diff --git a/flake.nix b/flake.nix index a0092d2..b7ef2fb 100644 --- a/flake.nix +++ b/flake.nix @@ -148,7 +148,6 @@ imports = [ ./nix/pkgs.nix - ./nix/machines.nix ./nix/modules.nix ./nix/configurations.nix ./nix/agenix.nix diff --git a/machines/nixos/x86_64-linux/homix/configuration.nix b/machines/nixos/x86_64-linux/homix/configuration.nix index a127563..74ad26e 100644 --- a/machines/nixos/x86_64-linux/homix/configuration.nix +++ b/machines/nixos/x86_64-linux/homix/configuration.nix @@ -205,14 +205,6 @@ enable = true; }; - home-manager = { - backupFileExtension = "hm-bak"; - useUserPackages = true; - useGlobalPkgs = false; - - extraSpecialArgs = { inherit inputs outputs; }; - }; - ### Enable plymouth (bootscreen customizations) boot.plymouth = { enable = true; diff --git a/machines/nixos/x86_64-linux/jeeves/configuration.nix b/machines/nixos/x86_64-linux/jeeves/configuration.nix index 953ddd7..a25542e 100644 --- a/machines/nixos/x86_64-linux/jeeves/configuration.nix +++ b/machines/nixos/x86_64-linux/jeeves/configuration.nix @@ -4,8 +4,6 @@ inputs.hardware.nixosModules.common-cpu-amd inputs.hardware.nixosModules.common-gpu-amd ./disko.nix - inputs.ragenix.nixosModules.default - inputs.agenix-rekey.nixosModules.default ./network.nix ./wireguard.nix ./nginx.nix diff --git a/modules/nixos/agenix-rekey-default/default.nix b/modules/nixos/agenix-rekey-default/default.nix index 78c313d..863414b 100644 --- a/modules/nixos/agenix-rekey-default/default.nix +++ b/modules/nixos/agenix-rekey-default/default.nix @@ -1,11 +1,8 @@ { inputs, outputs, lib, pkgs, config, options, ... }: -let - # NOTE: synced with - dummyPubkey = "age1qyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqs3290gq"; -in { - # TODO: cleaner deep check - config = lib.mkIf (lib.all lib.id [(builtins.hasAttr "age" options) (builtins.hasAttr "rekey" options.age)]) { - age.rekey = lib.mkIf (config.age.rekey.hostPubkey != dummyPubkey) { +{ + config = { + # NOTE: `(r)agenix` and `agenix-rekey` modules are imported by `../../../nix/configurations.nix` + age.rekey = { masterIdentities = lib.mkDefault [ "${inputs.self}/secrets/privkey.age" ]; storageMode = lib.mkDefault "local"; localStorageDir = lib.mkDefault "${inputs.self}/secrets/rekeyed/${config.networking.hostName}"; diff --git a/nix/agenix.nix b/nix/agenix.nix index a82da6d..ed0ea22 100644 --- a/nix/agenix.nix +++ b/nix/agenix.nix @@ -7,9 +7,7 @@ perSystem = { agenix-rekey = { - nodes = { - inherit (self.nixosConfigurations) jeeves; - }; + nodes = self.nixosConfigurations; }; }; } diff --git a/nix/configurations.nix b/nix/configurations.nix index 3353bd4..0ebd331 100644 --- a/nix/configurations.nix +++ b/nix/configurations.nix @@ -1,7 +1,6 @@ { lib, config, self, inputs, withSystem, ... }: let - # TODO: works? outputs = self; inherit (import ./utils.nix { inherit lib self; }) and @@ -45,6 +44,9 @@ let # Home Manager inputs.home-manager.nixosModules.home-manager (homeManagerModule args) + # (r)agenix && agenix-rekey + inputs.ragenix.nixosModules.default + inputs.agenix-rekey.nixosModules.default # nix-topology inputs.nix-topology.nixosModules.default # Sane default `networking.hostName` @@ -134,6 +136,10 @@ let machines)); in { + imports = [ + ./machines.nix + ]; + flake = { # Configurations nixosConfigurations = diff --git a/nix/topology/default.nix b/nix/topology/default.nix index fee59d0..2304f95 100644 --- a/nix/topology/default.nix +++ b/nix/topology/default.nix @@ -50,10 +50,7 @@ }; in { topology = { - nixosConfigurations = { - inherit (self.nixosConfigurations) - jeeves; - }; + nixosConfigurations = self.nixosConfigurations; modules = [ ({ config, ... }: let inherit (config.lib.topology)