add agenix support for secrets

2024-08-09 21:34:46 +02:00 · 2024-08-09 21:34:46 +02:00 · 4ba7d237b7
commit 4ba7d237b7
parent 99dd7bfc16
4 changed files with 36 additions and 1 deletions
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -0,0 +1,4 @@
+{
+  age.secrets = {
+  };
+}
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,13 @@
+let
+  user_eyjhb = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPuma8g+U8Wh+4mLvZoV9V+ngPqxjuIG4zhsbaTeXq65 eyjhb@chronos";
+  user_rendal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGee4uz+HDOj4Y4ANOhWJhoc4mMLP1gz6rpKoMueQF2J rendal@popper";
+  users = [ user_eyjhb user_rendal ];
+
+
+  system_gerd = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJosDVq8j4V50/z6nj2OMBPhqda95HOS1hKLGvo8viLQ";
+  systems = [ system_gerd ];
+
+  defaultAccess = users ++ systems;
+in
+{
+}
--- a/shared/default.nix
+++ b/shared/default.nix
@ -1,5 +1,11 @@
-{
+let
+  sources = import ./sources/sources.nix;
+in {
  imports = [
+    # secrets
+    "${sources.agenix}/modules/age.nix"
+    ./../secrets
+
    ./base/common-config.nix
    ./platforms
    ./modules
--- a/shared/sources/sources.json
+++ b/shared/sources/sources.json
@ -1,4 +1,16 @@
 {
+    "agenix": {
+        "branch": "main",
+        "description": "age-encrypted secrets for NixOS and Home manager",
+        "homepage": "https://matrix.to/#/#agenix:nixos.org",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
+        "sha256": "09aldzzc50121p0b3apj2c0l71jgmbif46a76shlgps8wbbbkr35",
+        "type": "tarball",
+        "url": "https://github.com/ryantm/agenix/archive/3f1dae074a12feb7327b4bf43cbac0d124488bb7.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
    "disko": {
        "branch": "master",
        "description": "Declarative disk partitioning and formatting using nix [maintainer=@Lassulus]",