From 5d7fc1f9f8c42cf244a69a209a1e4da335bf3d36 Mon Sep 17 00:00:00 2001 From: MoritzBoehme Date: Tue, 14 Sep 2021 13:12:34 +0200 Subject: [PATCH] added agenix --- flake.lock | 34 +++++++++++++++++++++++++++++++++- flake.nix | 4 +++- hosts/nixos-laptop/default.nix | 2 ++ modules/agenix.nix | 8 ++++++++ modules/default.nix | 1 + secrets/nordvpn.age | 10 ++++++++++ secrets/secrets.nix | 10 ++++++++++ 7 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 modules/agenix.nix create mode 100644 secrets/nordvpn.age create mode 100644 secrets/secrets.nix diff --git a/flake.lock b/flake.lock index 4aaab8b..caa13bf 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,23 @@ { "nodes": { + "agenix": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1631325864, + "narHash": "sha256-bBvrjUS0qfgC4LPFthGJ5E8Fl0f5UvlrCB3o5Bnn9ys=", + "owner": "ryantm", + "repo": "agenix", + "rev": "5c5bc282565f03f9c5b3d6e72b7cb985706148a6", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "emacs-overlay": { "locked": { "lastModified": 1631265331, @@ -52,6 +70,19 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1618628710, + "narHash": "sha256-9xIoU+BrCpjs5nfWcd/GlU7XCVdnNKJPffoNTxgGfhs=", + "path": "/nix/store/z1rf17q0fxj935cmplzys4gg6nxj1as0-source", + "rev": "7919518f0235106d050c77837df5e338fb94de5d", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1631117094, "narHash": "sha256-FMdGgsJq1wGmMo98KjyUPN5ofqxuEru4ZmAn80LXa/8=", @@ -100,9 +131,10 @@ }, "root": { "inputs": { + "agenix": "agenix", "emacs-overlay": "emacs-overlay", "home-manager": "home-manager", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nur": "nur", "picom": "picom", "unstable": "unstable", diff --git a/flake.nix b/flake.nix index 61b3252..df7a18d 100644 --- a/flake.nix +++ b/flake.nix @@ -6,6 +6,7 @@ unstable.url = "github:nixos/nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/release-1.2.0-without-deprecated-code"; nur.url = "github:nix-community/NUR"; + agenix.url = "github:ryantm/agenix"; emacs-overlay.url = "github:nix-community/emacs-overlay"; @@ -27,7 +28,7 @@ }; }; - outputs = inputs@{ self, utils, home-manager, nixpkgs, ...}: + outputs = inputs@{ self, utils, home-manager, nixpkgs, agenix, ...}: utils.lib.mkFlake { inherit self inputs; @@ -69,6 +70,7 @@ }; } self.nixosModules.default + agenix.nixosModules.age ]; hosts.nixos-laptop.modules = [ diff --git a/hosts/nixos-laptop/default.nix b/hosts/nixos-laptop/default.nix index 0808ce4..85b86ae 100644 --- a/hosts/nixos-laptop/default.nix +++ b/hosts/nixos-laptop/default.nix @@ -69,6 +69,8 @@ time.timeZone = "Europe/Berlin"; + services.sshd.enable = true; + # Powersaving services.tlp.enable = true; powerManagement.enable = true; diff --git a/modules/agenix.nix b/modules/agenix.nix new file mode 100644 index 0000000..60b7b44 --- /dev/null +++ b/modules/agenix.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + environment.systemPackages = [ + inputs.agenix.defaultPackage.x86_64-linux + ]; + age.secrets.nordvpn.file = ../secrets/nordvpn.age; +} diff --git a/modules/default.nix b/modules/default.nix index 7d7a530..f3aee85 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -7,6 +7,7 @@ ./emacs ./polybar ./rofi + ./agenix.nix ./git.nix ./kitty.nix ./picom.nix diff --git a/secrets/nordvpn.age b/secrets/nordvpn.age new file mode 100644 index 0000000..d024887 --- /dev/null +++ b/secrets/nordvpn.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 wG6LYg +W8syD6k+CQQvyMkIpITAzdXAwR+k9TOeR8LrZLUEAI +/byibB4u3xiBLU2hWDFONn/lY5JvrAdq1SRNDKDqcOY +-> ssh-ed25519 CjuqfA A/YOmAkZHx+mYMOnGWS+k3/kPTu3Qoxbj1boO6XzVmQ ++abSRmU/kp6dBhR3KjBhDzkp1jHQIQlBUMspuz45lj4 +-> V2a1u-grease EW?mj& +rz1DOpA +--- eZM1v3JU4Jb+//hILOOqD+4PyzWfpZNFjcIoy3dqR40 +ÉŒþ‰ í7V?U8Þ[¼#`BN; +´¶òôHúF‹X%ãjo¥*®6u׌Í^ë` \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..95e0098 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,10 @@ +let + moritz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGoAqa2m7hIzZ2LS96Z+RCIlRvhBM/j7h27tMBCwMT+a"; + users = [ moritz ]; + + nixos-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhtwHDGAZshiQWKkCcPWV9tC83b+bKBgjDcjP/N2CKO"; + hosts = [ nixos-laptop ]; +in +{ + "nordvpn.age".publicKeys = users ++ hosts; +}