Secrets: add agenix config

This commit is contained in:
Leonardo Eugênio 2022-12-23 11:22:58 -03:00
parent 0257ccc3b7
commit b6872b1694
10 changed files with 77 additions and 15 deletions

View file

@ -1,5 +1,23 @@
{
"nodes": {
"agenix": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1665870395,
"narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
"owner": "ryantm",
"repo": "agenix",
"rev": "a630400067c6d03c9b3e0455347dc8559db14288",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"alacritty-sixel": {
"flake": false,
"locked": {
@ -20,7 +38,7 @@
"inputs": {
"fenix": "fenix",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1659395338,
@ -205,17 +223,18 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1659219666,
"narHash": "sha256-pzYr5fokQPHv7CmUXioOhhzDy/XyWOIXP4LZvv/T7Mk=",
"lastModified": 1665732960,
"narHash": "sha256-WBZ+uSHKFyjvd0w4inbm0cNExYTn8lpYFcHEes8tmec=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7b9be38c7250b22d829ab6effdee90d5e40c6e5c",
"rev": "4428e23312933a196724da2df7ab78eb5e67a88e",
"type": "github"
},
"original": {
"id": "nixpkgs",
"owner": "NixOS",
"ref": "nixos-unstable",
"type": "indirect"
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
@ -234,6 +253,21 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1659219666,
"narHash": "sha256-pzYr5fokQPHv7CmUXioOhhzDy/XyWOIXP4LZvv/T7Mk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7b9be38c7250b22d829ab6effdee90d5e40c6e5c",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1670543317,
"narHash": "sha256-4mMR56rtxKr+Gwz399jFr4i76SQZxsLWxxyfQlPXRm0=",
@ -314,13 +348,14 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"alacritty-sixel": "alacritty-sixel",
"dhist": "dhist",
"home-manager": "home-manager",
"hyprland": "hyprland",
"material-wifi-icons": "material-wifi-icons",
"nil-lsp": "nil-lsp",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur",
"plymouth-themes": "plymouth-themes",

View file

@ -39,6 +39,8 @@
plymouth-themes.url = "github:adi1090x/plymouth-themes";
plymouth-themes.flake = false;
agenix.url = "github:ryantm/agenix";
# my stuff
dhist.url = "github:lelgenio/dhist";
};
@ -54,7 +56,9 @@
specialArgs = { inherit inputs; };
common_modules = [
./system/configuration.nix
./system/secrets.nix
# nur.nixosModules.nur
inputs.agenix.nixosModule
inputs.hyprland.nixosModules.default
{
programs.hyprland.enable = true;

BIN
secrets/lelgenio-cachix.age Normal file

Binary file not shown.

6
secrets/secrets.nix Normal file
View file

@ -0,0 +1,6 @@
let
main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15";
in {
"monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
"lelgenio-cachix.age".publicKeys = [ main_ssh_public_key ];
}

View file

@ -1,8 +1,8 @@
{ pkgs, ... }: {
{ pkgs, config, ... }: {
services.cachix-watch-store = {
enable = true;
cacheName = "lelgenio";
cachixTokenFile = "/etc/cachix-token";
cachixTokenFile = config.age.secrets.lelgenio-cachix.path;
};
systemd.services.cachix-watch-store-agent.serviceConfig.TimeoutStopSec = 3;
}

View file

@ -52,6 +52,12 @@
permitRootLogin = "no";
ports = [ 9022 ];
};
# programs.ssh = {
# startAgent = true;
# extraConfig = ''
# AddKeysToAgent yes
# '';
# };
## Enable sound with pipewire.
sound.enable = true;

View file

@ -5,13 +5,13 @@
enable = true;
settings.concurrent = 4;
services = {
ci_test = {
registrationConfigFile = "/srv/gitlab-runner/env/ci_test";
dockerImage = "debian";
dockerPrivileged = true;
};
# ci_test = {
# registrationConfigFile = "/srv/gitlab-runner/env/ci_test";
# dockerImage = "debian";
# dockerPrivileged = true;
# };
thoreb_builder = {
registrationConfigFile = "/srv/gitlab-runner/env/thoreb_builder";
registrationConfigFile = config.age.secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
dockerImage = "debian";
dockerPrivileged = true;
};

8
system/secrets.nix Normal file
View file

@ -0,0 +1,8 @@
{ pkgs, ... }: {
age = {
identityPaths = [ "/home/lelgenio/.ssh/id_rsa" ];
secrets.lelgenio-cachix.file = ../secrets/lelgenio-cachix.age;
secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file =
../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
};
}

View file

@ -86,6 +86,9 @@ in {
miniupnpc
deluge
## Nix secrets management
inputs.agenix.defaultPackage.x86_64-linux
## Programming
vscode
rustup