feat: (r)agenix

Signed-off-by: jolheiser <john.olheiser@gmail.com>
teamcity
jolheiser 2023-07-10 17:03:30 -05:00
parent 4253217639
commit eda8dd3cbd
Signed by: jolheiser
GPG Key ID: B853ADA5DA7BBF7A
7 changed files with 297 additions and 67 deletions

View File

@ -1,6 +1,8 @@
{ {
programs.ssh = { programs.ssh = {
enable = true; enable = true;
extraConfig = builtins.readFile ./ssh/config; includes = [
"/run/agenix/ssh-config"
];
}; };
} }

View File

@ -1,41 +0,0 @@
Host jolheiser
HostName jolheiser.com
User jolheiser
IdentityFile ~/.ssh/jolheiser
IdentitiesOnly yes
Host jojodev
HostName jojodev.com
User jolheiser
IdentityFile ~/.ssh/jojodev
IdentitiesOnly yes
Host git.jojodev.com
HostName git.jojodev.com
User git
IdentityFile ~/.ssh/github
IdentitiesOnly yes
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/github
IdentitiesOnly yes
Host gitea.com
HostName gitea.com
User git
IdentityFile ~/.ssh/github
IdentitiesOnly yes
Host codeberg.org
HostName codeberg.org
User git
IdentityFile ~/.ssh/github
IdentitiesOnly yes
Host ssh.dev.azure.com
HostName ssh.dev.azure.com
User git
IdentityFile ~/.ssh/ndlegis
IdentitiesOnly yes

View File

@ -1,5 +1,132 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"nixpkgs": [
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682101079,
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
"owner": "ryantm",
"repo": "agenix",
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"crane": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"ragenix",
"flake-utils"
],
"nixpkgs": [
"ragenix",
"nixpkgs"
],
"rust-overlay": [
"ragenix",
"rust-overlay"
]
},
"locked": {
"lastModified": 1681680516,
"narHash": "sha256-EB8Adaeg4zgcYDJn9sR6UMjN/OHdIiMMK19+3LmmXQY=",
"owner": "ipetkov",
"repo": "crane",
"rev": "54b63c8eae4c50172cb50b612946ff1d2bc1c75c",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"ragenix",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -85,12 +212,93 @@
"type": "github" "type": "github"
} }
}, },
"ragenix": {
"inputs": {
"agenix": "agenix",
"crane": "crane",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1682237245,
"narHash": "sha256-xbBR7LNK+d5Yi/D6FXQGc1R6u2VV2nwr/Df5iaEbOEQ=",
"owner": "yaxitech",
"repo": "ragenix",
"rev": "281f68c3d477904f79ff1cd5807a8c226cd80a50",
"type": "github"
},
"original": {
"owner": "yaxitech",
"repo": "ragenix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"jolheiser-nur": "jolheiser-nur", "jolheiser-nur": "jolheiser-nur",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nur": "nur" "nur": "nur",
"ragenix": "ragenix"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"ragenix",
"flake-utils"
],
"nixpkgs": [
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682129965,
"narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "2c417c0460b788328220120c698630947547ee83",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
} }
} }
}, },

View File

@ -5,6 +5,9 @@
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
ragenix.url = "github:yaxitech/ragenix";
ragenix.inputs.nixpkgs.follows = "nixpkgs";
flake-utils.url = "github:numtide/flake-utils";
nur.url = "github:nix-community/nur"; nur.url = "github:nix-community/nur";
jolheiser-nur.url = "git+https://git.jojodev.com/jolheiser/nur"; jolheiser-nur.url = "git+https://git.jojodev.com/jolheiser/nur";
@ -16,6 +19,7 @@
self, self,
nixpkgs, nixpkgs,
home-manager, home-manager,
ragenix,
jolheiser-nur, jolheiser-nur,
... ...
} @ inputs: let } @ inputs: let
@ -43,31 +47,50 @@
flakePath = "/home/${username}/.config/nixpkgs"; flakePath = "/home/${username}/.config/nixpkgs";
}; };
}; };
age.secrets = {
ssh-config = {
file = ./secrets/shared/ssh-config.age;
owner = "jolheiser";
};
};
}; };
}); });
in { in
nixosConfigurations = { {
"chai" = nixpkgs.lib.nixosSystem { nixosConfigurations = {
system = "x86_64-linux"; "chai" = nixpkgs.lib.nixosSystem {
modules = [ system = "x86_64-linux";
home-manager.nixosModules.home-manager modules = [
./machines/common home-manager.nixosModules.home-manager
./machines/chai ragenix.nixosModules.default
(commonConfig {username = "jolheiser";}) ./machines/common
({pkgs, ...}: { ./machines/chai
home-manager.users.jolheiser.programs.git.package = pkgs.gitSVN; (commonConfig {username = "jolheiser";})
}) ({pkgs, ...}: {
home-manager.users.jolheiser.programs.git.package = pkgs.gitSVN;
})
];
};
"matcha" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
ragenix.nixosModules.default
./machines/common
./machines/matcha
(commonConfig {username = "jolheiser";})
];
};
};
}
// inputs.flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system};
in {
devShells.default = pkgs.mkShell {
nativeBuildInputs = with pkgs; [
just
ragenix.packages.${system}.ragenix
]; ];
}; };
"matcha" = nixpkgs.lib.nixosSystem { });
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
./machines/common
./machines/matcha
(commonConfig {username = "jolheiser";})
];
};
};
};
} }

View File

@ -44,10 +44,12 @@ in {
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
globalprotect-openconnect gp-saml-gui
openconnect
jetbrains.pycharm-professional jetbrains.pycharm-professional
jetbrains.idea-ultimate jetbrains.idea-ultimate
jetbrains.datagrip jetbrains.datagrip
subversion
teams-for-linux teams-for-linux
xorg.xauth xorg.xauth

View File

@ -0,0 +1,7 @@
let
jolheiser = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrPUqk9v7FE7OgMDaOMdlnItiXSDkmS+eU94RzQFiMS nix"];
matcha = [];
chai = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7PS9SJ+OVrUku9dPUQZigioy+r3VlFHVntsa/F7AdM root@chai"];
in {
"shared/ssh-config.age".publicKeys = jolheiser ++ matcha ++ chai;
}

View File

@ -0,0 +1,29 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEU4ajYvZyAxYys2
eHYraFR1Y2lGVlBZcklSN1lMYzF3b2xFRXdSaTgyQjFET3BXTFdvClR6cGVDQ1do
ckFObWFCRVJXSllJaFZDcU5VYWg2b1QxanFrK2l1YmhNNzgKLT4gc3NoLWVkMjU1
MTkgam8xTVBBIFRaUDd5alpxcDVwcVdTb1hOS3hxM2JSb2ppM3dVRGpPK0FUcGx0
ZU9LbkUKS2ZSaXpueHRBN2JVZWdJNnZ3VlpsWEhEVWFFZ0ZFTi80Q1h6YVB5Rkp6
OAotPiBBcjBcZWgmIS1ncmVhc2Ugd0k9YXRFIFxEVDNmQ1J5IGw9KkQ2IFZvK2Be
bHsyCms5d1R1Tm0rT1pRdVBXZmhCaktKQXJFQTl3Q01US296bm53Tm45Z0UvS28x
OGNZVHJQMm5XRy84Wm9HRHViWlEKRXNtNFc0Ri9EMHpzakFrTzUvRWIwcEVlM09E
Z1VkNW81a0VhdmZEYk8vOHJRSG1OUTVET0h3Ci0tLSB6RnpoZmw3cUMyK0tSQkV4
QnFCaXhOdEszSVRFdGJCV0hYS0hENytLT1NBCpap2Ueg9XZJh1ile34NxIu+7tAD
ACP2mrbLJk8SrJ+QJVtcfeHGTad5CwzoT/9SiZufDhSNLTCrCu8TT4ngCHuMOF1x
qVdmBrSacQ8VgVqovkFP9Sj5DZZsXj1XxJfQG5IDRwSK9d6+h4opHCsSHAJ19syg
zu/l7385EGc7+xlSt1Ifdc2HPV8Yk1ozGDTgVmsnvHSgXXkKgyGbjlHLvkrnqJJS
GMXl24N/X075L+hok62y1pzD2YxHWIOnIAs9SHwrKBXReWc4TymBHIYJQv8mSbDS
rDT8QXyKns8b4Zu9SWbWoiAcNzwF4BxUV5qM7PPzVZOlK65tiSSEB4f1Zh+1gL6V
UQqFw6RP10dAqopngNOKNP1WgQkb+Stjs8aplzCf3KBurdn63wcW2D7Z+hQouYE8
CHMTFB5piAZ9qCWnydACF6/apOT7G7BCK9D8WhXH8mXYl+tlkA6rf4a4KOKuxJR/
vrtSy3wCir8V4ICCdadxgWicZ+hzp9YP2nAgQxmGUT+SF+eRIDsBSueaz1py3fM1
THsHGIt0sLJTWWKT6u8agwPpmpNrjDCCdN6wUHW8nCJ4xjXmcQyGwx0IGovLxi+g
6mhhPrg62p9vroCGEIzhkuWNK10SCSVs4WlNRMH0BH/DgFoNkM70rbT6tf2gDKtG
74+9mp5SntGQMuOL5nndscwD6G524fh5mcHFVaAdMvfTnFX6/7+iAI4/URVYrxyj
gEV9YjQrmj7Ync6jv7nKHmgQMesmRLf7lxXswb7AZ281wk5hmT+uv626sLqU9q+9
z270Jy/7QV3jQk+dS3Y5RgflAzNI8eXmMA0SEojzydWbGT5oFbrY9/DofILQs8Qw
cPQcXtUSW0hRQjBCQPuFvwde7pY3gjfpwVeof/9hcc6usVWoT4PoPAYKr+0tRuPo
syI/Aamn1SO04n6RW51y4wbcOVrofs63pkAjwk9DAmHwO8Qe9ALTFd+n9K/bknMa
HYh+8v3yVa+xfR/9XizRgRpE6eghNGBW30ywPAkGryKchlri6lenfBhcmRwGI4b4
mc27ZS79Rn3rjTPKXtIgCEoOQYOmGZW38PELS0LWi7h53iXr7W9apQh/
-----END AGE ENCRYPTED FILE-----