diff --git a/common.nix b/common.nix index 5956bb4..979585c 100644 --- a/common.nix +++ b/common.nix @@ -1,6 +1,7 @@ { pkgs, nixpkgs, + ragenix, getchvim, ... }: { @@ -86,7 +87,9 @@ description = "leo"; extraGroups = ["networkmanager" "wheel" "video"]; shell = pkgs.fish; - packages = with pkgs; [ + packages = with pkgs; let + inherit (pkgs.stdenv.hostPlatform) system; + in [ firefox kitty chezmoi @@ -123,10 +126,11 @@ vesktop grimblast playerctl - getchvim.packages.${pkgs.stdenv.hostPlatform.system}.default mate.eom osu-lazer-bin gnome.file-roller + ragenix.packages.${system}.default + getchvim.packages.${system}.default ]; }; @@ -137,6 +141,10 @@ pinentryFlavor = "gnome3"; }; + git = { + enable = true; + }; + hyprland.enable = true; fish.enable = true; diff --git a/flake.lock b/flake.lock index 4e9b584..3ac260f 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,80 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "nixpkgs": [ + "ragenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1682101079, + "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=", + "owner": "ryantm", + "repo": "agenix", + "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "crane": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": [ + "ragenix", + "flake-utils" + ], + "nixpkgs": [ + "ragenix", + "nixpkgs" + ], + "rust-overlay": [ + "ragenix", + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1681680516, + "narHash": "sha256-EB8Adaeg4zgcYDJn9sR6UMjN/OHdIiMMK19+3LmmXQY=", + "owner": "ipetkov", + "repo": "crane", + "rev": "54b63c8eae4c50172cb50b612946ff1d2bc1c75c", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "ragenix", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -16,6 +91,42 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1698882062, + "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -34,42 +145,42 @@ "type": "github" } }, - "getchoo": { + "flake-utils_2": { "inputs": { - "nixpkgs": [ - "getchvim", - "nixpkgs" - ] + "systems": "systems_2" }, "locked": { - "lastModified": 1699210446, - "narHash": "sha256-Srh4ydjVoteLEF9t5PolV2Y9a1Y7QNzvu8YCy5Cy4WI=", - "owner": "getchoo", - "repo": "nix-exprs", - "rev": "602193a4d8d0c8a886f9bb4f7e2bca2b968771fc", + "lastModified": 1685518550, + "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", "type": "github" }, "original": { - "owner": "getchoo", - "repo": "nix-exprs", + "owner": "numtide", + "repo": "flake-utils", "type": "github" } }, "getchvim": { "inputs": { - "getchoo": "getchoo", "nixpkgs": [ "nixpkgs" ], - "parts": "parts", - "pre-commit": "pre-commit" + "parts": [ + "flake-parts" + ], + "pre-commit": [ + "pre-commit" + ] }, "locked": { - "lastModified": 1699309874, - "narHash": "sha256-Y7kKeios5g/KT8825AwP/s8karr/mQdP2TGQybH7c88=", + "lastModified": 1699416012, + "narHash": "sha256-Im231aE2DAECm9G7NV33jy/9iAlXfes0r21bh1bDb+U=", "owner": "getchoo", "repo": "getchvim", - "rev": "4c85b0bb985cf71e23985de647e42aaafc00b2ab", + "rev": "5c73356bb3014293f36af56c0c78751f5b33ab74", "type": "github" }, "original": { @@ -81,7 +192,6 @@ "gitignore": { "inputs": { "nixpkgs": [ - "getchvim", "pre-commit", "nixpkgs" ] @@ -115,47 +225,24 @@ "type": "indirect" } }, - "parts": { - "inputs": { - "nixpkgs-lib": [ - "getchvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1696343447, - "narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "pre-commit": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "gitignore": "gitignore", "nixpkgs": [ - "getchvim", "nixpkgs" ], "nixpkgs-stable": [ - "getchvim", "nixpkgs" ] }, "locked": { - "lastModified": 1697746376, - "narHash": "sha256-gu77VkgdfaHgNCVufeb6WP9oqFLjwK4jHcoPZmBVF3E=", + "lastModified": 1699271226, + "narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "8cc349bfd082da8782b989cad2158c9ad5bd70fd", + "rev": "ea758da1a6dcde6dc36db348ed690d09b9864128", "type": "github" }, "original": { @@ -164,10 +251,65 @@ "type": "github" } }, + "ragenix": { + "inputs": { + "agenix": "agenix", + "crane": "crane", + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1682237245, + "narHash": "sha256-xbBR7LNK+d5Yi/D6FXQGc1R6u2VV2nwr/Df5iaEbOEQ=", + "owner": "yaxitech", + "repo": "ragenix", + "rev": "281f68c3d477904f79ff1cd5807a8c226cd80a50", + "type": "github" + }, + "original": { + "owner": "yaxitech", + "repo": "ragenix", + "type": "github" + } + }, "root": { "inputs": { + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", "getchvim": "getchvim", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "pre-commit": "pre-commit", + "ragenix": "ragenix" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "ragenix", + "flake-utils" + ], + "nixpkgs": [ + "ragenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1682129965, + "narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "2c417c0460b788328220120c698630947547ee83", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" } }, "systems": { @@ -184,6 +326,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 51da9c3..0500062 100644 --- a/flake.nix +++ b/flake.nix @@ -4,22 +4,50 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; + }; + + ragenix = { + url = "github:yaxitech/ragenix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; + getchvim = { url = "github:getchoo/getchvim"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs = { + nixpkgs.follows = "nixpkgs"; + parts.follows = "flake-parts"; + pre-commit.follows = "pre-commit"; + }; + }; + + pre-commit = { + url = "github:cachix/pre-commit-hooks.nix"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs"; + }; }; }; - outputs = {nixpkgs, ...} @ inputs: { + outputs = { + nixpkgs, + ragenix, + ... + } @ inputs: { nixosConfigurations.fuji = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = [./fuji.nix]; + modules = [./fuji.nix ragenix.nixosModules.default]; specialArgs = inputs; }; nixosConfigurations.kilimandjaro = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = [./kilimandjaro.nix]; + modules = [./kilimandjaro.nix ragenix.nixosModules.default]; specialArgs = inputs; }; diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..caef671 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,5 @@ +let + ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxRazxiSGO+nNbBJOaGjv6wLHzXqtFhG+6yrydppw5LdXCegUpVt03s/IRtcO6rDf8dPeWa1u0rLjcSx6Arh9ryo3FVdosDrX0dVk9JCiTcqf0W2ql900wV207btF3vr2lDWJ/wynaCb+Q8LBVd529gVSQajEs5xq4FSWPaHusXqVw+n2Mty7QuPTm0P/+9FOz2nMQ5yGqOZI7E17Rq106nCgt6PmmEywkmn4+/STqKVuWa4Id4uC3a5e6Tmpj6D+vTdivMpAZfkjwj+Z49YfF2gaCPJQ+jHzb0RLx75UiW7gAcTIpcIkHyyzcLcSIawNrsnfr8b7QXRePwKaTB9lBPii+Nmtj3C44pQKJ3zmLsB+n4GV7tNChe7gj4dVTU7uT5ezxRaVNMiQh4tPn+HcWzh6jKlEEsNZgR7sbBrmTuqVzjT3fj0Uc6k9utXtQmWwcaZJwcnjDVOLLscWqZXdhJpW5HB0xnIIZ5SNCIvMobLzQKcN0BhJpWSRfJBiftUs="; +in { + "ssh.age".publicKeys = [ssh]; +} diff --git a/secrets/ssh.age b/secrets/ssh.age new file mode 100644 index 0000000..f1b1741 --- /dev/null +++ b/secrets/ssh.age @@ -0,0 +1,74 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgempwN2dRCkZDYW5NTloy +YVRnbFQ0blFrNGpaTEtYWTJad0pSVjVNc0xad1BqUUI1K2RhTVhPeW85ZUkvc1Uw +YjRpR3o4WHAKbFlWcVlmdHV6cmtXbS9GNmNpbDRGcERQWmZDT0xGU0t3K3BBZzZn +bGthQm1peFduODVRWGx1VW1VNyt0dy9OUwphem1SSFpTU09PMWljNWhDV1JuOG9G +cXZaY25ZTThQajNFbXgzRWVYZjRMT2ZENitxTlhWRUlwVSt5WW5OTkZTCkNsYUlx +ZFF4VkxyM2RXYk1PS0wzRVpxVW9WQTcyZU0xZ3UxMnd2eVgzTHNHaWFqQnpnQzNE +MlZINEl1VkRmSkIKTGNjQktvWFM5Vnl5RG56Q090S0o0dFAxWEpIcmdHSXpNcit4 +TGlYL2JZQVhRWFp6VHVFaEEwOFFFVWNIUWhBRAp4Z0pxQXRRNWF4VE9ySzNRTmxs +ZEtrTDZZOUhtb0FkZ3UwejZKNDlOTGppZjd2WnhHVEdTQTVYQjFmU3lPUEdjCjJn +aUZYaUYwcmJhU25CMjNKUnVvSnVnNHNYcGNKTWhsTGxwcWxVbW5kTmdHVlhlWnVU +em0wRXJkWWdsUGpMK04KanVsZDRoamY1U05jZkVBTC9zZVdzWUhKdnNFV2hMd0d4 +QlNKbkF4RGh4SWUzVDBUU09GLzUzdHc0QnQ2c0RBNAoKLT4gNS1ncmVhc2UgdyhN +VyokfCB4OCtwXyBDbFN7MXY7IEQsOlk8SDQKMENablRIVTZtY21jTkRBTEl3QXhT +cGZ4b3N5Vlg2MHVrbDFpdGtCcUZ5WUxuWitaUVlvT3BzT1RJS2s3ejhhSgpuc3M4 +YjFuRHFrcDdwTHBGbkJWdlVYSEFFL2xMRE1CbEJNUld5bjFQM05haTRqWmFxMWZ1 +UGt4ZWlOdWZKSXppCjZuZwotLS0gNkZlWUI2bXZUT0ZONTF0UC8xSFBnME9VZjR1 +Z1NRNEFtdDYzbjRsOGVEdwqGvE79b1OwT4BbWD2jgFMJJMQJKWU2BPfEic3gwJ9R +oS7iMrx/EzVyEHEVWjg9dxeAHBfLu8ugF8PTyysP2YAUD5zCKADj86a45HxKNW2+ +Q5WSIdOY6uOKTqCQ6YD+9BiWo7LkAyVdsSN4DsqrdIYSg8t96+xJkYOT2Y1wDv+m +uTGSacWioqlcvArB394oYvrX71Yzm2hpsRhjL91C8kjhELtI80kauJmJzKG6zCgY +xcbMM/67jKlhC0XhWuH/nV63pzUw49lzao7zvIvb+ZGxSuJM7GIb+asYqXAXtM16 +/rWeei7w5iRi7Zg06fkoYr03kLxf29Exayan99p+ovSObliUT/n7Zsw2pbTJqEf7 +6EB7unTf9qrB3Fa/aD7ZS6kFMEfa7u3eNwYBHdu7bCopGa0BkbEd8LI++pf5x4Tv +eTxpWqmOythfMNCyF7PwdWQhpR0Tg9kyrO8Y/Sqd1E/XGE9MoY4pcUoub5Tbwt7Q +0URkMTqlXYQh8htgvL0JAHTK46Z0uSv4LvTkFLZY6pugquwHutMgSC0XVoXOOtoH +qOQ0igH0KbsZyJhERMsWEMk7r8dVv1BrCDEqF4u/1u9ZT9GhNsr/RDWXLDTMn3Ho +Jq4ZOQzR3KyIaP8FiXCFLdn4+cBDNM7FWpSqlKdQkS1Mba7M++DrYzimnXWsHuVQ +e0KDFL1++s/CBFbHLbDnJGJENw1wE8lXP5Vn3XoIPnJbayEO4wlFYXIAZjznbwS2 +ZigdfrTJzjujdV1220ufw98QBuZkXQQ31ESzU3KO3DEEA964XnTLDti9pSK2bFSF +21vtH0vW9ZLY+Ox7VUYK6f+pIzh44XmsBBc5S9Auvgav+vNy36pLXdMlBvXUMNcN +DCUVt+Yf6xYw9s5TY+sBg48O/JtgPNclkDruEoa42kmN8ZUAJCxa1tr7zt3VMhWN +02hdTMH9XwkK9kMCdruZY4g/aluKCEBj7wfFE+NDB0zFDQMWK5V5pp3LS/+YxB9K +g8sBRwr/p9vQnw/LuaMzDyIQMU/9/PoFYJ8+7MTovMo/PFYBuPl4DDsEpZNkU3ar +rAD4oJY6rCrz/6Bawk8pEFhQIZh1UyU2C45STYJiyM1iT1almBmm7oA/7wP8BIrA +XaX0fYnZpEjgP5B++1MSoYHCLprQgkDsdow7GSl/dVu+Zz2UVGMOAOX+zeTQ8p4s +YsLHIJTI43CwnPIVaVRJtLIuBy+Rcg5PgNeBUE6zG26B/X0c66KbblgXlaCa9WNO +YN/AYys6/QCbsIuYwHGfYbb825iRT9+ZDtq81NuhK/HMhWcArAJYsGzHr+22w/Rx +ySWU0cGZ8hKFGQD8ls4k7hqVXSvB2w4Ek+agdoxMk3pZVlbPak/nWPTPj1tMjaoD +8FCXwu/swPTCTLHhqWN3gykdwy3Cs28+twdLBBpLtnSkN4JIcXBd95nl4VclNvHE +vcygTFSMrUD3lsLt2tzREavM+Xv4lsAvfZWxSJzftO3Yd9R74gSzPle5gJkVFbew +4dmF8jDqqhNnHECBKtvZSLjGb8Pu4KFH2poNl7CyKaR+qt/CXGIo1mZni4Q4mcge +KWxdM2oBKoE61+00A0jjkUVaDlnUPSuwCMwmsgmVBMLHbepmFbC21HvjkFAsjZic +oOwUuxixt7D2CJKWN3z9R3bjtfiEaZWSLQ64iO4MaW2PJ6eatyIv6FB8ur+dZ4EG +3JOAqsrUMz3eotDcr2y7tK+m7a4nNGYT1ZQa609p1etN30rYgvYXzoFw1sz5ev6B +xyeK5m5T6k6vKCHdAVmJg2HPyZ8u0vet05ludmS3ZkL/LlqfLfMk4hg3qF0atwD8 +ok/d9TB4uGSptrXtHqSAUX1VhhY158aW0C01sZrssJ269T46XWLYf6k7Fsoovjnp ++5KMCpaPSpHis+YG9IEahrUknRbVNStgdi3woa+39lRBTzu5amhODKRJ4tlpEe8c +YL5NXFsVPzUFXeHckNZxrKG8UTsIeNhhNLvczbqhgEa7i+jM0qYh/T4DPCcU7ddz +bnrxsV8jUPWEiDgZR8vYVIfP23XtzjxvMgVeNQHt1CXHfg4OfTrRHNocjp1QO0/V +8KB7Os7w+fTdVO9D5UyyGFq+Vh1KHBj6/lIpLkEpPiUfx8aomn54znVUPX44hP3m +rvNwJJ1knHyRmhgNft9o+OH4UEecBAqX9N+B1xGHKmXquSSbiyLkQbwFD9xdA3RD +YFUko43CrFYkQCR6KS4KBgY4sGAtRxXKKlhSCkQ8Xnxe9acoW/ZgaGFIcaSjce4n +KL3Gc39kwH7DXZZE8Xb3XhYiCVtlVWbNSE+sb0reaz6wUEDTiYyMyT57ALBgNipK +5RuUr94anxdakUeNrGJvJb5Y4lIUagrT7kXLs4IOM0r1yEbdasMQ936hTqTFI/D9 +TDJ4kmBBDYysy/FgTJpymlrK6aJp6b5sfC+Ub3P+OZoQ3ZiGubwGleUYBsql3oAD +rj25TaF8cKfEkB1LpF2CEQt3g6ieWZxKcMOsFoboeI8HzXVkrxbRTtjCaKvs76s1 +W5yTjKtAs+UpFsnOd8b981f6o63vKmmJo/PX3vdxkbRwDtb5rZLpi3FvMFuYrF7l +KpDwvFQLtRrtyGY+1RbXyy7dj5Az31isx5oEcbUWdIPtzB9TMR4cCyN4TfWTEhsK +GSBP+RfnfJuZ7vONDj6kQt9NjwuZxTWZSIyTwCt+KS21WHg3whJbB7CfOzj6FAsS +Qe8TvBoqOhOxPK7hP3zWqmbzMPZ2hC/Fd+O5vdIwoX8LbiULmOAo61XT4TbSfyqP +iqSp0OlyKVVXnVjnchIhcn+6pMbbjymewGu3vCNgsYJL0yMpEdZf4xqDQ3UrTxay +fXHJiiqRkXBXs1SH9jW9wN1b5FoC4pzAs0bRBdGgJiX5jH9e/Ce32FulTwkMAAHd +PPFL79M8lBL0D5SGqjK7MuwAVP7kuDapXzf/KpiWfdK9/WIWgJBhBw2uSbQoPwKK +1eteN+OdnaTipRq6hcF/hy3FfGyWl1VEDIcynIAUzcrXiP/P/7nryGNF44SQA6j3 +twLnk5EhykPwNGXfWMsqe01aWQ4m8XMlEsq7vr+G6xVQgw5jde0BC4zuIRzU5vLG +WCEdyZSfnOoaQmOp6m/ikzbNcV9VMCRwQ9mLx98aXrXEqrHV8iyzE4qaoLEGEIAO +Vtz83cEyfcbt/yRn3+3gcUceuZWKh3x/6hv5Ukqj4jm4fYwYLVIGttCoH4yqfk2p +9rBrPji8druFwTeoqZVU6ldeURvzfiXrnvtJebPYHtcRa1kbodrp28VExjeei1ln +2FBq9S1NHp22+IRzDJXYz+nkMSlQ4vcWcurRVw2KIphNwmOI94NTDImJZMlJ/PdA +IG4NPajWHAW052QnGOi147lOVIt270xJu1cEJDlk8U1XRCVzn2gtAZqlwPqswNgF +bHCViSR+4urIc7lzmj7KnGClEpyWjneZ63hrG77jWbu0EqeQujZovWXR0vYKDsi8 +wUkzpI0q60QqpX4cZ8sUAlmgpRnMo/aQskkY89N1g9Ehig0TYrv5yxq086o= +-----END AGE ENCRYPTED FILE-----