Testing agenix
This commit is contained in:
parent
20096d7527
commit
6691865feb
94
flake.lock
94
flake.lock
|
@ -1,6 +1,69 @@
|
|||
{
|
||||
"nodes": {
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"home-manager": "home-manager",
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1690228878,
|
||||
"narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "d8c973fd228949736dedf61b7f8cc1ece3236792",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1673295039,
|
||||
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lnl7",
|
||||
"ref": "master",
|
||||
"repo": "nix-darwin",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682203081,
|
||||
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
|
@ -22,7 +85,7 @@
|
|||
},
|
||||
"nixinate": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs"
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688141737,
|
||||
|
@ -75,6 +138,22 @@
|
|||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1677676435,
|
||||
"narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1653060744,
|
||||
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
|
||||
|
@ -90,13 +169,13 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1693844670,
|
||||
"narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=",
|
||||
"lastModified": 1694032533,
|
||||
"narHash": "sha256-I8cfCV/4JNJJ8KHOTxTU1EphKT8ARSb4s9pq99prYV0=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1",
|
||||
"rev": "efd23a1c9ae8c574e2ca923c2b2dc336797f4cc4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -108,10 +187,11 @@
|
|||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"home-manager": "home-manager",
|
||||
"agenix": "agenix",
|
||||
"home-manager": "home-manager_2",
|
||||
"nixinate": "nixinate",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
description = "Nix flake for my infrastructure";
|
||||
inputs = {
|
||||
agenix.url = "github:ryantm/agenix";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
nixinate.url = "github:matthewcroughan/nixinate";
|
||||
home-manager.url = "github:nix-community/home-manager";
|
||||
|
@ -11,7 +12,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager }:
|
||||
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix }:
|
||||
let
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
in {
|
||||
|
@ -96,6 +97,7 @@
|
|||
system = "x86_64-linux";
|
||||
modules = [
|
||||
(import ./nix/nas/configuration.nix)
|
||||
agenix.nixosModules.default
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.users.gsimmer = import ./nix/nas/home.nix;
|
||||
|
|
|
@ -6,6 +6,8 @@
|
|||
./hardware.nix
|
||||
];
|
||||
|
||||
age.secrets.action-token.file = ../../secrets/vancouver-action-runner.age;
|
||||
|
||||
nix = {
|
||||
settings = {
|
||||
auto-optimise-store = true;
|
||||
|
@ -231,7 +233,7 @@
|
|||
"nix:docker://nixos/nix"
|
||||
];
|
||||
url = "https://git.gmem.ca/";
|
||||
token = "ilTf824bWmTbDtjr0oE2riSzaoUliS54RwjrVDdR";
|
||||
tokenFile = config.age.secrets.action-token.path;
|
||||
settings = {
|
||||
cache.port = 4328;
|
||||
};
|
||||
|
|
10
secrets.nix
Normal file
10
secrets.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
let
|
||||
vancouver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC30kDkktiWJGaJEIrqgneQx1SmIYUEVPm7w1F9p//CB";
|
||||
machines = [ vancouver ];
|
||||
|
||||
gsimmer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com";
|
||||
users = [ gsimmer ];
|
||||
in
|
||||
{
|
||||
"secrets/vancouver-action-runner.age".publicKeys = [ vancouver gsimmer ];
|
||||
}
|
9
secrets/vancouver-action-runner.age
Normal file
9
secrets/vancouver-action-runner.age
Normal file
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 oN6OTQ BBqv4gyfV+ZTQTKNhEUPRrzWNKz1YjVr3qyouxZ1l1s
|
||||
ApaqQizmjolL/f1j2iQAvRUuCrrv9l0R8ms63TsKmU0
|
||||
-> ssh-ed25519 qbziOw XL46mKp0s0IqX3sOY7wdyuxgIAdsNSb+pMl1oUgI2EY
|
||||
C+4Zy+62bzn7VkRdndpaiDtHc013K9PIrQXBpSqxD3s
|
||||
-> <#q*-grease
|
||||
GKgzRmWm4lA3tKsx96FM0QFnDI8Mu8jc76XM5uFZJnEY
|
||||
--- FZbu3X6NM/NxZBnjbc/BRIsccomlfkwIelFdc4NXt5g
|
||||
PÄó¨‹u®'®¦TÛ åßšµ¹^ªTÃ{ñevô÷Rb{ð1ì<31>K¦Í´eN œAàØéîÊÎ}MûjZ5K…öXd®vÜ+yƒ³”vÝE
|
Loading…
Reference in a new issue