From ea0b4e75b7b61a73ac7560a02747079209dc2f58 Mon Sep 17 00:00:00 2001 From: geemili Date: Fri, 29 Dec 2023 20:19:33 -0700 Subject: [PATCH] feat: agenix secrets management --- flake.lock | 109 ++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 19 ++++++++ secrets/secrets.nix | 9 ++++ 3 files changed, 137 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 secrets/secrets.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..069554c --- /dev/null +++ b/flake.lock @@ -0,0 +1,109 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1703433843, + "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", + "owner": "ryantm", + "repo": "agenix", + "rev": "417caa847f9383e111d1397039c9d4337d024bf0", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1703467016, + "narHash": "sha256-/5A/dNPhbQx/Oa2d+Get174eNI3LERQ7u6WTWOlR1eQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d02d818f22c777aa4e854efc3242ec451e5d462a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..dba0ea6 --- /dev/null +++ b/flake.nix @@ -0,0 +1,19 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, agenix }: { + nixosConfigurations.samsehu = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./configuration.nix + agenix.nixosModules.default + ]; + }; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..e33e92b --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,9 @@ +let + geemili_aitxero = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAVxN0eFU4VyBIQB8/Z5oiAW119xfaCfxl5K7AdfoZ7"; + geemili = [ geemili_aitxero ]; + + samsehu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRkyyUcmLsnX0oo1QzGeyPEqIc/i4ExcZClVoERggl9"; +in +{ + "samsehu_NFSN_API_KEY".publicKeys = geemili ++ [ samesehu ]; +}