diff --git a/flake.lock b/flake.lock index 61f6036..9991078 100644 --- a/flake.lock +++ b/flake.lock @@ -1,26 +1,5 @@ { "nodes": { - "agenix": { - "inputs": { - "darwin": [], - "home-manager": "home-manager", - "nixpkgs": "nixpkgs", - "systems": "systems" - }, - "locked": { - "lastModified": 1707830867, - "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", - "owner": "ryantm", - "repo": "agenix", - "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, "anyrun": { "inputs": { "flake-parts": "flake-parts", @@ -120,7 +99,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems" }, "locked": { "lastModified": 1709126324, @@ -138,7 +117,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1705309234, @@ -155,27 +134,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -233,16 +191,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1703013332, - "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "lastModified": 1709128929, + "narHash": "sha256-GWrv9a+AgGhG4/eI/CyVVIIygia7cEy68Huv3P8oyaw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "rev": "c8e74c2f83fe12b4e5a8bd1abbc090575b0f7611", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } @@ -311,22 +269,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1709128929, - "narHash": "sha256-GWrv9a+AgGhG4/eI/CyVVIIygia7cEy68Huv3P8oyaw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c8e74c2f83fe12b4e5a8bd1abbc090575b0f7611", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1709968316, "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", @@ -342,7 +284,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1708807242, "narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=", @@ -360,11 +302,10 @@ }, "root": { "inputs": { - "agenix": "agenix", "anyrun": "anyrun", "firefox": "firefox", - "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_2", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix", @@ -373,7 +314,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { @@ -420,25 +361,10 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "telegram-desktop-patched-unstable": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1708964026, diff --git a/flake.nix b/flake.nix index 396cad6..7b882f1 100644 --- a/flake.nix +++ b/flake.nix @@ -10,8 +10,8 @@ anyrun.url = "github:Kirottu/anyrun"; anyrun.inputs.nixpkgs.follows = "nixpkgs-unstable"; telegram-desktop-patched-unstable.url = "github:shwewo/telegram-desktop-patched"; - agenix.url = "github:ryantm/agenix"; - agenix.inputs.darwin.follows = ""; + #agenix.url = "github:ryantm/agenix"; + #agenix.inputs.darwin.follows = ""; #ragenix = { # url = "github:yaxitech/ragenix"; # inputs.flake-utils.follows = "flake-utils"; @@ -20,7 +20,7 @@ sops-nix.url = "github:Mic92/sops-nix"; }; - outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixpkgs-unstable, home-manager, firefox, anyrun, agenix, sops-nix, ... }: { + outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixpkgs-unstable, home-manager, firefox, anyrun, sops-nix, ... }: { nixosConfigurations.dlaptop = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { @@ -38,9 +38,7 @@ ./hosts/generic.nix ./hosts/dlaptop/configuration.nix ./hosts/dlaptop/hardware-configuration.nix - ./hosts/dlaptop/age.nix home-manager.nixosModules.home-manager - agenix.nixosModules.default sops-nix.nixosModules.sops { home-manager.useGlobalPkgs = true; diff --git a/home/scripts.nix b/home/scripts.nix index 0d057e5..38cd459 100644 --- a/home/scripts.nix +++ b/home/scripts.nix @@ -75,7 +75,7 @@ let keepassxc = pkgs.writeScriptBin "keepassxc" '' #!/usr/bin/env bash - ${pkgs.coreutils}/bin/cat /run/agenix/qqq | ${pkgs.keepassxc}/bin/keepassxc --pw-stdin ~/Dropbox/pswd.kdbx + ${pkgs.coreutils}/bin/cat /run/secrets/qqq | ${pkgs.keepassxc}/bin/keepassxc --pw-stdin ~/Dropbox/pswd.kdbx ''; keepassxcDesktopItem = pkgs.makeDesktopItem { diff --git a/hosts/dlaptop/age.nix b/hosts/dlaptop/age.nix deleted file mode 100644 index 0e062e4..0000000 --- a/hosts/dlaptop/age.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ stable, inputs, config, pkgs, lib, ... }: - -{ - age.secrets = { - singbox-aus = { file = ../../secrets/singbox-aus.age; owner = "socks"; group = "socks"; }; - qqq = { file = ../../secrets/qqq.age; owner = "delta"; group = "users"; }; - cloudflared = { file = ../../secrets/cloudflared.age; owner = "cloudflared"; group = "cloudflared"; }; - }; - - age.identityPaths = [ "/home/delta/.ssh/id_ed25519" ]; -} \ No newline at end of file diff --git a/hosts/dlaptop/configuration.nix b/hosts/dlaptop/configuration.nix index 1ba55f6..14d6edb 100644 --- a/hosts/dlaptop/configuration.nix +++ b/hosts/dlaptop/configuration.nix @@ -22,14 +22,30 @@ # }; sops = { - defaultSopsFile = ../../secrets/example.yaml; + defaultSopsFile = ../../secrets/generic.yaml; #defaultSopsFile = ../../.sops.yaml; - #age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519" ]; - age.keyFile = "/home/delta/.config/sops/age/keys.txt"; + age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519" ]; + #age.keyFile = "/home/delta/.config/sops/age/keys.txt"; defaultSopsFormat = "yaml"; - secrets.example-key = {}; + secrets.qqq = { + mode = "0400"; owner = "delta"; group = "users"; + }; + + secrets.cloudflared = { + mode = "0400"; owner = "cloudflared"; group = "cloudflared"; + }; + + secrets."myservice/my_subdir/my_secret" = {}; + + secrets.singbox-aus = { + sopsFile = ../../secrets/singbox-aus.bin; + format = "binary"; + mode = "0400"; + owner = "socks"; + group = "socks"; + }; }; @@ -116,11 +132,18 @@ }; }; + users.groups.cloudflared = { }; + users.users.cloudflared = { + group = "cloudflared"; + isSystemUser = true; + }; + + users.groups.socks = { }; services.cloudflared.enable = false; services.cloudflared.tunnels = { "dlaptop" = { default = "http_status:404"; - credentialsFile = "/run/agenix/cloudflared"; + credentialsFile = "/run/secrets/cloudflared"; }; }; @@ -310,7 +333,6 @@ #firefox_nightly #inputs.anyrun.packages.${pkgs.system}.anyrun inputs.telegram-desktop-patched-unstable.packages.${pkgs.system}.default - inputs.agenix.packages.x86_64-linux.default # inputs.ragenix.packages.x86_64-linux.default sops ]; @@ -331,7 +353,7 @@ User = "socks"; Group = "socks"; }; - script = "sing-box run -c /run/agenix/singbox-aus"; + script = "sing-box run -c /run/secrets/singbox-aus"; path = with unstable; [ shadowsocks-libev shadowsocks-v2ray-plugin diff --git a/hosts/generic.nix b/hosts/generic.nix index fde5d3b..fd37920 100644 --- a/hosts/generic.nix +++ b/hosts/generic.nix @@ -61,6 +61,7 @@ in { #fishPlugins.hydro fishPlugins.fzf-fish fishPlugins.sponge + fzf grc unstable.nh any-nix-shell