 0 -> 440 bytes
 secrets/rclone_password2.age            |  10 +++++++
 secrets/secrets.nix                     |  18 ++++++++++++
 7 files changed, 73 insertions(+), 8 deletions(-)
 create mode 100644 secrets/dungflix_bucket_account_id.age
 create mode 100644 secrets/dungflix_bucket_account_key.age
 create mode 100644 secrets/rclone_password1.age
 create mode 100644 secrets/rclone_password2.age
 create mode 100644 secrets/secrets.nix

diff --git a/flake.lock b/flake.lock
index 92f2997..49aacfd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,25 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1652712410,
+        "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -42,11 +62,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1655199284,
-        "narHash": "sha256-R/g2ZWplGWVOfm2TyB4kR+YcOE/uWkgjkYrl/RYgJ/U=",
+        "lastModified": 1655928858,
+        "narHash": "sha256-qVOcb7WVDiqs2yseZwCZRsKT0be8bF3NZufdBZVvZXU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "87d30c164849a7471d99749aa4d2d28b81564f69",
+        "rev": "e622bad16372aa5ada79a7fa749ec78715dffc54",
         "type": "github"
       },
       "original": {
@@ -80,11 +100,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1655130522,
-        "narHash": "sha256-5dzlxE4okyu+M39yeVtHWQXzDZQxFF5rUB1iY9R6Lb4=",
+        "lastModified": 1655807518,
+        "narHash": "sha256-5YV29Ry/DpAJc/0Hc/+ISVBAjwHpJvAkeKkcUG5lWsc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "13f08d71ceff5101321e0291854495a1ec153a5e",
+        "rev": "a72d7811be1162dd6804c4e36e5402d76fb6e921",
         "type": "github"
       },
       "original": {
@@ -97,10 +117,10 @@
       "flake": false,
       "locked": {
         "lastModified": 1653339422,
-        "narHash": "sha256-8nc7lcYOgih3YEmRMlBwZaLLJYpLPYKBlewqHqx8ieg=",
+        "narHash": "sha256-RNLq09vfj21TyYuUCeD6BNTNC6Ew8bLhQULZytN4Xx8=",
         "owner": "rycee",
         "repo": "nmd",
-        "rev": "9e7a20e6ee3f6751f699f79c0b299390f81f7bcd",
+        "rev": "91dee681dd1c478d6040a00835d73c0f4a4c5c29",
         "type": "gitlab"
       },
       "original": {
@@ -127,6 +147,7 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "home-manager": "home-manager",
         "i3utils": "i3utils",
         "nixpkgs": "nixpkgs"
diff --git a/flake.nix b/flake.nix
index 4c32e5a..b7cc8d9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,6 +4,9 @@
   inputs = {
     nixpkgs.url = "nixpkgs/nixos-unstable";
 
+    agenix.url = "github:ryantm/agenix";
+    agenix.inputs.nixpkgs.follows = "nixpkgs";
+
     i3utils.url = "git+https://git.sr.ht/~dpatterbee/i3utils?ref=main";
     i3utils.inputs.nixpkgs.follows = "nixpkgs";
 
@@ -13,6 +16,7 @@
 
   outputs = {
     nixpkgs,
+    agenix,
     home-manager,
     i3utils,
     ...
@@ -39,6 +43,8 @@
         modules = [
           ./hosts/${hostname}/configuration.nix
 
+          agenix.nixosModule
+
           home-manager.nixosModules.home-manager
           {
             home-manager = {
diff --git a/secrets/dungflix_bucket_account_id.age b/secrets/dungflix_bucket_account_id.age
new file mode 100644
index 0000000000000000000000000000000000000000..d847973fe19d63e67f7f66f6fc04a468a1959269
GIT binary patch
literal 436
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH^i2<POIOI%H_6ow
zjZ8Mlh=?%pOEd6v^YC=4D)R~{tH|<COUcQqDz8d&@hM2l4&^c{PY-cU^7AS;aY{@x
zbN13UsYrDV3~_XH&UOy7$Z$3{vJ4K)EKMs)G(oq`y~@KqqFf=;ztS+m)7#uP$FSTz
z$Rp1(v??{n!_h6>)2P7DH_#;C)W5*lph!C)vzW^%A}ur7Bg#FpFfY}_N#8W1#L2HP
z(>bFmJW)HdG`GSlz^%m0$UVv1q#R^hjfJCbdQoa(ajHT|lA1!XjfO&&r9zdC2A5-q
zyGx~sacF9$OOk<UURb`Ru}^MFaBifpNxE@LmU)tee@c>{iMd&LfvcZMc3x&_sH<yw
zfs21Rm#(g^f~iYNs!LW>YMDopM{s6}MTS>EXj+9!VOG9@i?5SoS(ZyqdWcDci(9!b
zm$0)Q^F9CjyFRWyyz7!eD8v2YZu!fzpW5&)yLB;AWn1uuwljIs2QK|=+;m-OyP{g&
PgfpqJGRr<4&CUb>$zqk%

literal 0
HcmV?d00001

diff --git a/secrets/dungflix_bucket_account_key.age b/secrets/dungflix_bucket_account_key.age
new file mode 100644
index 0000000..47d0670
--- /dev/null
+++ b/secrets/dungflix_bucket_account_key.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 qMgRFg Irqb4iQcHTUETqD+BBPoFr1QQIV02dJROYYdSpEn2Ho
+KlVjho++RUyFXS6AGz29OsI9TLxqW2TxHjJ1BqJ64Js
+-> ssh-ed25519 GzHGXw +XEY0p4nuuCTh7uTqD8aQgtZCf4FOYJgRqC73j4/Eyg
+5T26V3HGw3ULr+CH2T3zHWEKdswMhh6GcaaRunwIBRk
+-> oW+3SZ8-grease
+4UsmhTo2j4j9ADkyfpJYwA/tgI9QyoVg0Q5+SnRgoCEUNIXEtisUDb6tA0d38ESG
+GWo88UlYRxprf0pkHoSbOWuwkm30TBrLZDdCpD9l
+--- G7UoTANfq7HpiI86CFlCwJrVNaAZB5JHfoCQDNHdj2g
+	m	i³™ÑC¿ú‰oM§Þc¼*‡k€ÙíÀ²ž®—+L{N-j„ü˜<äÖªGH? —º}û´æi–?€˜
\ No newline at end of file
diff --git a/secrets/rclone_password1.age b/secrets/rclone_password1.age
new file mode 100644
index 0000000000000000000000000000000000000000..c1a0e052490a64b90c274f27f7fc2fdf47d21c25
GIT binary patch
literal 440
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH^i2<POIJt@3No!U
zajS3(39$@~D9g*zwn+8M3-L4wDoip9DAi7hba%>gGK+L{$>uV3H8xDC2+GLw%E-ts
z2{8`IP4)=LGAN12aWQt&cCB#J_s%qp)c1^XF+sP@y~@KqqFf=TNI%3su+%Um!yv$?
zDmBnDBfr4Z%_2FpDxk=%I4dwUBQwvb*wsBCGo4G@(?2l8IHMxdIoQ0=+t?#NGu0<4
zB`d_Kq$tZX+#^3PxwOJP%_1kz%MoOoTBUA!QEFmwszQN6Nw$xhLU>hpoQ9>J373~!
zex81rNnn0%vAdH;scW)Rh<{{wMXGCNUUq(EsAEcGPGMR}T2)%Ovl*AJuC9Wkc8G^j
zWVU}{W_n>%ZbW36znfpSZ<K|BM^cDqYN~sAsk2#fxOZ@XvoDv&WC4bPU!~hWZdkB(
z@BbBFKiv|(^fG_G(gvkBGg4~ze|*8dhJQx$vXyeeF*=Qmo7Sael^#5O@xXPLqUAeY
Vzgc$s;zrYXC+hkXrrOFd0|1bxpF98n

literal 0
HcmV?d00001

diff --git a/secrets/rclone_password2.age b/secrets/rclone_password2.age
new file mode 100644
index 0000000..40a4a78
--- /dev/null
+++ b/secrets/rclone_password2.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 qMgRFg BcsMQY9b21NALs0qC3BIzYJLmHl+iqhlKurRaZjIIn8
+yUN3kyNLaNKH8SUHgWvA/EuwTw3s9OU6sPcAHMcQ6lY
+-> ssh-ed25519 GzHGXw QeD6eWwzR7ccY/x+rs3AKZ9kFD9BDOkaF8uzLRf0BlA
+ARniDbHJi5t5/mEKFswtmd+ZG424pDUdS+l7Umv2AWo
+-> 3)d;D-grease FrB X180'+kS
+B6Z9HlNtDDwcSa84HNMIu2m22lOWefB4WBZ9L8dmSZ3CMqXIO+27Jc6OQpVS/ccK
+kvxN1bwlm3UR2lP2ST1UrCY
+--- 106DypKv/vMwxTx+8pA6B3EfcVX73XezJa4rD67Y3/g
+oÊM+Ï\÷žZÔÄ7»žV·š:luŒge]›{9òøõ!-s•®'t‡)8fß0”[Ü‡=g
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..15a45be
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,18 @@
+let
+  user1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJKbz+TjCBCQyGT1OIdyJp6NVldLekiZKZLHgLC3WyKW pingbox";
+  user2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBdj2kyVl2sbv6Y5kuUfyjszCs7nQWr+3rwaPiRiYDxj miniding";
+  user3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0Ps8eEFIkLe863bisGvSIVXZqedp9z5AC8RKyvZtcA me@danielpatterson.dev";
+  user4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOjVwYfjyZ7kd7idwfGNtS62VKAc34WIsjQvypMe0d8N dingserver";
+  users = [user1 user2 user3 user4];
+
+  # dingbox
+  system1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKvWmwFd0xZcF0HcyhmemvT5Q8rHOW/fQ56IoLSVAljv root@nixos";
+  # dingserver
+  system2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwfy5oG1heHoQlZgrTxqlW+oOTB8NdNcNm1IpKyqfIA root@nixos";
+  systems = [system1 system2];
+in {
+  "rclone_password1.age".publicKeys = [user4 system2];
+  "rclone_password2.age".publicKeys = [user4 system2];
+  "dungflix_bucket_account_id.age".publicKeys = [user4 system2];
+  "dungflix_bucket_account_key.age".publicKeys = [user4 system2];
+}