diff --git a/flake.lock b/flake.lock index 0f4cf5e..ab384c9 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,29 @@ "type": "github" } }, + "agenix-rekey": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1705278709, + "narHash": "sha256-CNJSc6tp12UZKAprviztJ509yAblteK4GiWwKewWEPQ=", + "owner": "oddlama", + "repo": "agenix-rekey", + "rev": "e02a57e08224422934974f19853d4d70ed7eaaaa", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "agenix-rekey", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -43,6 +66,84 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "agenix-rekey", + "nixpkgs" + ], + "systems": "systems_2" + }, + "locked": { + "lastModified": 1695195896, + "narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=", + "owner": "numtide", + "repo": "devshell", + "rev": "05d40d17bf3459606316e3e9ec683b784ff28f16", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "agenix-rekey", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -116,6 +217,22 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1685801374, + "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1704722960, @@ -148,9 +265,38 @@ "type": "github" } }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": [ + "agenix-rekey", + "flake-utils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "agenix-rekey", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1694364351, + "narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", + "agenix-rekey": "agenix-rekey", "home-manager": "home-manager_2", "impermanence": "impermanence", "nixpkgs": "nixpkgs_2", @@ -171,6 +317,36 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 4cb801d..ac31ecf 100644 --- a/flake.nix +++ b/flake.nix @@ -4,10 +4,7 @@ inputs = { # Nixpkgs nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; - # You can access packages and modules from different nixpkgs revs - # at the same time. Here's an working example: nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - # Also see the 'unstable-packages' overlay at 'overlays/default.nix'. # Home manager home-manager = { @@ -17,6 +14,10 @@ # Add any other flake you might need agenix.url = "github:ryantm/agenix"; + agenix-rekey = { + url = "github:oddlama/agenix-rekey"; + inputs.nixpkgs.follows = "nixpkgs"; + }; impermanence.url = "github:nix-community/impermanence"; }; @@ -54,6 +55,13 @@ # These are usually stuff you would upstream into home-manager homeManagerModules = import ./modules/home-manager; + # Expose the necessary information in your flake so agenix-rekey + # knows where it has too look for secrets and paths. + agenix-rekey = inputs.agenix-rekey.configure { + userFlake = self; + nodes = self.nixosConfigurations; + }; + # NixOS configuration entrypoint # Available through 'nixos-rebuild --flake .#your-hostname' nixosConfigurations = { @@ -70,41 +78,22 @@ ./nixos/viridian/configuration.nix ]; }; - - lavender = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs outputs; }; - modules = [ - # > Our main nixos configuration file < - ./nixos/lavender/configuration.nix - ]; - }; }; - # Standalone home-manager configuration entrypoint - # Available through 'home-manager --flake .#your-username@your-hostname' homeConfigurations = { "sajenim@fuchsia" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance + pkgs = nixpkgs.legacyPackages.x86_64-linux; extraSpecialArgs = { inherit inputs outputs; }; modules = [ - # > Our main home-manager configuration file < - ./home-manager/sajenim/home.nix + ./home-manager/sajenim/fuchsia.nix ]; }; - "sabrina@lavender" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.aarch64-linux; - extraSpecialArgs = { inherit inputs outputs; }; - modules = [ - ./home-manager/sabrina/home.nix - ]; - }; - - "sabrina@viridian" = home-manager.lib.homeManagerConfiguration { + "sajenim@viridian" = home-manager.lib.homeManagerConfiguration { pkgs = nixpkgs.legacyPackages.x86_64-linux; extraSpecialArgs = { inherit inputs outputs; }; modules = [ - ./home-manager/sabrina/home.nix + ./home-manager/sabrina/viridian.nix ]; }; };