Add agenix integration to secrets and flake

2021-05-13 10:35:23 -07:00 · 2021-05-13 10:35:23 -07:00 · 64b7892f6e
parent baeb144e57
commit 64b7892f6e
5 changed files with 48 additions and 1 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,25 @@
 {
  "nodes": {
+    "agenix": {
+      "inputs": {
+        "nixpkgs": [
+          "latest"
+        ]
+      },
+      "locked": {
+        "lastModified": 1620877075,
+        "narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
    "ci-agent": {
      "inputs": {
        "flake-compat": "flake-compat",
@ -352,6 +372,7 @@
    },
    "root": {
      "inputs": {
+        "agenix": "agenix",
        "ci-agent": "ci-agent",
        "darwin": "darwin",
        "digga": "digga",
--- a/flake.nix
+++ b/flake.nix
@ -17,13 +17,26 @@
      home.inputs.nixpkgs.follows = "nixos";
      naersk.url = "github:nmattia/naersk";
      naersk.inputs.nixpkgs.follows = "latest";
+      agenix.url = "github:ryantm/agenix";
+      agenix.inputs.nixpkgs.follows = "latest";
      nixos-hardware.url = "github:nixos/nixos-hardware";

      pkgs.url = "path:./pkgs";
      pkgs.inputs.nixpkgs.follows = "nixos";
    };

-  outputs = inputs@{ self, pkgs, digga, nixos, ci-agent, home, nixos-hardware, nur, ... }:
+  outputs =
+    { self
+    , pkgs
+    , digga
+    , nixos
+    , ci-agent
+    , home
+    , nixos-hardware
+    , nur
+    , agenix
+    , ...
+    } @ inputs:
    digga.lib.mkFlake {
      inherit self inputs;

@ -36,6 +49,7 @@
            ./pkgs/default.nix
            pkgs.overlay # for `srcs`
            nur.overlay
+            agenix.overlay
          ];
        };
        latest = { };
@ -60,6 +74,7 @@
            { _module.args.ourLib = self.lib; }
            ci-agent.nixosModules.agent-profile
            home.nixosModules.home-manager
+            agenix.nixosModules.age
            ./modules/customBuilds.nix
          ];
        };
--- a/overlays/overrides.nix
+++ b/overlays/overrides.nix
@ -8,6 +8,7 @@ channels: final: prev: {
    discord
    element-desktop
    manix
+    rage
    nixpkgs-fmt
    qutebrowser
    signal-desktop
--- a/secrets/.gitattributes
+++ b/secrets/.gitattributes
@ -1,3 +1,4 @@
 * filter=git-crypt diff=git-crypt
 .gitattributes !filter !diff
+secrets.nix !filter !diff
 README.md !filter !diff
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,9 @@
+let
+  # set ssh public keys here for your system and user
+  system = "";
+  user = "";
+  allKeys = [ system user ];
+in
+{
+  "secret.age".publicKeys = allKeys;
+}