From 2152c91101acff2a016a19be2b8f666e928b4f45 Mon Sep 17 00:00:00 2001 From: ooks-io Date: Sun, 16 Jun 2024 15:40:02 +1200 Subject: [PATCH] feat(flake): add sshKeys arg --- flake.lock | 236 ++++++++++++++++++++++++++++++++------------ outputs/sshKeys.nix | 14 +++ secrets/keys.nix | 27 +++++ secrets/secrets.nix | 8 ++ 4 files changed, 223 insertions(+), 62 deletions(-) create mode 100644 outputs/sshKeys.nix create mode 100644 secrets/keys.nix create mode 100644 secrets/secrets.nix diff --git a/flake.lock b/flake.lock index 8774fc7..b8276da 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1718371084, + "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=", + "owner": "ryantm", + "repo": "agenix", + "rev": "3a56735779db467538fb2e577eda28a9daacaca6", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "base16-schemes": { "flake": false, "locked": { @@ -58,6 +79,28 @@ "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "devshell": { "inputs": { "flake-utils": "flake-utils_4", @@ -176,7 +219,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1709126324, @@ -194,7 +237,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_7" + "systems": "systems_8" }, "locked": { "lastModified": 1710146030, @@ -212,7 +255,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_8" + "systems": "systems_9" }, "locked": { "lastModified": 1701680307, @@ -230,7 +273,7 @@ }, "flake-utils_5": { "inputs": { - "systems": "systems_11" + "systems": "systems_13" }, "locked": { "lastModified": 1710146030, @@ -270,6 +313,27 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -292,8 +356,8 @@ "hypridle": { "inputs": { "hyprlang": "hyprlang", - "nixpkgs": "nixpkgs", - "systems": "systems_3" + "nixpkgs": "nixpkgs_2", + "systems": "systems_4" }, "locked": { "lastModified": 1716309977, @@ -311,7 +375,7 @@ }, "hyprland-contrib": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1716228712, @@ -358,7 +422,7 @@ "hypridle", "nixpkgs" ], - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1713121246, @@ -405,8 +469,8 @@ }, "hyprlang_3": { "inputs": { - "nixpkgs": "nixpkgs_4", - "systems": "systems_5" + "nixpkgs": "nixpkgs_5", + "systems": "systems_6" }, "locked": { "lastModified": 1713121246, @@ -428,7 +492,7 @@ "xdg-portal-hyprland", "nixpkgs" ], - "systems": "systems_9" + "systems": "systems_11" }, "locked": { "lastModified": 1713121246, @@ -448,8 +512,8 @@ "inputs": { "hyprlang": "hyprlang_2", "hyprutils": "hyprutils", - "nixpkgs": "nixpkgs_3", - "systems": "systems_4" + "nixpkgs": "nixpkgs_4", + "systems": "systems_5" }, "locked": { "lastModified": 1717883389, @@ -468,8 +532,8 @@ "hyprpaper": { "inputs": { "hyprlang": "hyprlang_3", - "nixpkgs": "nixpkgs_5", - "systems": "systems_6" + "nixpkgs": "nixpkgs_6", + "systems": "systems_7" }, "locked": { "lastModified": 1717919427, @@ -647,7 +711,7 @@ "devshell": "devshell", "flake-parts": "flake-parts_2", "flake-root": "flake-root", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "treefmt-nix": "treefmt-nix", "vpnconfinement": "vpnconfinement" }, @@ -667,11 +731,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712963716, - "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { @@ -745,6 +809,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1712963716, + "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1717893485, "narHash": "sha256-WMU6ZRZrBgEUDIF0siu2aIyVAXcxfElSwzZtS/mSpN4=", @@ -761,6 +841,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1712963716, + "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1712163089, "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", @@ -776,7 +872,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1717602782, "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", @@ -792,7 +888,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1708475490, "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=", @@ -808,7 +904,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1712963716, "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", @@ -824,7 +920,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1713562564, "narHash": "sha256-NQpYhgoy0M89g9whRixSwsHb8RFIbwlxeYiVSDwSXJg=", @@ -840,7 +936,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1718160348, "narHash": "sha256-9YrUjdztqi4Gz8n3mBuqvCkMo4ojrA6nASwyIKWMpus=", @@ -856,7 +952,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1718318537, "narHash": "sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY=", @@ -872,22 +968,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1712963716, - "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nmd": { "flake": false, "locked": { @@ -944,7 +1024,7 @@ }, "ooks-scripts": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1718496814, @@ -962,10 +1042,11 @@ }, "root": { "inputs": { + "agenix": "agenix", "firefox-addons": "firefox-addons", "flake-parts": "flake-parts", "helix": "helix", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "hypridle": "hypridle", "hyprland-contrib": "hyprland-contrib", "hyprlock": "hyprlock", @@ -976,9 +1057,10 @@ "nix-index-db": "nix-index-db", "nix-on-droid": "nix-on-droid", "nixarr": "nixarr", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixpkgs-small": "nixpkgs-small", "ooks-scripts": "ooks-scripts", + "systems": "systems_10", "xdg-portal-hyprland": "xdg-portal-hyprland", "zjstatus": "zjstatus" } @@ -1105,6 +1187,36 @@ } }, "systems_11": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_12": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_13": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1121,16 +1233,16 @@ }, "systems_2": { "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default-linux", + "repo": "default", "type": "github" } }, @@ -1196,16 +1308,16 @@ }, "systems_7": { "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default", + "repo": "default-linux", "type": "github" } }, @@ -1226,16 +1338,16 @@ }, "systems_9": { "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default-linux", + "repo": "default", "type": "github" } }, @@ -1285,8 +1397,8 @@ "inputs": { "hyprland-protocols": "hyprland-protocols", "hyprlang": "hyprlang_4", - "nixpkgs": "nixpkgs_9", - "systems": "systems_10" + "nixpkgs": "nixpkgs_10", + "systems": "systems_12" }, "locked": { "lastModified": 1718272114, @@ -1306,7 +1418,7 @@ "inputs": { "crane": "crane_2", "flake-utils": "flake-utils_5", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "rust-overlay": "rust-overlay_3" }, "locked": { diff --git a/outputs/sshKeys.nix b/outputs/sshKeys.nix new file mode 100644 index 0000000..0c5fd9f --- /dev/null +++ b/outputs/sshKeys.nix @@ -0,0 +1,14 @@ +let + sshKeys = import ../secrets/keys.nix; +in + +{ + perSystem = { config, ... }: { + imports = [ + { + _module.args.keys = sshKeys; + } + ]; + }; + flake.keys = sshKeys; +} diff --git a/secrets/keys.nix b/secrets/keys.nix new file mode 100644 index 0000000..1e90f02 --- /dev/null +++ b/secrets/keys.nix @@ -0,0 +1,27 @@ +let + users = { + ooks = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEx2kNirkcFrNji+qz7KX+zdRxpgJyOwK0vyBrx9Ae3c"; + }; + + hosts = { + ooksdesk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBn3ff3HaZHIyH4K13k8Mwqu/o7jIABJ8rANK+r2PfJk"; + ooksmedia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7ttz1jTy+byfzi874vogy3ZPLW9+8W2o512tdsqUUV"; + ookst480s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWFZwTuHIITHa7s4Zp6KPF2suZIMXZbe085OiG0GRh5"; + ooksphone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINredx07UAk2l1wUPujYnmJci1+XEmcUuSX0DIYg6Vzz"; + ooksmicro = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUSu2iy3GvMXT5eEDAymIwSQe8UuVG5GH5FJ408JiG4"; + ooksx1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBR6Cyx64Qjth/4aS2x95scEkfiOnsCzufMZW5e41bfE"; + }; + + workstations = [ + hosts.ooksdesk + hosts.ooksmedia + hosts.ookst480s + hosts.ooksphone + hosts.ooksmicro + hosts.ooksx1 + ]; +in + +{ + inherit users hosts workstations; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..10c9384 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,8 @@ +let + keys = import ./keys.nix; + inherit (keys) users workstations; +in + +{ + "tailscale.age".publicKeys = [ users.ooks] ++ workstations; +}