Testing agenix

2022-12-20 12:14:07 -03:00 · 2022-12-20 12:14:07 -03:00 · 36195dee41
commit 36195dee41
parent c8cede43df
4 changed files with 27 additions and 10 deletions
--- a/flake.nix
+++ b/flake.nix
@ -3,33 +3,37 @@

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-
-    nur.url = "github:nix-community/nur";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-22.11";

    home-manager = {
      url = "github:nix-community/home-manager/master";
      inputs.nixpkgs.follows = "nixpkgs";
    };

-    kmonad = {
-      url = "github:kmonad/kmonad?dir=nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-22.11";
-
    home-manager-stable = {
      url = "github:nix-community/home-manager/release-22.11";
      inputs.nixpkgs.follows = "nixpkgs-stable";
    };

+    nur.url = "github:nix-community/nur";
+
+    kmonad = {
+      url = "github:kmonad/kmonad?dir=nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    deploy-rs = {
      url = "github:serokell/deploy-rs";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

-  outputs = inputs @ { self, nixpkgs, home-manager, nur, kmonad, nixpkgs-stable, home-manager-stable, deploy-rs, ... }: {
+  outputs = inputs @ { self, nixpkgs, home-manager, nur, kmonad, nixpkgs-stable, home-manager-stable, deploy-rs, agenix, ... }: {
    nixosConfigurations = {
      io = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
@ -37,6 +41,7 @@
        modules = [
          ./hosts/desktops/io.nix
          kmonad.nixosModules.default
+          agenix.nixosModule
          home-manager.nixosModules.home-manager
          {
            nixpkgs.overlays = [ nur.overlay ];
--- a/hosts/desktops/io.nix
+++ b/hosts/desktops/io.nix
@ -10,6 +10,8 @@
    ./io
  ];

+  age.secrets.secret1.file = ../secrets/secret1.age;
+
  networking.hostName = "io";

  zramSwap = {
--- a/secrets/secret1.age
+++ b/secrets/secret1.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,10 @@
+let
+  io = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA";
+  desktops = [ io ];
+  
+  alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA";
+  servers = [ alexandria ];
+in
+{
+  "secret1.age".publicKeys = desktops;
+}