From 9b0944ba69ca8d588bf74c98d0aec24bf72d395d Mon Sep 17 00:00:00 2001 From: jacekpoz Date: Wed, 13 Sep 2023 16:52:19 +0200 Subject: [PATCH] feat: add agenix --- flake.lock | 312 ++++++++++++++++--------- flake.nix | 2 + hosts/chmura/ankisyncd.nix | 18 +- hosts/chmura/default.nix | 2 +- secrets/ankisyncd-user-credentials.age | 13 ++ secrets/secrets.nix | 12 + 6 files changed, 241 insertions(+), 118 deletions(-) create mode 100644 secrets/ankisyncd-user-credentials.age create mode 100644 secrets/secrets.nix diff --git a/flake.lock b/flake.lock index 082ba66e..865d6475 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1690228878, + "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=", + "owner": "ryantm", + "repo": "agenix", + "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "alpha-nvim": { "flake": false, "locked": { @@ -266,14 +286,14 @@ "crane": "crane", "fenix": "fenix", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1692800322, - "narHash": "sha256-v3Q5JUQK9CCKWkKvtDAWhN+XZGtC7wKVFtItxkiTlsA=", + "lastModified": 1694457246, + "narHash": "sha256-PkdsgIbzxW4YwfrHlX2nPup3pbyyzrVOkvh6PW+BxNk=", "owner": "famedly", "repo": "conduit", - "rev": "90fea00dc78a50e50aa0ebc4f4d23d9324066922", + "rev": "fa725a14e2309ed416ef53ef8282303300190c61", "type": "gitlab" }, "original": { @@ -388,6 +408,28 @@ "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "dashboard-nvim": { "flake": false, "locked": { @@ -531,11 +573,11 @@ "rust-analyzer-src": "rust-analyzer-src_2" }, "locked": { - "lastModified": 1694154052, - "narHash": "sha256-xpPpaKw9U96nlbiDkdkD5YpAjNLyNwBObuzKgcvn2h4=", + "lastModified": 1694586081, + "narHash": "sha256-DNAohcMcTJNiFJ2hTTS6R+yaqVU+QVzp1uRsz0Ctiac=", "owner": "nix-community", "repo": "fenix", - "rev": "c4b696516500a6417f8a190a55c5084d31934bae", + "rev": "b16b1f21654b9490c662f6fd0a8fe3774a4b1606", "type": "github" }, "original": { @@ -571,11 +613,11 @@ ] }, "locked": { - "lastModified": 1694175607, - "narHash": "sha256-52/dxl8Xie3/2VsQRrLrmh5Zi9I2/Zt8RBKnu9poZNE=", + "lastModified": 1694606853, + "narHash": "sha256-WG8YibN+5rAutGV6G9fJeVwBQvUKA8QzmardxV8Y+WA=", "owner": "colemickens", "repo": "flake-firefox-nightly", - "rev": "45f0b65a82def88d3840541cbc53aa063528ba2d", + "rev": "afc72452a7cbaba9b761dd830f4cc55f9b2fa806", "type": "github" }, "original": { @@ -783,11 +825,11 @@ "nixpkgs-lib": "nixpkgs-lib_3" }, "locked": { - "lastModified": 1690933134, - "narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=", + "lastModified": 1693611461, + "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb", + "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", "type": "github" }, "original": { @@ -954,11 +996,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1692799911, - "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -1067,15 +1109,15 @@ "inputs": { "crane": "crane_2", "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1694193342, - "narHash": "sha256-lHx6rFJBQ9xeFyS/kadZoJADIjmOJCmQJbA4AwyVKXk=", + "lastModified": 1694552781, + "narHash": "sha256-ONkpaNbRaSrNZvNjea3yBjNqhNXTuO8VFlK7CR4/0W4=", "owner": "helix-editor", "repo": "helix", - "rev": "14401ff75b90cbd98d39eb4b7b5442ad43b49e31", + "rev": "729f32de21d6ead25c1795f262b1be6661016b46", "type": "github" }, "original": { @@ -1088,7 +1130,7 @@ "inputs": { "flake-parts": "flake-parts_5", "haskell-flake": "haskell-flake", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1688568579, @@ -1107,7 +1149,7 @@ "inputs": { "flake-parts": "flake-parts_8", "haskell-flake": "haskell-flake_2", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1688568579, @@ -1174,15 +1216,36 @@ "home-manager": { "inputs": { "nixpkgs": [ + "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1694134858, - "narHash": "sha256-fG/ESauOGmiojKlpJG8gB62dJa5Wd+ZIuiDMKK/HD3g=", + "lastModified": 1682203081, + "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", "owner": "nix-community", "repo": "home-manager", - "rev": "19c6a4081b14443420358262f8416149bd79561a", + "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1694585439, + "narHash": "sha256-70BlfEsdURx5f8sioj8JuM+R4/SZFyE8UYrULMknxlI=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "a0ddf43b6268f1717afcda54133dea30435eb178", "type": "github" }, "original": { @@ -1209,7 +1272,7 @@ }, "hyprcontrib": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1693997747, @@ -1228,17 +1291,17 @@ "hyprland": { "inputs": { "hyprland-protocols": "hyprland-protocols", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "systems": "systems_3", "wlroots": "wlroots", "xdph": "xdph" }, "locked": { - "lastModified": 1694193424, - "narHash": "sha256-aTSjv6ydg56AHB2CrOr89LYdnPYK+yKx7GG/55AMoyM=", + "lastModified": 1694602099, + "narHash": "sha256-XzMzOcR/h+1ZnbaqRHPJIc6BuRJFsP+42beGYuvYYYI=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "664827473583f8e986f9fb2a37a13e9b3a232cc2", + "rev": "2ad429dfe0687b34c1a4d950e7715f0c8550bed5", "type": "github" }, "original": { @@ -1362,11 +1425,11 @@ "nixpkgs-lib": "nixpkgs-lib_4" }, "locked": { - "lastModified": 1693844549, - "narHash": "sha256-q37gKJEJ8H+bvcQRuZpbGTDU/GvyrpMtaejhFvS8mSc=", + "lastModified": 1694606970, + "narHash": "sha256-ZFLOqdkQ5mww+hSyi3197iwD+3qKiZyrspumzmyo5GQ=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "80552e56920ed1acc248596a13d8f0b4932138d3", + "rev": "d3726e6c98c3110deb9901346a9cfaeac844d292", "type": "github" }, "original": { @@ -1688,11 +1751,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1694130713, - "narHash": "sha256-jZae7bEHY0a4QTEDY5EA4nfhSOsZ3G5a+9xO9IWFbhM=", + "lastModified": 1694530540, + "narHash": "sha256-vDK+iO1nZjKE3xzAfeDBr2zKa3nBGvXrb4VfFxRFpLk=", "owner": "neovim", "repo": "neovim", - "rev": "6a8b48e24cbe070846dd1d234553b3fdeb19460e", + "rev": "1f551e068f728ff38bd7fdcfa3a6daf362bab9da", "type": "github" }, "original": { @@ -1708,14 +1771,14 @@ "flake-parts": "flake-parts_3", "hercules-ci-effects": "hercules-ci-effects", "neovim-flake": "neovim-flake_2", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1694131520, - "narHash": "sha256-3jOQRBp5hmAadITkmOo+ac8iBw5QdlX/+NOzyzMiiFc=", + "lastModified": 1694563461, + "narHash": "sha256-ILJ9RnF0h3Lt7CZwxggfUB+enadTt24JNDyDHSwpvz0=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "44cd51775a48189188769e98738630a9d7b306c7", + "rev": "e66f37fcd1e013c7925b26aed7cf019294edcb27", "type": "github" }, "original": { @@ -1753,15 +1816,15 @@ "nix-eval-jobs": { "inputs": { "flake-parts": "flake-parts_9", - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_13", "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1694051403, - "narHash": "sha256-TbCcylrAPLhKu7s7mnjwQjkrqBMjI9/ysiysfKn5XHs=", + "lastModified": 1694502427, + "narHash": "sha256-sEvFWZwBtLn/5RCOFDHP5Oj2T+nu6f8A7rs74gu4t7o=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "9cc7944c28c2bc5de3c96c253b3fd814c1cb85dd", + "rev": "15ec2c466356b3267abe0fd993b5d8992c73381f", "type": "github" }, "original": { @@ -1793,11 +1856,11 @@ ] }, "locked": { - "lastModified": 1693875863, - "narHash": "sha256-lSZ6tSiZrN2siMgs4XZqWXBuPo3KatJzb9HTMnuYmbE=", + "lastModified": 1694504359, + "narHash": "sha256-7OFonlxxgnXADfH7KRSATxCSckPsM9vhxJsPUJpjJQw=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "230444c2ac67c2c8f3aee8e8b94a4c732f7f85c2", + "rev": "f7b06b2b2f13b2599bc4b3b4aace72eac17b0d05", "type": "github" }, "original": { @@ -1830,11 +1893,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1689444953, - "narHash": "sha256-0o56bfb2LC38wrinPdCGLDScd77LVcr7CrH1zK7qvDg=", + "lastModified": 1677676435, + "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8acef304efe70152463a6399f73e636bcc363813", + "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169", "type": "github" }, "original": { @@ -1883,11 +1946,11 @@ "nixpkgs-lib_3": { "locked": { "dir": "lib", - "lastModified": 1690881714, - "narHash": "sha256-h/nXluEqdiQHs1oSgkOOWF+j8gcJMWhwnZ9PFabN6q0=", + "lastModified": 1693471703, + "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9e1960bc196baf6881340d53dccb203a951745a2", + "rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85", "type": "github" }, "original": { @@ -1900,11 +1963,11 @@ }, "nixpkgs-lib_4": { "locked": { - "lastModified": 1693701915, - "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=", + "lastModified": 1694306727, + "narHash": "sha256-26fkTOJOI65NOTNKFvtcJF9mzzf/kK9swHzfYt1Dl6Q=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25", + "rev": "c30b6a84c0b84ec7aecbe74466033facc9ed103f", "type": "github" }, "original": { @@ -1918,14 +1981,14 @@ "flake-compat": "flake-compat_6", "lib-aggregate": "lib-aggregate", "nix-eval-jobs": "nix-eval-jobs", - "nixpkgs": "nixpkgs_13" + "nixpkgs": "nixpkgs_14" }, "locked": { - "lastModified": 1694207665, - "narHash": "sha256-4ryQHU4lOsd3laO5+CmAN3jYZ9aYEYtIHC27tvIvMNA=", + "lastModified": 1694611203, + "narHash": "sha256-wiGUYvuUKYhI6gWh6qvMBBd++teANv/+HAGQDArFLpA=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "61ed36eb2d779de52b83e9ae324b45927e53e22f", + "rev": "17b376a3ce8e880247b1f18f28807572e3275a53", "type": "github" }, "original": { @@ -1935,6 +1998,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1694501121, + "narHash": "sha256-uj7YWhs7FTv1slqb9Sj1+Q0dYtwQDC4URfOXB9XWKjs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1ee50a29288f768c55211963be8040671814986d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1688322751, "narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=", @@ -1950,13 +2029,13 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { - "lastModified": 1693985761, - "narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=", + "lastModified": 1694422566, + "narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0bffda19b8af722f8069d09d8b6a24594c80b352", + "rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb", "type": "github" }, "original": { @@ -1966,13 +2045,13 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { - "lastModified": 1694048283, - "narHash": "sha256-QexXMDukc4fmXq5SJsDg8WRA6+FiEOt+PB3hx+fbc8o=", + "lastModified": 1694393089, + "narHash": "sha256-jUJs+1e7eTcXvG3+Muoytq8kVBmGak0Ylo3yn8sVYBg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "308e5f73e17dc2fe43ba95ec83697999b5dd544d", + "rev": "ca40349951374b558bc49465f92f1ff8856f095d", "type": "github" }, "original": { @@ -1982,13 +2061,13 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { - "lastModified": 1693985761, - "narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=", + "lastModified": 1694422566, + "narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0bffda19b8af722f8069d09d8b6a24594c80b352", + "rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb", "type": "github" }, "original": { @@ -1998,7 +2077,7 @@ "type": "github" } }, - "nixpkgs_14": { + "nixpkgs_15": { "locked": { "lastModified": 1682809678, "narHash": "sha256-jqR8t82mWotOSgnWZvr6xXCO/tc3fCPTLMPvI7Jo5rA=", @@ -2015,6 +2094,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1689444953, + "narHash": "sha256-0o56bfb2LC38wrinPdCGLDScd77LVcr7CrH1zK7qvDg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8acef304efe70152463a6399f73e636bcc363813", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1690272529, "narHash": "sha256-MakzcKXEdv/I4qJUtq/k/eG+rVmyOZLnYNC2w1mB59Y=", @@ -2030,7 +2125,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1658161305, "narHash": "sha256-X/nhnMCa1Wx4YapsspyAs6QYz6T/85FofrI6NpdPDHg=", @@ -2046,7 +2141,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1693844670, "narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=", @@ -2062,7 +2157,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1656753965, "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", @@ -2078,7 +2173,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1655400192, "narHash": "sha256-49OBVVRgb9H/PSmNT9W61+NRdDbuSJVuDDflwXlaUKU=", @@ -2094,7 +2189,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1689088367, "narHash": "sha256-Y2tl2TlKCWEHrOeM9ivjCLlRAKH3qoPUE/emhZECU14=", @@ -2110,7 +2205,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1688322751, "narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=", @@ -2126,22 +2221,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1694032533, - "narHash": "sha256-I8cfCV/4JNJJ8KHOTxTU1EphKT8ARSb4s9pq99prYV0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "efd23a1c9ae8c574e2ca923c2b2dc336797f4cc4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nmd": { "flake": false, "locked": { @@ -2208,11 +2287,11 @@ }, "nur": { "locked": { - "lastModified": 1694205411, - "narHash": "sha256-+YFpxUt0uaU5STtipAClw2AmO3am0//5TZflTO7jCGc=", + "lastModified": 1694609842, + "narHash": "sha256-ba6wDDjLFFzbeQEC+c3muCbq93Lqf26Fdf71xQGFz8o=", "owner": "nix-community", "repo": "NUR", - "rev": "cb2799c3e5aa3b2fa1b0dce240688af0af17d538", + "rev": "b89df3452499c34db9f1dea5b403e8bad5e416b9", "type": "github" }, "original": { @@ -2672,7 +2751,7 @@ "rnix-lsp": { "inputs": { "naersk": "naersk", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "utils": "utils" }, "locked": { @@ -2691,12 +2770,13 @@ }, "root": { "inputs": { + "agenix": "agenix", "anyrun": "anyrun", "conduit": "conduit", "fenix": "fenix_2", "firefox-nightly": "firefox-nightly", "helix": "helix", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "hyprcontrib": "hyprcontrib", "hyprland": "hyprland", "hyprland-plugins": "hyprland-plugins", @@ -2704,7 +2784,7 @@ "neovim-nightly-overlay": "neovim-nightly-overlay", "nix-gaming": "nix-gaming", "nixpak": "nixpak", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "nixpkgs-wayland": "nixpkgs-wayland", "nur": "nur", "shadower": "shadower", @@ -2731,11 +2811,11 @@ "rust-analyzer-src_2": { "flake": false, "locked": { - "lastModified": 1694107677, - "narHash": "sha256-XZ3nHfC93wdLt/cQXg9kkzmeh6pYtR3TvGwZv+bOHX4=", + "lastModified": 1694553088, + "narHash": "sha256-vnPa/OueHI+Dx7NKB34f5SI7Mmz/VSrP+IAoGNKueU0=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "d5b6ab2fa593f527ad8d0c4fd1038baf91cdd3e7", + "rev": "15e13561499dbe90ef07cf37a90c1cedafc53e28", "type": "github" }, "original": { @@ -2859,7 +2939,7 @@ "shadower": { "inputs": { "naersk": "naersk_2", - "nixpkgs": "nixpkgs_14" + "nixpkgs": "nixpkgs_15" }, "locked": { "lastModified": 1683924844, @@ -2899,15 +2979,15 @@ "nix-filter": "nix-filter" }, "locked": { - "lastModified": 1694032092, - "narHash": "sha256-oEkWQQRl1m2sjQ9BvvlPjAsnjcxPs0low8mLI4oPwd0=", - "owner": "NotAShelf", + "lastModified": 1694612287, + "narHash": "sha256-+biIUON7Jn37c/BKMVIcXccYTxdrWgGPLuQYXrv1Wf0=", + "owner": "Duckonaut", "repo": "split-monitor-workspaces", - "rev": "3d234263ec38f09a89546cd6e217a2a177c96bba", + "rev": "1945b52b1806122fd39f04180eb521df0025af5f", "type": "github" }, "original": { - "owner": "NotAShelf", + "owner": "Duckonaut", "repo": "split-monitor-workspaces", "type": "github" } @@ -3087,7 +3167,7 @@ "tidalcycles": { "inputs": { "dirt-samples-src": "dirt-samples-src", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "superdirt-src": "superdirt-src", "tidal-src": "tidal-src", "utils": "utils_2", @@ -3374,18 +3454,18 @@ "flake": false, "locked": { "host": "gitlab.freedesktop.org", - "lastModified": 1692976565, - "narHash": "sha256-eBKkG7tMxg92NskEn8dHRFY245JwjirWRoOZzW6DnUw=", + "lastModified": 1694302348, + "narHash": "sha256-S9NOc88L/1jpNKJqBu2Hihvn0V1HHCK2hXE4bNBAStg=", "owner": "wlroots", "repo": "wlroots", - "rev": "717ded9bb0191ea31bf4368be32e7a15fe1b8294", + "rev": "65bbbbbf0c3d6844cee3c4e294d0ba07e1f82211", "type": "gitlab" }, "original": { "host": "gitlab.freedesktop.org", "owner": "wlroots", "repo": "wlroots", - "rev": "717ded9bb0191ea31bf4368be32e7a15fe1b8294", + "rev": "65bbbbbf0c3d6844cee3c4e294d0ba07e1f82211", "type": "gitlab" } }, @@ -3422,7 +3502,7 @@ "inputs": { "flake-compat": "flake-compat_4", "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1690718829, diff --git a/flake.nix b/flake.nix index ed521f86..753d95d4 100644 --- a/flake.nix +++ b/flake.nix @@ -76,5 +76,7 @@ url = "github:NotAShelf/neovim-flake"; inputs.nixpkgs.follows = "nixpkgs"; }; + + agenix.url = "github:ryantm/agenix"; }; } diff --git a/hosts/chmura/ankisyncd.nix b/hosts/chmura/ankisyncd.nix index bc74d1bd..8e7bff67 100644 --- a/hosts/chmura/ankisyncd.nix +++ b/hosts/chmura/ankisyncd.nix @@ -1,6 +1,11 @@ -_: { +{ + config, + config', + ... +}: { services.ankisyncd = { enable = true; + port = 27701; }; services.caddy = { @@ -9,4 +14,15 @@ _: { reverse_proxy * localhost:27701 ''; }; + + age.secrets.ankisyncd-user-credentials = { + file = ../../secrets/ankisyncd-user-credentials.age; + mode = "700"; + owner = config'.username; + group = "users"; + }; + + environment.sessionVariables = { + SYNC_USER1 = "${builtins.readFile config.age.secrets.ankisyncd-user-credentials.path}"; + }; } diff --git a/hosts/chmura/default.nix b/hosts/chmura/default.nix index 0fe67ba7..578247a8 100644 --- a/hosts/chmura/default.nix +++ b/hosts/chmura/default.nix @@ -1,6 +1,6 @@ _: { imports = [ - #./ankisyncd.nix + ./ankisyncd.nix ./conduit.nix ./configuration.nix #./freshrss.nix diff --git a/secrets/ankisyncd-user-credentials.age b/secrets/ankisyncd-user-credentials.age new file mode 100644 index 00000000..ac6a8d8b --- /dev/null +++ b/secrets/ankisyncd-user-credentials.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 05IAmg Mv3hFHx2TrjGG4mAN5bUUjskd8u6eOQ+aQ+OSNt0bBI +ushr6qeamUtpdTrBl5duuKuIZgduaFC3QqvvHhKTNAI +-> ssh-ed25519 HC8P8A 6TfhS54C1jHGR4d9YLKk3DY562qx1zhiBjt3P+7rAiA +jwfCWgek44wWPQHbBJbbr3JgWvCk5SJtqL+axnBdGZA +-> ssh-ed25519 sItgaw 8wDj/vfOPOeBOHVLjTZ4y6kaccTZ++zBMNWV7e8sjmU +pWQHSFuAv9bcCQy80nt4h77rJuT3mR9XxojZorMm2lE +-> ssh-ed25519 YQNd1g 3MeluHTgy3q1i3MiSY6wfPLxSEn9s6Pq4fZJqvvmkg0 +6iXY6/DgAcBTeKMwGej5IIMCIf0UaFdAg4nOtXzCezE +-> v(Mu$-grease 6ZM j\*p(1xm P +wTHgdc2cxfJmMxzSGsoowlNiHv8mCROnMFBLsBb2g32HdcA +--- uEUkiLSaxQxtU+EL1WNFAk2hVFVKR0yadGGQTNJL6QE +EnÀòÿ(77M¿æÕ4@²qîI[*ÖÂ7R<¬qI Ôp¶‹ò"*á^V³b9ñ‡¹#A \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 00000000..7edf59d1 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,12 @@ +let + niks_user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEn27EWjZsUbvMVB4ZclriSWq8wa5bxe33pMWTlPriyQ"; + chmura_user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGwssK9tuGPxhbcCypQjm0NBJ5JwS+iG1IIfiAkgzVH"; + + niks_host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII5fzl9Nswqe4QSRmNIGaMJOYL/fDZluM1Q1VcUMTuBA"; + chmura_host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGkZ5QVexLBOnx7KPRINF0Fe9IG2oG/mYPPLw817iLXs"; + + niks = [ niks_user niks_host ]; + chmura = [ chmura_user chmura_host ]; +in { + "ankisyncd-user-credentials.age".publicKeys = niks ++ chmura; +}