reo101/rix101
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(agenix-rekey)!: first try

Browse source 
Cannot `agenix rekey` / `deploy`
`agenix rekey` rekeys separate keys successfully but canot build the derivation that contains them
This commit is contained in:
reo101 2023-12-25 15:17:30 +02:00
parent 9eb47f44b9
commit 8feb5245ea
Signed by: reo101
GPG key ID: 675AA7EF13964ACB
16 changed files with 138 additions and 109 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -1,2 +1,3 @@
/.direnv/
/secrets/key
/secrets/*key*
!/secrets/*.age

27
flake.nix
View file

@ -55,19 +55,15 @@
};
};
agenix-rekey = {
url = "github:oddlama/agenix-rekey";
inputs.nixpkgs.follows = "nixpkgs";
};
ragenix = {
url = "github:yaxitech/ragenix";
};
# sops-nix = {
# url = "github:Mic92/sops-nix";
# inputs = {
# nixpkgs.follows = "nixpkgs";
# darwin.follows = "nix-darwin";
# home-manager.follows = "home-manager";
# };
# };
# Nix User Repository
nur = {
url = "github:nix-community/NUR";
@ -117,6 +113,7 @@
, disko
, deploy-rs
, agenix
, agenix-rekey
, ragenix
, nur
, spicetify-nix
@ -132,7 +129,9 @@
inherit (self) outputs;
util = import ./util { inherit inputs outputs; };
in
rec {
{
inherit self;
# Packages (`nix build`)
packages = util.forEachPkgs (pkgs:
import ./pkgs { inherit pkgs; }
@ -184,6 +183,14 @@
darwinConfigurations = util.autoDarwinConfigurations;
homeConfigurations = util.autoHomeConfigurations;
# Secrets
agenix-rekey = agenix-rekey.configure {
userFlake = self;
nodes = {
inherit (self.nixosConfigurations) jeeves;
};
};
# Deploy.rs nodes
deploy.nodes = util.deploy.autoNodes;
checks = util.autoChecks;

48
machines/nixos/x86_64-linux/jeeves/configuration.nix
View file

@ -3,14 +3,23 @@
imports = [
inputs.hardware.nixosModules.common-cpu-amd
inputs.hardware.nixosModules.common-gpu-amd
(import ./disko.nix { inherit inputs outputs; })
./disko.nix
inputs.agenix.nixosModules.default
# FIXME: agenix-rekey
inputs.agenix-rekey.nixosModules.default
./network.nix
./wireguard.nix
./jellyfin.nix
./mindustry.nix
];
# FIXME: agenix-rekey
age.rekey = {
hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPopSTZ81UyKp9JSljCLp+Syk51zacjh9fLteqxQ6/aB";
masterIdentities = [ "${inputs.self}/secrets/privkey.age" ];
# forceRekeyOnSystem = "aarch64-darwin";
};
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
@ -61,7 +70,15 @@
];
# NOTE: made with `mkpasswd -m sha-516`
age.secrets."jeeves_password".file = ../../../../secrets/home/jeeves_password.age;
age.secrets."jeeves.user.password" = {
# file = ../../../../secrets/home/jeeves/user/password.age;
# file = "${inputs.self}/secrets/home/jeeves/user/password.age";
# FIXME: agenix-rekey
rekeyFile = "${inputs.self}/secrets/home/jeeves/user/password.age";
# generator = {pkgs, ...}: ''
# ${pkgs.mkpasswd}/bin/mkpasswd -m sha-516
# '';
};
users = {
mutableUsers = true;
@ -69,7 +86,7 @@
jeeves = {
isNormalUser = true;
shell = pkgs.zsh;
hashedPasswordFile = config.age.secrets."jeeves_password".path;
hashedPasswordFile = config.age.secrets."jeeves.user.password".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj8ZGcvI80WrJWV+dNy1a3L973ydSNqtwcVHzurDUaW (none)"
];
@ -98,19 +115,26 @@
# ];
# };
security.sudo.extraRules= [
{
users = [
"jeeves"
];
commands = [
# security.sudo-rs = {
# enable = !config.security.sudo.enable;
# inherit (config.security.sudo) extraRules;
# };
security.sudo = {
enable = true;
extraRules= [
{
users = [
"jeeves"
];
commands = [
{
command = "ALL" ;
options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
}
];
}
];
];
}
];
};
services.openssh = {
enable = true;

3
machines/nixos/x86_64-linux/jeeves/disko.nix
View file

@ -1,5 +1,4 @@
{ inputs, outputs, ... }:
{ lib, pkgs, config, ... }:
{ inputs, outputs, lib, pkgs, config, ... }:
{
imports = [
inputs.disko.nixosModules.disko

11
machines/nixos/x86_64-linux/jeeves/network.nix
View file

@ -1,12 +1,17 @@
{ lib, pkgs, config, ... }:
{ inputs, outputs, lib, pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
];
age.secrets."home/wifi.env".file = ../../../../secrets/home/wifi.env.age;
age.secrets."home.wifi.env" = {
# file = ../../../../secrets/home/wifi/env.age;
# file = "${inputs.self}/secrets/home/wifi/env.age";
# FIXME: agenix-rekey
rekeyFile = "${inputs.self}/secrets/home/wifi/env.age";
};
networking.wireless = {
iwd.enable = true;
environmentFile = config.age.secrets."home/wifi.env".path;
environmentFile = config.age.secrets."home.wifi.env".path;
networks = {
home = {
ssid = "@HOME_WIFI_SSID@";

19
machines/nixos/x86_64-linux/jeeves/wireguard.nix
View file

@ -1,4 +1,4 @@
{ lib, pkgs, config, ... }:
{ inputs, outputs, lib, pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
wireguard-tools
@ -10,12 +10,17 @@
# wg pubkey < private > public
# Server
age.secrets."wireguard/server.private" = {
file = ../../../../secrets/home/wireguard/server.private.age;
age.secrets."wireguard.private" = {
# file = ../../../../secrets/home/jeeves/wireguard/private.age;
# file = "${inputs.self}/secrets/home/jeeves/wireguard/private.age";
mode = "077";
};
age.secrets."wireguard/server.public" = {
file = ../../../../secrets/home/wireguard/server.public.age;
# FIXME: agenix-rekey
rekeyFile = "${inputs.self}/secrets/home/jeeves/wireguard/private.age";
# generator = {lib, pkgs, file, ...}: ''
# priv=$(${pkgs.wireguard-tools}/bin/wg genkey)
# ${pkgs.wireguard-tools}/bin/wg pubkey <<< "$priv" > ${lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")}
# echo "$priv"
# '';
};
networking.firewall.allowedUDPPorts = [51820];
@ -28,7 +33,7 @@
MTUBytes = "1300";
};
wireguardConfig = {
PrivateKeyFile = config.age.secrets."wireguard/server.private".path;
PrivateKeyFile = config.age.secrets."wireguard.private".path;
ListenPort = 51820;
};
wireguardPeers = [

17
secrets/home/jeeves/user/password.age Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USB5eUlZ
S2dzQkNtM3pPY1I2aUcwdVpndk9WWThJWktDdTBQeVZPcytqWWpnClkxTjl6L3RH
S0ZyeDQzbkdFNzVvK2ErZFpENjlXcjk0RUk5SmtrN1I3U0kKLT4gc3NoLWVkMjU1
MTkgV2Y4dmp3IHA4eGpVaUR3VE1ySU1TZ0tjcGx4SDJ5L3d6RDZvZmFjTmVTTTdx
ZUh5V2sKMjhRU0dwMmZ3NUhwTDZrMnI1bDFHYTJjckFlaVRUSUQ4bFd6bWlkQ1VD
MAotPiBYMjU1MTkgWTRabUNqVi9Tbjk4TGJZYUFHWWdEUjJYMUtES0JVdGxrbloz
a1pHN0VsRQpLc3BoRlRORHFySGFnRTBuWkpTaUJraEpzemg0L29leVFVQTZKMjBP
NUxFCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyBUM1M1bURRQXFWVUNhdkxuUC9naXhm
Wk55MlJCWXB3NnovV3ZrOXBVdG53CmVOYldGRG92UHNPcG9HVjFFcmwxVCtKT0tw
MkYrYWQzMzNua3NvQ0lHS0kKLT4gX2UhLWdyZWFzZSBNZmRAaVkwIHFoUi5VXGEK
ZUJ2dnJDeUNsc1gzdFNnZi9OTSthZ3Vnd0hTQytSM0xnNDhQUEJoL3RyMzg0aGd1
Y0NTYQotLS0gK1ZpUUpKbE4yMW1nc2ZtaFRVa0QwS21kU2VYb1JtNDBzQWxWWHpP
YnM2ZwoTk7csNBcZB21Y46f15I1CatS5N4In3UhXIA1CdLNoHiJ6ocurMxVhzBQ4
VCSfib+Eq7FiEuMCG3l0fcgBLN2PSg79+BCiI1O9KYt9Qhl6g5fjRGvCCDtjos33
aEBE2F46v92wpFX24Pw2MfCfSnSeghq3Nh2DQJvFyXsTDu6DAd4a9ubU6K5BMJS+
-----END AGE ENCRYPTED FILE-----

16
secrets/home/jeeves/wireguard/private.age Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USBMb3Bt
NTRMcXpEeGxkdkFaQmdnMjdsd0hHVXlWR1RZckthVVFzNmRRZDFNCnRvZlErOGFn
NW9TQlJvblVuZ1RsNWJvVWhSWE1VeEVuTmpWMUxMZnM1SkkKLT4gc3NoLWVkMjU1
MTkgV2Y4dmp3IHVPNThxVnRnNlRkNTU0WDAxRVFIZk16WUlySDJqRFovSTAzVTJP
Wk1HVlEKZnZJMUJrR01uY01YTzM3dXY3VVJ2ZFFXaENGa3g5ZHlNSitYRU9uMUZE
TQotPiBYMjU1MTkgQURJZE9ma091Zis4MDYyUUJHdjc0MTYyRC9IK1BDMmZpNGx4
MXBaaGxEMAp5dnFsSzVncjRDWDBQV1R2ckt4MzRtYTRyZERoejBvbWFabXM4K2NZ
L3ZRCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyA2OGI2eS8yQk1yNjdXNlY2VmlZUTVF
QkJ6eVZhYW56NU5xcG5jMG5oc1g4Ci8zM3p5ZmR3ZTBtRGpYZERUa0dBSldqRnRj
Ulhzc3RNU2lBR3pyZnpjYkkKLT4gdGt7TF8tZ3JlYXNlIGFJfHpCfSBDZC1UIC9e
PgpVVU9XUmdTM0RmSWF0SGdZV1VXOThPOUZRdHFnU2RTUkV2bzZmY3VJQzZjMUhG
WXMyNmJ0ZWcxQVVPVQotLS0gWEY2akF3UVp1VTVoSGNNMGs2enR0bXI1bU1uTzBP
RjMzejZxN1JLWUhjYwon/0IkLsAhX2rUfpHDmWq++0t7vppgTdZfSjRlqrW7/t8t
dj0pU/R1NDuPuJ90STxHoKZinAbX/LC18ieNCwdWvkNw566lY3ERV1egyg==
-----END AGE ENCRYPTED FILE-----

17
secrets/home/jeeves_password.age
View file

@ -1,17 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USB3bzVT
c3M0RC9vYThYQUpoN0FKU2hpSDdOUk10cUI2Si9vNVA5UjMrOEZZClF2RytISG40
S2tqUVo5R2RwbVhweXg5dlNlSlJXdHVMQ1NyOGY5VHNKRlUKLT4gc3NoLWVkMjU1
MTkgV2Y4dmp3IHpLQXBabTNzaWsrQWZHSEJxdDJjOXRYZ1JJNG90RFg1L1B1dUxG
SjFDakUKRkptYmQ4azV4VWdqSzZBTHloM203UXp5VDNKY0N1TDJTZ0FnYlBOWDlF
awotPiBYMjU1MTkgSy9pVStZRjJKbHVJZDIwOUM1MHFoVTd0eTNmSXlyRmxJTnBr
a2h2akJBOApic1VkdnZGUnVLZm9HbE5tZ1lzbGJSNGsxendyL0s2d3lVdnIreG42
R1FBCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyBiR0dQVlFFV3grWXJQOEF4ajhtK2Yy
akExVEpwZ1lqcW1VN1JnODJFcFQwCnhRME5iWnZnc3NUL1ZwQ1ZyakJjZWVFb3VV
cmNpY0QyMitFNHZuakpxTmsKLT4gJHEsIixCbmwtZ3JlYXNlCmFrL1k5RTFsdndS
N1FwTytvQQotLS0gTTlJUlJMR09lSzY2RmpSWmk4MGtJamtRdnVZM1JobUMrRUJw
ZDgxRG9HVQo577U9ehKYysiNh7Z9o4X/xoP1eB7Igs5jQ/PFLFA0ST48NZ4GwJ1t
0Hbm4xdx5qaI5BIlxmyDspQCtBU2MmtYYT4v0rWZcmVQdm9GLDmCFuUeiAG+X7MT
wEqyX56oAr+ULxPO5EWoznIqv2wXantXsAGTvOKRqJuxWOleiXfAK50j4dM7jhzN
rw2k
-----END AGE ENCRYPTED FILE-----

18
secrets/home/wifi.env.age
View file

@ -1,18 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USBKNjdl
alVqNE5WY21yS2QxWndJOE9vSzRiWlhjSWNtR2dMdFA2ZE5kWUNvCjkrQVppSzdw
ZXo1cEVEUXZ6WVBVcTYwVWRhRFBxUUxqS0dnVlZGUWtmYjQKLT4gc3NoLWVkMjU1
MTkgV2Y4dmp3IGQzeDZGTUFGeFhoYVpEeDZZT1hLUjhkak90cnhTeThkcnlQMFU1
RUxEbVkKNy8zQmpUdE1NVnNCYTYyRmZ6bmhMRUttS0RNU3UxOU5RT0swRmpTeGpX
SQotPiBYMjU1MTkgcC9hMHpEMWl0WndmQzM2dm9MWG9reWpxVE5DeXRUcjRwQmp1
RG5jeHBpMAptK3dXcStRcnBaMWRGZytQMDJQNFNiOU5ZVzZKczNwWEp5ZWVDbmdw
QS9RCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyBNMHN6Z0V5YWJzMnJ6RklpbFBpVUVw
OGdPRTl6Smo4RGxuZWtBelhrNW1rCnBFWjRlQWpjOW9TNHFSVFBSVStSalpTcUt4
T3kxVmZxZkc0VzQ2ZlN2WHMKLT4gc3NoLWVkMjU1MTkgQjdiZXhBIG00eEhHSlhi
bWMxOG02aFVBZEZGQnJxSFdRNmduRWVnN0lKQzlJMUVBVXcKbC9RYW1qS0p2Nld5
UnVUb0xYTTYrVmxXQ2lMUG5rK3owOXJxMkR1MkZORQotPiA7emJcOi8tZ3JlYXNl
CjJlQXdqdVpsc3NIZmxlcU1YOXZmM2xsSHE0Vm1qK3ovcThaTlBYREgKLS0tIENr
TFN1MGlRbVM4NWZ4YWFJc0tWR3prUVZaVGkveW5taFdGWjZqZkZJS0kKSaZHvA62
8AclIn54Dic5oyFpzGBIm321rTRsVWPmdTPkWiFpTEYdIFBJXAkpl3zC/exGPrZe
ZRUAUT0rxIfx/9OlF3NkrcwAI4crdeDd9HQzMnQFAw8CXVs=
-----END AGE ENCRYPTED FILE-----

18
secrets/home/wifi/env.age Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USAxUzBy
a2JEcmZtQ01mcCsvWFdJVVdHNUtpcmtza05RY0dqcFl4VjFuY2dvCmZGRkxTK2ZK
ZFZpVEVvODB5d0dTTWx6aGtkTTBQMDJ6c3g0VkFSTzIyaEEKLT4gc3NoLWVkMjU1
MTkgV2Y4dmp3IFZoY0tZY2hVK3RGQmpNNzA4aDk3dElUY3FoMUhtMXEyMUxsUWFG
Um1XR1UKMGVCdzZzM0Z1YitMeml5VVZlNGpGODNORFpuNEg5Vkk0WGppa1Zndkw4
NAotPiBYMjU1MTkgQVFWT0I1QjRudzFJM2g3azg3YmQ4K0l2VEZ5aVNuRHlqS0Uy
OG9qL0pUUQpqcldkUUE0WWZvM1dxb1kzTU5LTlc1YmFISlJ3cm56N1RzSFhFdHlO
RnZVCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyBxMGpXTVJNNGFMMGYyS2tLa2Rob1c1
NnkvMExEa0ZJMjN6NlhtVGF5TXhFCk8xUTIrS2tWSUxrMlQwZS9aQnMxQmdXWGZa
T08zekxsV0U4VERpN3lid00KLT4gc3NoLWVkMjU1MTkgQjdiZXhBIEExMW9yRzVH
aUp1bk1tc1NnOHZhVitLUTZ0Q2xUZEZLc3U2Q1ZjYVJSRjQKQlBzN2gweU9wMWJ1
KzRKakxELzhtVGFNclNkM3dsYVhoc0NGOGtXWU02MAotPiB6Y3FwYH5gNi1ncmVh
c2UgPzdlfGYgTgpNQQotLS0gMlZwNnFtbHo5TktOS0VaQ1UreHE1UkdaVzZwU0Ix
ZzdaNWtIZXdQYTgrZwppSUDjMQFsi8Lr6oOWFCbh8+FXBy+APg1LdcbJdRFowx0Z
MvSRLkiZw91J+1qQLZOoeKAzp5JE42aGU9dJTfxCixsU2QY9oX3Y/QE3JUWAj1ms
0GOUg9U4hg==
-----END AGE ENCRYPTED FILE-----

16
secrets/home/wireguard/server.private.age
View file

@ -1,16 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USByZnZh
NFhQSEZqSFdsNnRHT2Y0VEtrWUkyVG54aUNwUEQxNk5VYmU1S21vCngxeUFLVTVx
QXR2U2paQmE3SERyWjViOENrNnRyaUxQS2dKSHg2NVdIRUkKLT4gc3NoLWVkMjU1
MTkgV2Y4dmp3IEdKbWNLRnJ5aWZvamJNY2hnTENvUUExQnIxMzVrejNua3Mvc3Zp
c2plV2MKZVJuNW5UOVIxZUlUOUc1dmFKbHJSaWhRYTQwNXkzdkp5WWwwWVhxbjNR
SQotPiBYMjU1MTkgOXB3Wk83ZGtRNWpCUFZlQXBDb09ycXlnbjNmNXRjYWF6Q21V
dG5MOThDZwp0RTFZRk9uZnFqakQvSU94cGlPSHd4WTBkQS9GODJIRWV6OWdTclpP
UFpFCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyBkdG5qU2g5SUFrMUhtRW50blZ1eThx
eTRVNFUyTHVtMlpFQkR3YllkZkRRCmdhb3h6Q1hKdFJXR0duQ2xLbXZ1alZxOWZV
dzA0aXgwdnlZbzdqR0p2dmsKLT4gQFpANy8hLWdyZWFzZQpQc1p5SU1hZ0l1TzdC
TDlWSW5HbFZvNHRTNVh2U2xZcHVzMmxaWG5jZ200Vy94elZKVkd1cTYzeTgvRWp3
N0w5ClRDSQotLS0gRUtqVXJ2d0VGT2srQUx2SmJxckRXbWZMZlhZbU9ZcVNhVFJE
SjZpYTNzSQqogzeEZyuK0GpIxT5ZRkfzuPaoXYL5ayljbXoPCtwZNdCLX6a0Yrna
2XX9IQF4oKf5Zb5hALG0KznFrtnF0+QmbOO1sp93TDSaiexQ1A==
-----END AGE ENCRYPTED FILE-----

17
secrets/home/wireguard/server.public.age
View file

@ -1,17 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USBVNHMv
MncvRmNpUjVRT2k2d0ZPbWVPOTdjWlJkMDMwYjQrUWxVRGpyWTNjClBLMnk4MTZp
YXlVR1A0ajhIV3NDTEFRNkVPZmo1WWs0VWk2ZFRTS0QxWWcKLT4gc3NoLWVkMjU1
MTkgV2Y4dmp3IHArZ1ZmNlFTRjBJV1JjWFlhMUg4UkdqcTBqTHJsYXV2dmJ5eWNZ
Z2hHSDQKOWdyZFdTSXozSndhK1pkaE81VVl2QncwdnlteUtla1RrUXlRNW90TDZl
dwotPiBYMjU1MTkgK2gzb2FseHNwQ010a2x0QzBEcWx5VUs3TWcyYWQ2MHB6WGs2
Zzl2Nm1qVQo2TTdWMllsenM2MnRQZk5YWE9kSEY3YVFvd0FYbnlNdncxcDZhUkNY
OU1NCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyBNaFpKK1YzTzdZbUpmUTJ0V0NjeUo4
eThYSzFZTFhCSEtYWGFUbmgvakI4CkdNMmp5WnZOMmpWQy9JQjBJU21DbTFHUTJ2
b2NoTlRpR21BR3B1MlhiMmcKLT4gKS1ncmVhc2UgVgphcDJYdjZWNnArVEJGUExF
dnRob2UxTE1hTXQ5Y0lmSXBwQTNRYjF5WTkrWjZEZnhuVDFTWkNkOUpWZTUyVzRv
CktaNmp1elI2TEN4ZmdubEU1em5hRDUvdi9BcWRHVmhWZWdXWG5PaisKLS0tIGxZ
aVlXbmFLK3QyRHBsUVhVdEQvalpOeTFTcWJCNVd6QnhtdW9YWFA3c00KwrHWxx7T
O9MvLcn3YRXtyeoW+x8V3rOP2kHBXgMZql14lhrMqHy1x2znW6nuOw6KLcBI9ZM9
KmbyPo8m8uL+b9/J7HirLjG0CgTfCdM=
-----END AGE ENCRYPTED FILE-----

5
secrets/privkey.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> scrypt th81mkn70Q70CNNhfmD7xA 18
NhPSSlSyViXXKmHCTuXhdMl9sJfSsdIxuLg4g6UNx8M
--- AEH6wKJ8ta2Ww/hGziO+nQY5Hjb+sm2Iaqub/JY4gGo
W¤Œ¸€ùàÚTªzdýêPë÷å•QÄ…ì6<C3AC>˜!ï¡™N¿6Û'Eî:±ãLO™)òÓ‚ó@ñ÷f>/•p¿Ø28™dQ^•¯Tø¡ª)t”¯_r˜ATpK„2ûðtêa„Jî;y#2êbG{·ªöW™,|£<7F> +phz©Ñò] w\ìĘ·}¦ÎD哈©Py~K> °­it>yç¾òú(wGèÑ+(êNôjÔ4¼<34>ˆ<1uógD<E280BA>ád£L!0

7
secrets/secrets.nix
View file

@ -21,8 +21,7 @@ let
systems = [ jeeves_system limonka_system ];
in
{
"home/wifi.env.age".publicKeys = users ++ systems;
"home/jeeves_password.age".publicKeys = users ++ [ jeeves_system ];
"home/wireguard/server.private.age".publicKeys = users ++ [ jeeves_system ];
"home/wireguard/server.public.age".publicKeys = users ++ [ jeeves_system ];
"home/wifi/env.age".publicKeys = users ++ systems;
"home/jeeves/user/password.age".publicKeys = users ++ [ jeeves_system ];
"home/jeeves/wireguard/private.age".publicKeys = users ++ [ jeeves_system ];
}

5
shells/default/default.nix
View file

@ -11,10 +11,11 @@
nix
home-manager
git
wireguard-tools
deploy-rs
# inputs.agenix.packages.${pkgs.system}.agenix
inputs.ragenix.packages.${pkgs.system}.ragenix
wireguard-tools
# inputs.ragenix.packages.${pkgs.system}.ragenix
rage
inputs.agenix-rekey.packages.${pkgs.system}.agenix-rekey
];
}