From 2850c5a861fd19b130c0cd85814e8e1a827ab378 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Mon, 6 Jun 2022 11:47:50 +0200 Subject: [PATCH] flake: update nix --- flake.lock | 53 +++++++++++++------------- flake.nix | 2 +- nixos/.sops.yaml | 6 +-- nixos/{thinkman => modules}/backup.nix | 1 - nixos/modules/users.nix | 5 +++ nixos/secrets/keys/disasm.asc | 0 nixos/serverle/configuration.nix | 2 +- nixos/thinkman/configuration.nix | 8 ++-- nixos/thinkman/secrets.yaml | 5 ++- 9 files changed, 42 insertions(+), 40 deletions(-) rename nixos/{thinkman => modules}/backup.nix (98%) delete mode 100644 nixos/secrets/keys/disasm.asc diff --git a/flake.lock b/flake.lock index d205644..331c318 100644 --- a/flake.lock +++ b/flake.lock @@ -97,16 +97,15 @@ "nixpkgs-regression": "nixpkgs-regression" }, "locked": { - "lastModified": 1650397666, - "narHash": "sha256-gWYNlEyleqkPfxtGXeq6ggjzJwcXJVdieJxA1Obly9s=", + "lastModified": 1654239108, + "narHash": "sha256-0JzuElxLe5DxM+R4tvBYfvQnMGCERZy4KMRf0JYxxS4=", "owner": "NixOS", "repo": "nix", - "rev": "69c6fb12eea414382f0b945c0d6c574c43c7c9a3", + "rev": "1dd7253133c4dfd2e7a16ad6fe505442cef38a5b", "type": "github" }, "original": { "owner": "NixOS", - "ref": "2.8.0", "repo": "nix", "type": "github" } @@ -143,11 +142,11 @@ }, "nixpkgs-21_11": { "locked": { - "lastModified": 1653819578, - "narHash": "sha256-a1vaUl6VZz1NsWxMw0i5lRyHIOVUIuMZdQzV+4s+rY8=", + "lastModified": 1654346688, + "narHash": "sha256-Y7QtZkfdxTvACCvWmDjpN6qOf4OKkZATufHcJP2VMKM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "baa82d4b626288c7439eeea073a18aabbe435991", + "rev": "2de556c4cd46a59e8ce2f85ee4dd400983213d45", "type": "github" }, "original": { @@ -159,11 +158,11 @@ }, "nixpkgs-22_05": { "locked": { - "lastModified": 1653822412, - "narHash": "sha256-xZwMDQ8MdNiTwE8dcKAX1h3qCmLtuudNGxmFUX3xIes=", + "lastModified": 1654373220, + "narHash": "sha256-3vKFnZz2oYHo4YcelaNOhO4XQ2jiIEXrp1s4w+e773c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "db78278ff296cf21eca7e8c08ee99707387a54fa", + "rev": "d6cb04299ce8964290ae7fdcb87aa50da0500b5c", "type": "github" }, "original": { @@ -183,18 +182,19 @@ "type": "github" }, "original": { - "id": "nixpkgs", + "owner": "NixOS", + "repo": "nixpkgs", "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "indirect" + "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1653931853, - "narHash": "sha256-O3wncIouj9x7gBPntzHeK/Hkmm9M1SGlYq7JI7saTAE=", + "lastModified": 1654230545, + "narHash": "sha256-8Vlwf0x8ow6pPOK2a04bT+pxIeRnM1+O0Xv9/CuDzRs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f1c167688a6f81f4a51ab542e5f476c8c595e457", + "rev": "236cc2971ac72acd90f0ae3a797f9f83098b17ec", "type": "github" }, "original": { @@ -213,18 +213,19 @@ "type": "github" }, "original": { - "id": "nixpkgs", + "owner": "NixOS", "ref": "nixos-21.05-small", - "type": "indirect" + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_3": { "locked": { - "lastModified": 1654005557, - "narHash": "sha256-J6elwUzPoco+r5qWPHhvS2EHVWomUtNcxzkfdAQOwEU=", + "lastModified": 1654360807, + "narHash": "sha256-wYG86PUkPZ1P/oHsCpepTkb/U26poaEPPp1XFjRsgdA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "08950a6e29cf7bddee466592eb790a417550f7f9", + "rev": "d9794b04bffb468b886c553557489977ae5f4c65", "type": "github" }, "original": { @@ -235,11 +236,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1654126564, - "narHash": "sha256-sgDXDKGmUG4h7OPDOHyQggFQ08ZqVzUIPi8351yhugY=", + "lastModified": 1654245945, + "narHash": "sha256-PV6MZ+HuNnyLxQGa2rwt0BmCRkQS2xqhc+SeJLQM+WU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f1c9c23aad972787f00f175651e4cb0d7c7fd5ea", + "rev": "442db9429b9fbdb6352cfb937afc8ecccfe2633f", "type": "github" }, "original": { @@ -284,11 +285,11 @@ "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1653827546, - "narHash": "sha256-va51HFf7UwktvriIbe9pjRPMr7p8IaxrwcDlZe7twzI=", + "lastModified": 1654401128, + "narHash": "sha256-uCdQ2fzIPGakHw2TkvOncUvCl7Fo7z/vagpDWYooO7s=", "owner": "Mic92", "repo": "sops-nix", - "rev": "36b5901782e7fbfc191cace910f67f8b8743f678", + "rev": "f075361ecbde21535b38e41dfaa28a28f160855c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5839e12..67623e6 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,7 @@ inputs = { flake-utils.url = "github:numtide/flake-utils"; - nix.url = "github:NixOS/nix/2.8.0"; + nix.url = "github:NixOS/nix"; nixpkgs.url = "nixpkgs/nixos-22.05"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; diff --git a/nixos/.sops.yaml b/nixos/.sops.yaml index 3ba21b5..e40cb42 100644 --- a/nixos/.sops.yaml +++ b/nixos/.sops.yaml @@ -1,10 +1,6 @@ -# This example uses YAML anchors which allows reuse of multiple keys -# without having to repeat yourself. -# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml -# for a more complex example. keys: - &admin_felix age1hf8m9upp00dr7qv2kmqdr50fpvd9ejzkfu8yknqnuda2aas2tvrs4l3u7m - - &thinkman age1t485hyawp2zfddetpa7ss2qn8zjk6fh2rjwjs3mcqq7u9lwh9eaqe9244x + - &thinkman age1spt854cdscqs757a8kazth52rv4p9udh54suw9lpzlqg5savyapq2u0c03 - &serverle age14nt7qcsrye0vrpk0xcgcfmhkxwwumna39fpn83g3x0zml62skatqpnmhk4 creation_rules: - path_regex: secrets.yaml$ diff --git a/nixos/thinkman/backup.nix b/nixos/modules/backup.nix similarity index 98% rename from nixos/thinkman/backup.nix rename to nixos/modules/backup.nix index daf4754..7ff9d59 100644 --- a/nixos/thinkman/backup.nix +++ b/nixos/modules/backup.nix @@ -28,7 +28,6 @@ in borgbackupMonitor ]; - sops.defaultSopsFile = ./secrets.yaml; sops.secrets.borgbackup_password = { }; sops.secrets.borgbackup_private_ssh_key = { }; diff --git a/nixos/modules/users.nix b/nixos/modules/users.nix index fc86d0b..3468219 100644 --- a/nixos/modules/users.nix +++ b/nixos/modules/users.nix @@ -1,5 +1,9 @@ { config, pkgs, lib, ... }: { + #sops.defaultSopsFile = ../secrets + "/${config.networking.hostName}/secrets.yaml"; + sops.secrets.felix-password.neededForUsers = true; + sops.secrets.felix-password = { }; + users.users.felix = { isNormalUser = true; home = "/home/felix"; @@ -15,6 +19,7 @@ "networkmanager" "video" ]; + passwordFile = config.sops.secrets.felix-password.path; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman" ]; }; diff --git a/nixos/secrets/keys/disasm.asc b/nixos/secrets/keys/disasm.asc deleted file mode 100644 index e69de29..0000000 diff --git a/nixos/serverle/configuration.nix b/nixos/serverle/configuration.nix index 0467ed8..2106f2b 100644 --- a/nixos/serverle/configuration.nix +++ b/nixos/serverle/configuration.nix @@ -13,8 +13,8 @@ ../modules/networkdecrypt.nix ../modules/nix.nix ../modules/ssh.nix - ../modules/webapps/config.nix ../modules/webapps/bazarr.nix + ../modules/webapps/config.nix ../modules/webapps/homer.nix ../modules/webapps/jellyfin.nix ../modules/webapps/navidrome.nix diff --git a/nixos/thinkman/configuration.nix b/nixos/thinkman/configuration.nix index ed90e7e..3ee42b3 100644 --- a/nixos/thinkman/configuration.nix +++ b/nixos/thinkman/configuration.nix @@ -3,16 +3,15 @@ imports = [ ./disks.nix ./hardware-configuration.nix - ../modules/sway.nix - ./backup.nix ../modules/3d-design.nix ../modules/android.nix ../modules/avahi.nix + ../modules/backup.nix ../modules/bluetooth-audio.nix ../modules/clean.nix ../modules/compression.nix - ../modules/desktop-development.nix ../modules/desktop-default.nix + ../modules/desktop-development.nix ../modules/development.nix ../modules/docker.nix ../modules/filesystem.nix @@ -30,6 +29,7 @@ ../modules/printer.nix ../modules/screen-sharing.nix ../modules/sound.nix + ../modules/sway.nix ../modules/sync.nix ../modules/systemd-user.nix ../modules/systemduefi.nix @@ -42,7 +42,7 @@ networking.hostName = "thinkman"; sops.defaultSopsFile = ./secrets.yaml; - sops.age.sshKeyPaths = [ "/home/felix/.ssh/keys/local_ed25519" ]; + #sops.age.keyFile = "/var/lib/sops-nix/key.txt"; # Use latest kernel boot.kernelPackages = pkgs.linuxPackages_latest; diff --git a/nixos/thinkman/secrets.yaml b/nixos/thinkman/secrets.yaml index 0893cb5..d1fc43c 100644 --- a/nixos/thinkman/secrets.yaml +++ b/nixos/thinkman/secrets.yaml @@ -1,3 +1,4 @@ +felix-password: ENC[AES256_GCM,data:xISAZHKQgH4DcKTl,iv:Q9TbDnVz6dBquPLgXfFYcpDeFOQfGBTbuCOOWKNhXX8=,tag:Eq7EGOv5mZrtaET6h2eEwg==,type:str] borgbackup_password: ENC[AES256_GCM,data:+LCiZ3ttCR4lsy3vJPPUdhbSKxbghoT3lg==,iv:FaIJoZggZNCRuHyfWUQ+DDSBFzbP8Nh90nn7+gUlRak=,tag:7FysidMti7NBkLyHvoYZtw==,type:str] borgbackup_private_ssh_key: ENC[AES256_GCM,data:XO43VMaX0T0OlImTZWvmrKl5Ph48TMXVWNHcP0Ez9whJLTArnySImh5Tv5i9v7c4ASDypBuUarZYwbdcYbOBwJV3PQxD4RR7QSuP/nB3QVha7ytgGYPbH3CZ3+uHCCyf1f5ZUoZMxTrJRDGURJNKpfkCySizXvEHhrDiO1mLZzuHq7kRujNR/+ymDp9gooacMPwGunj3fd8P3QQ3t7EM844Q02tLVy5og82qDePw0h/S9CTjnJkt5Rjl/CCc/pKn9oZ9XYOG57RUOcWyyF0PTc4wlZiBnG1H/m0LvKt3ThnLNRrOrOyulven35gMbr0cfs1UeBcAj6OnmrFeWIa72d/JTSMCa+KtUuIWrG3H2InqVLan9rMrQpQl92onb6vEnCIlhZdgWfRjRotplcxCFlLKpAgUo+bIIuWpb5hIoTKjAuHmz2byNbEgeYxIMSty93aj1BEbMIuzmTjWabsd0vqkKKouzlCN+9avT1TBoOG2anOEHWmYs44wsJN30z4px5c7pEP3qWpXkPhf1ecz,iv:v73n2tYZ2b4NF0xjeBvC3rKijkchb93xZA+Z9LUzBqE=,tag:6yhSJH3UB3Rajr36WdcXfA==,type:str] sops: @@ -24,8 +25,8 @@ sops: V0RYMTRlSmtxQXgxeURDTWoxNW40MEUKsAaewEOrlH3XFXLs4vGt62J3uU9hlbkN a+3MDTcPzwTdT46q7cRp/vLFvEtWj1alwY+wzF8m3H4aLy2pdKz7+g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-06-03T20:28:28Z" - mac: ENC[AES256_GCM,data:a0K63CIODtYkzE/ewcT3mBe9xqY1pOp5VZmlmLiQKo7MtC0FNHdgBA0fyvvhqtDK9qf6CiKOY3UgkZ9kzSBkZh6Cm5wih5d+Ga7NFkhtBCfimaBi5tCjWlOnE4veU501fcieO3rmelj13D33cFfQjVzUHpJcm+3/bZEkbViIMiU=,iv:cZyb56UV370QojhMslbfwPv3Fxqs1hrkmay5bJ/gEr0=,tag:XDTaVUEz10/gBpvzy0ERDA==,type:str] + lastmodified: "2022-06-05T10:38:15Z" + mac: ENC[AES256_GCM,data:CYINKjObzXgBDTjvkIOzvOzi+MuSnlcRGrD931CS+s+Cezp6wI0PnDa4hRtLgZpVsz3Q8D4gVDuSvT77w4EeU/FNWWJglYvB8gVP0/a6yGokn3KGpT6XGSvUJkvjpX4PAPrUSS6Eoqm16AEQFsqAST8cV/nHugDzXe7vgtv560U=,iv:/AZOg1/y8WFiZladDscVF5wo8olnAaCnMao5mcuEPi0=,tag:D0atRcbRZCboxr42mXAtrw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3