commit 37b3a514747359d704a2f09e291b85a59f74d418
parent 252434d4f93917ea95aef5cb83a94ea2097aba93
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 12 Sep 2022 19:12:58 +0200
parent 252434d4f93917ea95aef5cb83a94ea2097aba93
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 12 Sep 2022 19:12:58 +0200
use flakes and colmena!
42 files changed, 638 insertions(+), 519 deletions(-)
D
|
78
------------------------------------------------------------------------------
A
|
93
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/.gitignore b/.gitignore @@ -1,2 +1,2 @@ .DS_Store -secrets/default.nix +result
diff --git a/configurations/common/darwin.nix b/configurations/common/darwin.nix @@ -19,12 +19,14 @@ home-manager = { useUserPackages = true; - users.leah.home.packages = with pkgs; [ bgiparser asitop colmena ]; users.leah.home.homeDirectory = lib.mkForce "/Users/leah/"; + users.leah.home.packages = with pkgs; [ + bgiparser + asitop + ]; }; environment = { - darwinConfig = "\$HOME/nixfiles/darwin-configuration.nix"; loginShell = "${pkgs.bashInteractive}/bin/bash"; shells = [ pkgs.bashInteractive ]; systemPackages = with pkgs; [
diff --git a/configurations/common/default.nix b/configurations/common/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, currentSystem, ... }: { @@ -18,26 +18,15 @@ ../programs/cli/network-utilities.nix ../programs/cli/scripts.nix ] - (if (builtins.currentSystem == "x86_64-linux") then [ - <home-manager/nixos> - <agenix/modules/age.nix> + (if (currentSystem == "x86_64-linux") then [ + inputs.home-manager.nixosModules.home-manager ./linux.nix ] else []) - (if (builtins.currentSystem == "aarch64-darwin") then [ - <home-manager/nix-darwin> + (if (currentSystem == "aarch64-darwin") then [ + inputs.home-manager.darwinModules.home-manager ./darwin.nix - - ../darwin/systemSettings.nix - ../darwin/appSettings.nix - ../darwin/keyboard.nix - ../darwin/trackpad.nix - ../darwin/homebrew.nix - ../darwin/finder.nix - ../darwin/skhd.nix - ../darwin/yabai.nix - ../darwin/speakers.nix ] else []) ]); @@ -45,24 +34,26 @@ environment.systemPackages = with pkgs; [ alacritty.terminfo - agenix ]; nix = { - package = pkgs.nix; + package = pkgs.unstable.nix; extraOptions = '' - experimental-features = nix-command + experimental-features = nix-command flakes ''; }; - home-manager.users.leah = { - home = { - language = { - "base" = "en_US.UTF-8"; - "time" = "de_DE.utf8"; - "address" = "de_DE.utf8"; - "monetary" = "de_DE.utf8"; - "paper" = "de_DE.utf8"; + home-manager = { + useGlobalPkgs = true; + users.leah = { + home = { + language = { + "base" = "en_US.UTF-8"; + "time" = "de_DE.utf8"; + "address" = "de_DE.utf8"; + "monetary" = "de_DE.utf8"; + "paper" = "de_DE.utf8"; + }; }; }; };
diff --git a/configurations/common/linux.nix b/configurations/common/linux.nix @@ -1,8 +1,16 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }@args: { - home-manager.useGlobalPkgs = true; + deployment = { + buildOnTarget = lib.mkDefault true; + targetUser = lib.mkDefault "root"; + targetHost = lib.mkDefault config.networking.fqdn; + targetPort = lib.mkDefault (lib.head config.services.openssh.ports); + }; + + networking.hostName = lib.mkDefault args.name; + networking.domain = lib.mkDefault "ctu.cx"; i18n.defaultLocale = "en_US.UTF-8";
diff --git a/configurations/darwin/finder.nix b/configurations/darwin/finder.nix @@ -44,7 +44,7 @@ # Enable spring loading for directories "com.apple.springing.enabled" = true; # Remove the spring loading delay for directories - "com.apple.springing.delay" = "0.0"; + "com.apple.springing.delay" = 0.0; }; LaunchServices = {
diff --git a/configurations/darwin/homebrew.nix b/configurations/darwin/homebrew.nix @@ -7,11 +7,17 @@ homebrew = { enable = true; - cleanup = "zap"; + + onActivation = { + upgrade = true; + cleanup = "zap"; + }; + brews = [ "mas" "openjdk" ]; + casks = [ "iterm2" "firefox" @@ -33,12 +39,14 @@ "topnotch" "monitorcontrol" ]; + masApps = { Numbers = 409203825; Pages = 409201541; Navigator = 1590354537; "ICE Buddy" = 1595947689; }; + }; system.activationScripts.postActivation.text = ''
diff --git a/configurations/darwin/speakers.nix b/configurations/darwin/speakers.nix @@ -1,11 +1,10 @@ -{ config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: let - secrets = import ../../secrets; switchSpeakers = pkgs.writeScript "switchSpeakers.sh" '' #!/usr/bin/env bash - curl -d '{"accessToken": "${secrets.hosts.lollo.smartied.accessToken}", "type": "SwitchStateAction", "deviceName": "modbus-20", "relay": 0, "toggle": true}' http://10.0.0.1:5000 + curl -d '{"accessToken": "${inputs.local-secrets.hosts.lollo.smartied.accessToken}", "type": "SwitchStateAction", "deviceName": "modbus-20", "relay": 0, "toggle": true}' http://10.0.0.1:5000 ''; in {
diff --git a/configurations/darwin/systemSettings.nix b/configurations/darwin/systemSettings.nix @@ -84,7 +84,7 @@ ApplePressAndHoldEnabled = true; - "com.apple.sound.beep.volume" = "0.6"; + "com.apple.sound.beep.volume" = 0.6; # Set sidebar icon size to medium NSTableViewDefaultSizeMode = 2;
diff --git a/configurations/darwin/trackpad.nix b/configurations/darwin/trackpad.nix @@ -7,7 +7,7 @@ # Natural scroll "com.apple.swipescrolldirection" = true; # Point & Click: Tracking speed - "com.apple.trackpad.scaling" = "1"; + "com.apple.trackpad.scaling" = 1.0; }; trackpad = {
diff --git a/configurations/programs/cli/utilities.nix b/configurations/programs/cli/utilities.nix @@ -4,7 +4,8 @@ home-manager.users.leah = { home = { packages = with pkgs; [ - niv + colmena + agenix wget curl
diff --git a/configurations/services/spotifyd.nix b/configurations/services/spotifyd.nix @@ -1,10 +1,6 @@ -{ config, pkgs, ... }: +{ inputs, config, pkgs, ... }: -let - pkgsUnstable = import <nixpkgsUnstable> {}; - secrets = import ../../secrets; - -in { +{ networking.firewall.allowedUDPPorts = [ 57621 ]; networking.firewall.allowedTCPPorts = [ 33903 57621 ]; @@ -23,7 +19,7 @@ in { home-manager.users.leah = { services.spotifyd = { enable = true; - package = pkgsUnstable.spotifyd; +# package = inputs.nixpkgsUnstable.spotifyd; settings = { global = { username_cmd = "${pkgs.coreutils}/bin/cat ${config.age.secrets.spotify-username.path}";
diff --git a/configurations/services/syncthing.nix b/configurations/services/syncthing.nix @@ -1,7 +1,7 @@ -{ config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: let - syncthingConfig = import ../syncthing.nix { inherit pkgs; inherit config; inherit lib; }; + syncthingConfig = import ../syncthing.nix { inherit inputs pkgs config lib; }; in {
diff --git a/configurations/syncthing.nix b/configurations/syncthing.nix @@ -1,7 +1,7 @@ -{ pkgs, config, lib, ... }: +{ inputs, pkgs, config, lib, ... }: let - secrets = import ../secrets; + secrets = inputs.local-secrets; devices = { #laptops/desktops
diff --git a/darwin-configuration.nix b/darwin-configuration.nix @@ -1 +0,0 @@ -with (import <nixpkgs> {}).lib; import "${toString ./.}/machines/${fileContents /etc/hostname}/darwin-configuration.nix"
diff --git a/darwin-rebuild b/darwin-rebuild @@ -1,7 +0,0 @@ -#!/usr/bin/env sh - -if [ ! -e /etc/hostname ] || [ "$(hostname)" != "$(cat /etc/hostname | tr -d '\n')" ]; then - echo "$(hostname)" | sudo tee /etc/hostname >/dev/null -fi - -darwin-rebuild -I "darwin-config=/Users/leah/nixfiles/darwin-configuration.nix" -I $(nix-build /Users/leah/nixfiles/nix/sources-dir.nix --no-out-link) "$@"
diff --git a/flake.lock b/flake.lock @@ -0,0 +1,292 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1662241716, + "narHash": "sha256-urqPvSvvGUhkwzTDxUI8N1nsdMysbAfjmBNZaTYBZRU=", + "owner": "ryantm", + "repo": "agenix", + "rev": "c96da5835b76d3d8e8d99a0fec6fe32f8539ee2e", + "type": "github" + }, + "original": { + "owner": "ryantm", + "ref": "main", + "repo": "agenix", + "type": "github" + } + }, + "colmena": { + "inputs": { + "flake-compat": "flake-compat", + "nix-eval-jobs": "nix-eval-jobs", + "nixpkgs": [ + "nixpkgs" + ], + "stable": "stable", + "utils": "utils" + }, + "locked": { + "lastModified": 1662079751, + "narHash": "sha256-XdhfCDhH+AYZg6uHw8Sd9+V7BmqZWZZ//99VFTrDyhM=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "52b594a167266d25b13690361231acd3e731a690", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "ref": "main", + "repo": "colmena", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1662478528, + "narHash": "sha256-Myjd0HPL5lXri3NXOcJ6gP7IKod2eMweQBKM4uxgEGw=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "3b69bf3cc26ae19de847bfe54d6ab22d7381a90a", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "dns": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1635273082, + "narHash": "sha256-EHiDP2jEa7Ai5ZwIf5uld9RVFcV77+2SUxjQXwJsJa0=", + "owner": "kirelagin", + "repo": "dns.nix", + "rev": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a", + "type": "github" + }, + "original": { + "owner": "kirelagin", + "ref": "master", + "repo": "dns.nix", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1614513358, + "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5466c5bbece17adaab2d82fae80b46e807611bf3", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1656169755, + "narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "4a3d01fb53f52ac83194081272795aa4612c2381", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-22.05", + "repo": "home-manager", + "type": "github" + } + }, + "local-secrets": { + "locked": { + "lastModified": 1662992755, + "narHash": "sha256-mS9ldwcx8jyDKD4H/ebRILR5fn0vfxww/BMWojePZWE=", + "ref": "master", + "rev": "c8bbb558c43e50e0b6ac13d4f5f98452051f8c08", + "revCount": 1, + "type": "git", + "url": "file:///Users/leah/proj/nix-secrets" + }, + "original": { + "type": "git", + "url": "file:///Users/leah/proj/nix-secrets" + } + }, + "nix-eval-jobs": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660713017, + "narHash": "sha256-w6KLNkT/2fI7UvPg3NoKj7gve4CgUHpyWOFq0BUwW7o=", + "owner": "zhaofengli", + "repo": "nix-eval-jobs", + "rev": "b4c078a4870c5b1a5b74420ca1dca41f4d75b7cc", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "ref": "colmena", + "repo": "nix-eval-jobs", + "type": "github" + } + }, + "nix-std": { + "locked": { + "lastModified": 1658944356, + "narHash": "sha256-+nBrRSPsDIjrmLfLdiB/a22Gj4bhEF53ubWN0z33NJo=", + "owner": "chessai", + "repo": "nix-std", + "rev": "9500903a19ef2720469578de0e10ce9e66623bdf", + "type": "github" + }, + "original": { + "owner": "chessai", + "ref": "master", + "repo": "nix-std", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1662874738, + "narHash": "sha256-kG29aU9f5UTWhPf/QEh5LanDmqqbbcErWYAcPptC/Cg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dd1f4d982445a7d1b1869baa42f8f0f9bc606714", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgsUnstable": { + "locked": { + "lastModified": 1662934689, + "narHash": "sha256-mXi8hmhiunOVTeHiuouWXb0vTqjzp9v9kshMmI561Us=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a0b7e70db7a55088d3de0cc370a59f9fbcc906c3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "colmena": "colmena", + "darwin": "darwin", + "dns": "dns", + "home-manager": "home-manager", + "local-secrets": "local-secrets", + "nix-std": "nix-std", + "nixpkgs": "nixpkgs", + "nixpkgsUnstable": "nixpkgsUnstable" + } + }, + "stable": { + "locked": { + "lastModified": 1660496378, + "narHash": "sha256-sgAhmrC1iSnl5T2VPPiMpciH1aRw5c7PYEdXX6jd6Gk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "879121648fe522b38cc1cf75aef160a14a1f2e7b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +}
diff --git a/flake.nix b/flake.nix @@ -0,0 +1,95 @@ +{ + description = "A flake for building Hello World"; + + inputs = { + nixpkgs = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "nixos-22.05"; + }; + + nixpkgsUnstable = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "nixpkgs-unstable"; + }; + + home-manager = { + type = "github"; + owner = "nix-community"; + repo = "home-manager"; + ref = "release-22.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + darwin = { + type = "github"; + owner = "lnl7"; + repo = "nix-darwin"; + ref = "master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nix-std = { + type = "github"; + owner = "chessai"; + repo = "nix-std"; + ref = "master"; + }; + + dns = { + type = "github"; + owner = "kirelagin"; + repo = "dns.nix"; + ref = "master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + agenix = { + type = "github"; + owner = "ryantm"; + repo = "agenix"; + ref = "main"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + colmena = { + type = "github"; + owner = "zhaofengli"; + repo = "colmena"; + ref = "main"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + +# local-secrets.url = "/Users/leah/proj/nix-secrets"; + local-secrets.url = "/home/leah/proj/nix-secrets"; + }; + + outputs = inputs: { + + darwinConfigurations = { + blechkasten = inputs.darwin.lib.darwinSystem rec { + system = "aarch64-darwin"; + specialArgs = { + currentSystem = system; + inherit inputs; + }; + modules = [ ./machines/blechkasten/darwin-configuration.nix ]; + }; + }; + + colmena = import ./hive.nix inputs; + + nixosConfigurations = (import (inputs.colmena + "/src/nix/hive/eval.nix") { + rawFlake = inputs.self; + colmenaOptions = import (inputs.colmena + "/src/nix/hive/options.nix"); + colmenaModules = import (inputs.colmena + "/src/nix/hive/modules.nix"); + }).nodes; + + inherit (inputs.colmena) packages; + + }; + +}
diff --git a/hive.nix b/hive.nix @@ -0,0 +1,26 @@ +inputs: + +{ + meta = rec { + nixpkgs = import inputs.nixpkgs { + system = "x86_64-linux"; + }; + + specialArgs = { + inherit inputs; + currentSystem = nixpkgs.system; + }; + }; + + defaults = import ./configurations/common; + + coladose = import ./machines/coladose/configuration.nix; + + lollo = import ./machines/lollo/configuration.nix; + osterei = import ./machines/osterei/configuration.nix; + desastro = import ./machines/desastro/configuration.nix; + + hector = import ./machines/hector/configuration.nix; + wanderduene = import ./machines/wanderduene/configuration.nix; + +}
diff --git a/machines/blechbuechse/syncthing.nix b/machines/blechbuechse/syncthing.nix @@ -1,7 +1,7 @@ -{ pkgs, config, lib, ... }: +{ inputs, pkgs, config, lib, ... }: let - syncthingConfig = import ../../configurations/syncthing.nix { inherit pkgs; inherit config; inherit lib; }; + syncthingConfig = import ../../configurations/syncthing.nix { inherit inputs; inherit pkgs; inherit config; inherit lib; }; in { imports = [
diff --git a/machines/blechkasten/syncthing.nix b/machines/blechkasten/syncthing.nix @@ -1,7 +1,7 @@ -{ pkgs, config, lib, ... }: +{ inputs, pkgs, config, lib, ... }: let - syncthingConfig = import ../../configurations/syncthing.nix { inherit pkgs; inherit config; inherit lib; }; + syncthingConfig = import ../../configurations/syncthing.nix { inherit inputs; inherit pkgs; inherit config; inherit lib; }; in { imports = [
diff --git a/machines/coladose/configuration.nix b/machines/coladose/configuration.nix @@ -1,11 +1,16 @@ { config, pkgs, lib, ... }: { + + deployment = { + allowLocalDeployment = lib.mkForce true; + buildOnTarget = false; + targetHost = null; + }; + imports = [ ./hardware-configuration.nix - ../../configurations/common - ../../configurations/linux/mobile-device.nix ../../configurations/linux/desktop-sway.nix ../../configurations/linux/thunderbolt.nix
diff --git a/machines/desastro/configuration.nix b/machines/desastro/configuration.nix @@ -1,9 +1,13 @@ { config, pkgs, lib, ... }: { + + deployment = { + tags = [ "servers" "router" ]; + }; + imports = [ ./hardware-configuration.nix - ../../configurations/common ../../configurations/notify-failure.nix
diff --git a/machines/hector/configuration.nix b/machines/hector/configuration.nix @@ -2,9 +2,12 @@ { + deployment = { + tags = [ "servers" ]; + }; + imports = [ ./hardware-configuration.nix - ../../configurations/common ../../configurations/notify-failure.nix
diff --git a/machines/lollo/configuration.nix b/machines/lollo/configuration.nix @@ -1,9 +1,13 @@ { config, pkgs, ... }: { + + deployment = { + tags = [ "servers" "router" ]; + }; + imports = [ ./hardware-configuration.nix - ../../configurations/common ../../configurations/notify-failure.nix ../../configurations/services/prometheus-node-exporter.nix
diff --git a/machines/lollo/router/hostapd.nix b/machines/lollo/router/hostapd.nix @@ -1,14 +1,11 @@ -{ ... }: +{ inputs, ... }: -let - secrets = import ../../../secrets; - -in { +{ services.hostapd = { enable = false; ssid = "hostapd.home.ctu.cx"; - wpaPassphrase = secrets.hosts.lollo.hostapd.passphrase; + wpaPassphrase = inputs.local-secrets.hosts.lollo.hostapd.passphrase; interface = "wlp3s0"; extraConfig = "bridge=brlan"; };
diff --git a/machines/lollo/smarthome/smartied.nix b/machines/lollo/smarthome/smartied.nix @@ -1,8 +1,6 @@ -{ config, pkgs, ... }: +{ inputs, config, pkgs, ... }: let - secrets = import ../../../secrets; - smartiedConfig = { devices = { "modbus-20" = { @@ -371,7 +369,7 @@ let serverConfig = { frontendPort = 5000; - accessToken = secrets.hosts.lollo.smartied.accessToken; + accessToken = inputs.local-secrets.hosts.lollo.smartied.accessToken; modbus.host = "10.0.0.1"; modbus.port = 502; mqtt.host = "10.0.0.1"; @@ -383,7 +381,7 @@ let influx = { host = "10.0.0.1"; port = 8086; - authToken = secrets.hosts.lollo.smartied.influxToken; + authToken = inputs.local-secrets.hosts.lollo.smartied.influxToken; powermetersDatabase = "powermeters"; sensorsDatabase = "sensors"; };
diff --git a/machines/lollo/smarthome/zigbee2mqtt.nix b/machines/lollo/smarthome/zigbee2mqtt.nix @@ -1,10 +1,6 @@ -{ config, pkgs, ... }: +{ inputs, config, pkgs, ... }: -let - pkgsUnstable = import <nixpkgsUnstable> {}; - secrets = import ../../../secrets; - -in { +{ systemd.services.zigbee2mqtt = { requires = [ "mosquitto.service" ]; @@ -37,7 +33,7 @@ in { zigbee2mqtt = { enable = true; - package = pkgsUnstable.zigbee2mqtt; + package = pkgs.unstable.zigbee2mqtt; settings = { homeassistant = false; permit_join = false; @@ -60,7 +56,7 @@ in { advanced = { log_level = "info"; log_output = [ "console" ]; - network_key = secrets.hosts.lollo.zigbee2mqtt.network_key; + network_key = inputs.local-secrets.hosts.lollo.zigbee2mqtt.network_key; }; devices = {
diff --git a/machines/osterei/configuration.nix b/machines/osterei/configuration.nix @@ -2,9 +2,12 @@ { + deployment = { + tags = [ "servers" "dns" ]; + }; + imports = [ ./hardware-configuration.nix - ../../configurations/common ../../configurations/notify-failure.nix @@ -20,6 +23,7 @@ # git server (gitolite+stagit) ./git + # syncthing ./syncthing.nix # communication
diff --git a/machines/osterei/grafana/default.nix b/machines/osterei/grafana/default.nix @@ -1,9 +1,6 @@ -{ config, lib, pkgs, ... }: +{ inputs, config, lib, pkgs, ... }: -let - secrets = import ../../../secrets; - -in { +{ systemd.services.grafana.onFailure = [ "notify-failure@%i.service" ]; @@ -37,7 +34,7 @@ in { editable = false; jsonData.httpMode = "GET"; jsonData.httpHeaderName1 = "Authorization"; - secureJsonData.httpHeaderValue1 = "Token ${secrets.hosts.lollo.smartied.influxToken}"; + secureJsonData.httpHeaderValue1 = "Token ${inputs.local-secrets.hosts.lollo.smartied.influxToken}"; } { @@ -49,7 +46,7 @@ in { editable = false; jsonData.httpMode = "GET"; jsonData.httpHeaderName1 = "Authorization"; - secureJsonData.httpHeaderValue1 = "Token ${secrets.hosts.lollo.smartied.influxToken}"; + secureJsonData.httpHeaderValue1 = "Token ${inputs.local-secrets.hosts.lollo.smartied.influxToken}"; } ];
diff --git a/machines/osterei/maddy.nix b/machines/osterei/maddy.nix @@ -1,9 +1,6 @@ -{ config, lib, pkgs, ... }: +{ inputs, config, lib, pkgs, ... }: let - secrets = import ../../secrets/default.nix; - std = import <nix-std>; - mailboxFilterScript = pkgs.writePythonScriptBin "mailbox-filter.py" (ps: [ ps.toml ps.mail-parser ]) '' from email.header import Header, decode_header, make_header import sys, re @@ -76,8 +73,8 @@ let in { - environment.etc."maddy/filters/mailbox/leah@ctu.cx.toml".text = "${std.serde.toTOML secrets.maddy.mailboxFilter}"; - environment.etc."maddy/filters/receive.toml".text = "${std.serde.toTOML secrets.maddy.receiveFilter}"; + environment.etc."maddy/filters/mailbox/leah@ctu.cx.toml".text = "${inputs.nix-std.lib.serde.toTOML inputs.local-secrets.maddy.mailboxFilter}"; + environment.etc."maddy/filters/receive.toml".text = "${inputs.nix-std.lib.serde.toTOML inputs.local-secrets.maddy.receiveFilter}"; security.acme.certs."osterei.ctu.cx".reloadServices = [ "maddy.service" ];
diff --git a/machines/osterei/matrix-synapse.nix b/machines/osterei/matrix-synapse.nix @@ -1,10 +1,6 @@ -{ config, lib, pkgs, ... }: +{ inputs, config, lib, pkgs, ... }: -let - secrets = import ../../secrets; - pkgsUnstable = import <nixpkgsUnstable> {}; - -in { +{ age.secrets.restic-matrix-synapse.file = ../../secrets/osterei/restic/matrix-synapse.age; @@ -38,7 +34,7 @@ in { max_upload_size = "100M"; dynamic_thumbnails = true; enable_registration = false; - registration_shared_secret = secrets.hosts.osterei.matrix.registration_shared_secret; + registration_shared_secret = inputs.local-secrets.hosts.osterei.matrix.registration_shared_secret; url_preview_enabled = true; url_preview_ip_range_blacklist = ["127.0.0.0/8" "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" "169.254.0.0/16" "::1/128" "fe80::/64" "fc00::/7"]; listeners = [{ @@ -90,7 +86,7 @@ in { "/schildi/".alias = "${pkgs.buildEnv { name = "schildichat-web-env"; paths = [ - pkgsUnstable.schildichat-web + pkgs.unstable.schildichat-web (lib.hiPrio (pkgs.writeTextDir "config.json" (builtins.toJSON { brand = "matrix.ctu.cx"; disable_guests = true;
diff --git a/machines/wanderduene/configuration.nix b/machines/wanderduene/configuration.nix @@ -2,9 +2,12 @@ { + deployment = { + tags = [ "servers" "dns" ]; + }; + imports = [ ./hardware-configuration.nix - ../../configurations/common ../../configurations/services/prometheus-node-exporter.nix ../../configurations/services/bind
diff --git a/modules/default.nix b/modules/default.nix @@ -1,14 +1,15 @@ -{ lib, ... }: +{ inputs, lib, currentSystem, ... }: { imports = (builtins.concatLists [ - (if (builtins.currentSystem == "x86_64-linux") then [ + (if (currentSystem == "x86_64-linux") then [ ./restic-backups.nix ./vnstati ./desktop-speakers.nix + inputs.agenix.nixosModule ] else []) - (if (builtins.currentSystem == "aarch64-darwin") then [ + (if (currentSystem == "aarch64-darwin") then [ ./darwin/quirks.nix ./darwin/hidutil.nix ] else [])
diff --git a/nix/sources-dir.nix b/nix/sources-dir.nix @@ -1,15 +0,0 @@ -{ system ? builtins.currentSystem }: - -let - sources = import ./sources.nix {}; - pkgs = import sources.nixpkgs { inherit system; }; - lib = pkgs.lib; -in - pkgs.runCommand "sources" {} ( - lib.concatStringsSep "\n" ([ - "mkdir $out" - ] -# ++ lib.mapAttrsToList (name: source: "ln -s ${source.outPath} $out/${name}") sources - ++ lib.mapAttrsToList (name: source: "cp -r --reflink=auto ${source.outPath} $out/${name}") sources - ) - )
diff --git a/nix/sources.json b/nix/sources.json @@ -1,98 +0,0 @@ -{ - "agenix": { - "branch": "main", - "description": "age-encrypted secrets for NixOS", - "homepage": "", - "owner": "ryantm", - "repo": "agenix", - "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b", - "sha256": "1cfdd2ja56g8clllygf91il7dignr90ij1bl29g3kl7dl977dhl4", - "type": "tarball", - "url": "https://github.com/ryantm/agenix/archive/7e5e58b98c3dcbf497543ff6f22591552ebfe65b.tar.gz", - "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" - }, - "darwin": { - "branch": "master", - "description": "nix modules for darwin", - "homepage": "", - "owner": "LnL7", - "repo": "nix-darwin", - "rev": "54a24f042f93c79f5679f133faddedec61955cf2", - "sha256": "05yp5ac2wgmqx6f6l000b8smc6vr7qcgnyx3hyfsqd190v66qxha", - "type": "tarball", - "url": "https://github.com/LnL7/nix-darwin/archive/54a24f042f93c79f5679f133faddedec61955cf2.tar.gz", - "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" - }, - "dns.nix": { - "branch": "master", - "description": "A Nix DSL for DNS zone files", - "homepage": "", - "owner": "kirelagin", - "repo": "dns.nix", - "rev": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a", - "sha256": "1b95dh15zl0qaf9fvvvvqlambm3plndpy24wwlib0sy4d0zq6y0h", - "type": "tarball", - "url": "https://github.com/kirelagin/dns.nix/archive/c7b9645da9c0ddce4f9de4ef27ec01bb8108039a.tar.gz", - "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" - }, - "home-manager": { - "branch": "release-22.05", - "description": "Manage a user environment using Nix [maintainer=@rycee] ", - "homepage": "https://nix-community.github.io/home-manager/", - "owner": "nix-community", - "repo": "home-manager", - "rev": "4a3d01fb53f52ac83194081272795aa4612c2381", - "sha256": "0sdirpwqk61hnq8lvz4r2j60fxpcpwc8ffmicail2n4h6zifcn9n", - "type": "tarball", - "url": "https://github.com/nix-community/home-manager/archive/4a3d01fb53f52ac83194081272795aa4612c2381.tar.gz", - "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" - }, - "niv": { - "branch": "master", - "description": "Easy dependency management for Nix projects", - "homepage": "https://github.com/nmattia/niv", - "owner": "nmattia", - "repo": "niv", - "rev": "82e5cd1ad3c387863f0545d7591512e76ab0fc41", - "sha256": "090l219mzc0gi33i3psgph6s2pwsc8qy4lyrqjdj4qzkvmaj65a7", - "type": "tarball", - "url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz", - "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" - }, - "nix-std": { - "branch": "master", - "description": "no-nixpkgs standard library for the nix expression language", - "homepage": null, - "owner": "chessai", - "repo": "nix-std", - "rev": "9500903a19ef2720469578de0e10ce9e66623bdf", - "sha256": "16ilywyx73dmp5vmw471hs7qcvbbgwh7djxpk3mqh37c4d2nnw7s", - "type": "tarball", - "url": "https://github.com/chessai/nix-std/archive/9500903a19ef2720469578de0e10ce9e66623bdf.tar.gz", - "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" - }, - "nixpkgs": { - "branch": "release-22.05", - "description": "Nix Packages collection", - "homepage": "", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "099cb1a04e580ba981bd36531dd531849c792153", - "sha256": "0pfqqsw97bflm1yby8xy697q2lkh7gp66ggcdwnjd5z1xy1y44vv", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/099cb1a04e580ba981bd36531dd531849c792153.tar.gz", - "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" - }, - "nixpkgsUnstable": { - "branch": "nixpkgs-unstable", - "description": "Nix Packages collection", - "homepage": "", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e2b34f0f11ed8ad83d9ec9c14260192c3bcccb0d", - "sha256": "1n9lhqprqnsiv4nw59mh5ab7hchx7lhvq43kkv64473jwz1xv7ki", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e2b34f0f11ed8ad83d9ec9c14260192c3bcccb0d.tar.gz", - "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" - } -}
diff --git a/nix/sources.nix b/nix/sources.nix @@ -1,194 +0,0 @@ -# This file has been generated by Niv. - -let - - # - # The fetchers. fetch_<type> fetches specs of type <type>. - # - - fetch_file = pkgs: name: spec: - let - name' = sanitizeName name + "-src"; - in - if spec.builtin or true then - builtins_fetchurl { inherit (spec) url sha256; name = name'; } - else - pkgs.fetchurl { inherit (spec) url sha256; name = name'; }; - - fetch_tarball = pkgs: name: spec: - let - name' = sanitizeName name + "-src"; - in - if spec.builtin or true then - builtins_fetchTarball { name = name'; inherit (spec) url sha256; } - else - pkgs.fetchzip { name = name'; inherit (spec) url sha256; }; - - fetch_git = name: spec: - let - ref = - if spec ? ref then spec.ref else - if spec ? branch then "refs/heads/${spec.branch}" else - if spec ? tag then "refs/tags/${spec.tag}" else - abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"; - submodules = if spec ? submodules then spec.submodules else false; - submoduleArg = - let - nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0; - emptyArgWithWarning = - if submodules == true - then - builtins.trace - ( - "The niv input \"${name}\" uses submodules " - + "but your nix's (${builtins.nixVersion}) builtins.fetchGit " - + "does not support them" - ) - {} - else {}; - in - if nixSupportsSubmodules - then { inherit submodules; } - else emptyArgWithWarning; - in - builtins.fetchGit - ({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg); - - fetch_local = spec: spec.path; - - fetch_builtin-tarball = name: throw - ''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. - $ niv modify ${name} -a type=tarball -a builtin=true''; - - fetch_builtin-url = name: throw - ''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. - $ niv modify ${name} -a type=file -a builtin=true''; - - # - # Various helpers - # - - # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695 - sanitizeName = name: - ( - concatMapStrings (s: if builtins.isList s then "-" else s) - ( - builtins.split "[^[:alnum:]+._?=-]+" - ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name) - ) - ); - - # The set of packages used when specs are fetched using non-builtins. - mkPkgs = sources: system: - let - sourcesNixpkgs = - import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; }; - hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; - hasThisAsNixpkgsPath = <nixpkgs> == ./.; - in - if builtins.hasAttr "nixpkgs" sources - then sourcesNixpkgs - else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then - import <nixpkgs> {} - else - abort - '' - Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or - add a package called "nixpkgs" to your sources.json. - ''; - - # The actual fetching function. - fetch = pkgs: name: spec: - - if ! builtins.hasAttr "type" spec then - abort "ERROR: niv spec ${name} does not have a 'type' attribute" - else if spec.type == "file" then fetch_file pkgs name spec - else if spec.type == "tarball" then fetch_tarball pkgs name spec - else if spec.type == "git" then fetch_git name spec - else if spec.type == "local" then fetch_local spec - else if spec.type == "builtin-tarball" then fetch_builtin-tarball name - else if spec.type == "builtin-url" then fetch_builtin-url name - else - abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; - - # If the environment variable NIV_OVERRIDE_${name} is set, then use - # the path directly as opposed to the fetched source. - replace = name: drv: - let - saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name; - ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; - in - if ersatz == "" then drv else - # this turns the string into an actual Nix path (for both absolute and - # relative paths) - if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}"; - - # Ports of functions for older nix versions - - # a Nix version of mapAttrs if the built-in doesn't exist - mapAttrs = builtins.mapAttrs or ( - f: set: with builtins; - listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) - ); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 - range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 - stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 - stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); - concatMapStrings = f: list: concatStrings (map f list); - concatStrings = builtins.concatStringsSep ""; - - # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331 - optionalAttrs = cond: as: if cond then as else {}; - - # fetchTarball version that is compatible between all the versions of Nix - builtins_fetchTarball = { url, name ? null, sha256 }@attrs: - let - inherit (builtins) lessThan nixVersion fetchTarball; - in - if lessThan nixVersion "1.12" then - fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) - else - fetchTarball attrs; - - # fetchurl version that is compatible between all the versions of Nix - builtins_fetchurl = { url, name ? null, sha256 }@attrs: - let - inherit (builtins) lessThan nixVersion fetchurl; - in - if lessThan nixVersion "1.12" then - fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) - else - fetchurl attrs; - - # Create the final "sources" from the config - mkSources = config: - mapAttrs ( - name: spec: - if builtins.hasAttr "outPath" spec - then abort - "The values in sources.json should not have an 'outPath' attribute" - else - spec // { outPath = replace name (fetch config.pkgs name spec); } - ) config.sources; - - # The "config" used by the fetchers - mkConfig = - { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null - , sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile) - , system ? builtins.currentSystem - , pkgs ? mkPkgs sources system - }: rec { - # The sources, i.e. the attribute set of spec name to spec - inherit sources; - - # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers - inherit pkgs; - }; - -in -mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }
diff --git a/nixos-rebuild b/nixos-rebuild @@ -1,8 +0,0 @@ -#!/usr/bin/env sh - -#tmp=$(mktemp -d) -#trap 'rm -rf "$tmp"' EXIT - -#cp --no-preserve=mode -r $(nix-build $(temp=$( realpath "$0" ) && dirname "$temp")/nix/sources-dir.nix --no-out-link) $tmp/sources - -nixos-rebuild -I "$(nix-build $(temp=$( realpath "$0" ) && dirname "$temp")/nix/sources-dir.nix --no-out-link)" "$@"
diff --git a/pkgs/SpeakerDaemon/default.nix b/pkgs/SpeakerDaemon/default.nix @@ -1,8 +1,6 @@ -{stdenv, runCommand, writeText, ...}: +{ inputs, stdenv, runCommand, writeText, ...}: let - secrets = import ../../secrets; - SpeakerDaemon = writeText "speakerDaemon.c" '' #include <ctype.h> #include <stdlib.h> @@ -41,7 +39,7 @@ let if (curl) { curl_easy_setopt(curl, CURLOPT_WRITEDATA, dummy_writer); curl_easy_setopt(curl, CURLOPT_URL, "http://10.0.0.1:5000"); - curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "{\"accessToken\": \"${secrets.hosts.lollo.smartied.accessToken}\", \"type\": \"SwitchStateAction\", \"deviceName\": \"modbus-20\", \"relay\": 0, \"state\": false}"); + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "{\"accessToken\": \"${inputs.local-secrets.hosts.lollo.smartied.accessToken}\", \"type\": \"SwitchStateAction\", \"deviceName\": \"modbus-20\", \"relay\": 0, \"state\": false}"); res = curl_easy_perform(curl); if (res != CURLE_OK) fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res)); @@ -63,7 +61,7 @@ let if (curl) { curl_easy_setopt(curl, CURLOPT_WRITEDATA, dummy_writer); curl_easy_setopt(curl, CURLOPT_URL, "http://10.0.0.1:5000"); - curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "{\"accessToken\": \"${secrets.hosts.lollo.smartied.accessToken}\", \"type\": \"SwitchStateAction\", \"deviceName\": \"modbus-20\", \"relay\": 0, \"state\": true}"); + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "{\"accessToken\": \"${inputs.local-secrets.hosts.lollo.smartied.accessToken}\", \"type\": \"SwitchStateAction\", \"deviceName\": \"modbus-20\", \"relay\": 0, \"state\": true}"); res = curl_easy_perform(curl); if (res != CURLE_OK) fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
diff --git a/pkgs/default.nix b/pkgs/default.nix @@ -1,29 +1,30 @@ -{ pkgs, lib, ... }: +{ inputs, pkgs, lib, currentSystem, ... }: { imports = (builtins.concatLists [ - (if (builtins.currentSystem == "x86_64-linux") then [ + (if (currentSystem == "x86_64-linux") then [ ./overlays/linux.nix ] else []) - (if (builtins.currentSystem == "aarch64-darwin") then [ + (if (currentSystem == "aarch64-darwin") then [ ./overlays/darwin.nix ] else []) ]); nixpkgs.overlays = [ (final: prev: { + unstable = inputs.nixpkgsUnstable.legacyPackages.${prev.system}; writePythonScriptBin = (pkgs.callPackage ./writePythonScriptBin.nix {}).writePythonScriptBin; dns = import <dns.nix>; - agenix = pkgs.callPackage <agenix/pkgs/agenix.nix> {}; + agenix = inputs.agenix.defaultPackage."${currentSystem}"; yabai = pkgs.callPackage ./yabai.nix {}; asitop = pkgs.callPackage ./asitop.nix {}; bgiparser = pkgs.callPackage ./bgiparser.nix {}; XPCEventStreamHandler = pkgs.callPackage ./XPCEventStreamHandler {}; - SpeakerDaemon = pkgs.callPackage ./SpeakerDaemon {}; + SpeakerDaemon = pkgs.callPackage ./SpeakerDaemon {inherit inputs;}; garminexport = pkgs.callPackage ./garminexport.nix {}; phockup = pkgs.callPackage ./phockup.nix {};
diff --git a/secrets/default.nix.age b/secrets/default.nix.age @@ -1,78 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSTNDakJHUWxxVU5hY3Vw -eUlQemZrOTZHT2Jva3dPL0ZZTWxJelBoNmdzClFvNDdqdjRLT09oRmhseWlnckxS -SVJTZGJDWUozVjFPcnFpdHgrdlpCbk0KLS0tIHVzb21qeXE3TzZMWTFlVTAwbkM1 -YTYwYnpXY1pPVDdtZGk0bjg3WmkvTDQK6xuh5dKwQi1iSICbRunWARasV4+u7ky5 -V1+lJ+5NI+Q1/BLjtc3bRN3THSFCSVlRP1MWLw+nUY3D1jUd2PiYKKNF7He7JjyK -6IPk8DT8jETWvDLnQSEfcq5i0wdM1hiZ1lA1tClL72pyo6sbdnHZRFFcHuruBomo -qzQomXOb/Zatx7BilfzoxFaXULpBqHfYB6+Fmw4eLHFWO1U0PaFa/Yw0U7LGoOdQ -vF4/3SbhfnlxCJylFwL1pWlPzf3zz+JR8Jr2W5knhsTx/CsENyGqUVL1LkMBjFKq -AQY+2ONZY7f4TWgCoMBvBa28YMPATCHgLtgVOJMOThm4aTEtNR5LwKFKa4VATbla -cowXfh0Tv2u+JgOP1rmE6GJdQ0Xu9QkP3dNhEZqgP7/ZlT78pt55+8ASiJLHO8DW -c0ErL92j2REOSntMQ5eEAvK3fl9OHM+XQhNyh97pbbLeaqZ6FzIZJa4HHTlEK1hm -yZlZQBcATbB78Db2xEi46iUH53/geFzcgtpuEnP9xTzdSjra4pO/20CHmPGnPVFC -3Okbeas93v9V6h2e5QxL+6NlRpyKP09NkWSYFh+eLyainmAC5O/xb4la82HaqG04 -k/I1q/UlrxlX9oLC3MgQk9wDhCUZcy20mG45OCrYwfhFTI451p7ObS6DmljeH+SC -wPWUvM4c7+WGNKudZoso8hfkEEbE8/4FJmgMO5Z5TqAbL7pcjq3NWpAdftZfD0T9 -s0e8a0zO9/AllTNdoJRy2NvFrrrpOoMB14CLO1UbyXfM11kPBa+PAE82jNKE8XQb -62+pfRtgEawLqW89WolAgvCN9gkXZROb/GCGE3wyT3jxudNI5M3bWToO1i/vqwr/ -ckC7o1ukm5l48nBZa8GubWH+NLCfKOoXV0StHgppT7BpluQte/7gaWPKtyh19hie -p3G7+TzFaDHJi00E57XEGc9BEFPansvD+u9CtbztaMj52ZoJKj4WLReBiRLkyR9O -xR6Qguqu8hBfmPuBDpjHVUJwdJDSkG5S7IIAG83/z4fhO8R4IXbHhrUchEKJluqg -vH74aLu1G8CfnkeXrZ1+W7/H1whydbuuEGXr4fJ+LCI//Tw+nILMiAqcC0nXDQVf -NfHk7GmMPg587lX2ARSVQqxiotEjzd8pPIRUBvPpJRzv1Vu1J/jOZx79qDFkeyaq -mezRjBdR1I2/2sG+VyNKkas6II4uX7uCBkhKNA9o7xBllUZP+rJ1LPnCe81C6loC -fWAuiELAZvZKZkwUpaQ/+HzmWmD2BERSPWj/d4LQBYIwamo02uGivdMb+Ed7lqCF -v4r0aGyXmurI6C4e/XP/RvE96VcX5xZREq1PSZzyl+9ImXbVvXPlfexI78DL8CQc -U25R9aU/J4GWBNwU9WFiFt69+oxhYLoTognSW9fiz1gjnbqhM05tAWWQLbm4eTI6 -NHgI+UJsCSRXucHhJ782ZcSAXAMgXJaLQiCOiCIqeIDZoINobaPSA8ldXsj/VFjV -JG/8OJ2ku1cRhwjvYaa0qVS2VVnJ1oI1r5o9208kMmofsvJrIU73UokGQv6ntAmn -w5K+YflzUQsoyjQbwO6xfByKSvGUyUMA1SrVpj94YZvhzlMOx+WHmZ1mlTHwFlP1 -FNwarRX29+Fo/uOaKTyFghfgT6o7DZP8hy6q6KdPAbROSxRBROZtCsc67FBNHhFN -/ijHxPNCTyDLlJKEEAvu9YvYXDfKg6LMXaDn0RI1WfbILmlXWFjrDbi/wBBtd5uf -I3FjGckAbK+k36w1PabgAslLcKoanOSBFPsYo7XGzcq7iPmxKs82v11er/cwP3nJ -v9sGk+BLwj0BlTJQCTYbOOaB4gHNWKPXFbYsqZlsTIlLfHwso72udt0mTZDAZiD4 -Lj+8xyzXpCzbzTNyuABFAjReTJNO7ZteW9B8d/f2DpeoMCBGBk+unLQ5B6UUd70z -wmlFvghqBHMhfkg+dLvf0hlZmA87TJERX8qgoWRFuu/0u8lGhAcEsnp4pLgqavUN -YGcHIVTf3Y0ZYFOIUHBDPQrYCKHSEiMY729QYuJxHipxL+Lkah6BFodwTWli0R1k -pkC3FqpMGnezk7MloqDxUQsKewce32i8TqvdfRjy9V/l1zn445UbAc9nOuCYYB1w -C8N3e2977qBO6+wzr2PM6QI3mcOnZVc5sySwlRBV5teOrbMNiaz9lzrCwONmF7Mg -yTDzWj8AHb04+gjYIuHndNIvXoEPo2EpP67wjP+5LP7kwiwJtCNe9jgiJCsXVs3s -y2giUXjQYwco6FY/Jy0sfigdkJb7N/HZsvu2FjWicMqLf2z4rUMMDsAzITRXZ+hX -5XajuxJhilH1akY/GjoqelIWWqroJ1MAiSBJXjL3rESHkyaKWcrFRgrPC3nUjAl8 -Fb53sQ3l6bXcwInok+B5AEVW0taPcGrN0Ds3Egk71QcGLkb7zxLk19FL7KNeUJ7l -/Ws3MDaU7yEYB8XWaJ4mFoq86/a/fudBol60Sz+JwiweyKZufetO3RjeTVVyTvBU -Mdnq58u2ihg9aoGbNM4I4t4t5bESFWfbzQPAhnkRu49OMVe0QVm1sSJQFnmlX6tq -klpqB2dFbGXX1XnrP7xl+2jAc47WPf0vsekAjzmtoiW7k/ne9BTxT2wlXRNFq673 -xsAGqNoBNikvlTvWEToEIgyuvOGZ8wbaT+oM3Xv+KPPQqhhy/8MgKUpF+se3a/6d -ATRxu7uC0rJP2X2esvo0myxI8TOrBUsfUOe8y81AeGCwoButEUxYiOePdMhj51vI -CXykYWoK9Efgr70QoAk+wff5z/FwO8FFIox+lj2uWowWKDYrn0bvJOBFX8Qh+WZu -uo+97OCS1MpKLsVOF+enxOG0QCaHICIBvHjvEAA9Ji1ZTqXJ42kZCKO4EOa5oQM6 -zwCE+XKzuXrwP9IAwTh8YprTOOJQuZOXtjq8vTnJp2yr9uYZ5afyqTrr8YNy8HmN -+zzsCcg7umYje5pGK7LlKHyLriiQWfgtOia6WBRG5KGvpGNapLHkQ2ifLTLwfKy9 -5UxKPEw8tyUJ2t2owJYVMg2MT20L0QN5CYuPcpt0aD+QwP3uwuyInP5oDgQrEKkd -xZdLwiumD/o6JciAfSGgwZM331nAqO/TcNUZwSwR93XNzWHA4bhd7PVkXGNX1X6o -70xX9JaIkh1+VG/2BUGQ7tRzS7J8oqrjAgGuH8pRameLF7aEXUk01G3Kzlfbz+gt -HPvjQWbU1tgIEpcc1kMjhxPB+jgUir+40PEze9GUJZLNgx6kp3qykvBEMKW/ZYS6 -mEirTQtKJFk5qWnVsZkBHPDkTwNWCk8wOIW3ILFLiKExBiSHJBTdNoEGDbpzGwFV -z7ceUrxiepI4k6x/sFkCphMIaNdehWDD09YRvNV/yWolRZ+iHx8a7XfN68rb3iBt -EBaUtSGulbxuIh8W0hM4xuAJ1hBNac37dmGNbLCeRmlLVmrX3ZI5Cp5dyzip68lM -JoxwkHE3i+OgAaRI0cfJHq1EDV+o+85BH0EO80eMJ4udfRAqne4VvmBWD1STv4Mk -batDS/aOmnaRlqZbEnqMQokopM3JhNcuYiFq2S/jQZzK63wms943P7tV6/Opi23j -883dgqRuFDukNP8btJQwPbTKCpABvQK8rTCzguAAPW74vAaQ4Bo8M19eLuj2KSiW -N8/GGiMdHRv8bZ1WNoFH8aiDb7stSb6WbggZE3BSjrsokn7+2pEDhfDGnDKa0yEm -g0hgxcqPc33gFFYQiVU/4NBO/ycGqTM1XlRPT1gGHYE/3efgsBRBfd/TcRAWkbIU -Y6ZLfeOYcqt9/FtH4ZBbokMAWsQp8R+ev828pMRP2lWzWSH7MsiLmLHjjFpumpWT -e43ZphxkovpyndXAVkWRrTgpgzbIqW9N/fHKaxgUZQPYQPdJKnJ0nP+NjCVXJ+XH -UAIuQqsZKuDOOxJwd7eH+uL27KEz32TAsKDiqU0Ldtw4zBiEFF9KzhtkvwgQHYBw -+Brr5o5wZY7TZbmd2nsvSqJByikJT5KrF1a1jpu2q+ieblWv+PXOYyegn6z3aGHB -bFSJ2k1X0jvRZYedUI9zqAxAATtfSSyhQrdjwthvllOSwou+RIaHO8p9MgRjQaZl -ovtMIls5XwiZA6dqQ+l9s2VTrMNZln+XhHPmfHQKjEA2dpVqtyPfuTkSjkp/7qfK -oQxgjLh0RFo0uMTdwisx9AYY60vP2fKlX1iQOOzSzaEmH/2JcZZ4nenSaWWZ5khZ -/RT+OBjwfXQtyAtefgPY3Ftb/2bfO1L4KCnUeRrd28G9O0JkEe/SquFs4qoXCaG2 -uyEYwDFUCLnClVWtFi3rYBQd5w+R9+lxZVFWSUmjXSkfyvCcSPGH2qGtBvRSh7DY -lSyrpBgcfYkHeQWEKcwm/TfQPQfpWIdHXJwB+zU24pJ9TYoe+ohqVn6bavNDI/Kr -G7eABnfS7mtqZr0Q+N4Xs78oeL6shOwpejvXge+y4gCFqR2z3fqFJpr2TwUNHtZl -SnBkCqqjmNA73pJtaYrnG8CgRQ3sa/hHnuYQXoVDlMjNjzATHEb6CTZiceBmxo6W -5Pd/J1jty3ndK2MACfu6QiASXn/83UYZyKG1XwZG94QZRP1LRBPTmqbJWw== ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/flake.nix.age b/secrets/flake.nix.age @@ -0,0 +1,93 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTXcrYkxZaUJoNzdIcm05 +RjFmMXdzQnV2OEViR0sxL3Q4V0dXQkxDUEg4CmVxVkJXdjdKREZqYjNQL3hBaW9C +bWFRTHcxWFhOVVNGL3huN1hhajVKSHMKLS0tIGVHQ0FyV3VGUHgyd010d1E2RmZK +QUtDRWVvdVlkWUFvNGsyb1NKQkJ0d2cKhO+8AjsakX0xqIQgsG5yTkMvlRQmoLKf +JkQpLDvNbMqkpSjcCP7Z3TyGKm8pnpho7NTGicWPXy66AGjJhkObRj5z3FmG2KyW +NmywGu7QhTpYZO2Q+nqpmhDHwgWILhBAsha3RuCJz4bDk0mdpMNFrhk6sOsPteMj +qqo7ZUtrKSxic34gpymciMQMRSP5lUA7XYWlYYcne8w5PcPKUkSuUbpReZoKYqB4 +J1C7K/TQ0UVhU0z5ZZI5eHdTMobTsuwsjLKDPDpeo1enXAbqhbkVtxjCzh3EI9+r +uFQd3Nu09RevbOszsxuw1Vk0TarBxYyilqyVqkqy6ogx54NsE2NStVpIuTTAv8rS +DXY7afzfJvmPOJmvt4jxMlqGvGy5eehuaGSs6Pj9sLVDqKt4k8MSyGc0+ZOO/XEg +lhIlbiVlhttAnyBucQoJQvESu+xmpyx8qt6V0eLsYzR6c8xJTWkeYTqOdoALWzPp +dl/StEQIQk9pCy6Lh2mCjcnrjyRRJ2HqOoTmXH5dMiDmN+qz/XYE1rIklho1STlp +fMex+2yvM9hKmNjqVeoYNZKdzbUSHnpoQk/ZtaEoSpDxeDtD4dfrMb1bC+1Yrb/P +Cnn5EN8dCsX3UlrU+74kNSvP41abq7LsBlyA/TLI0Fs3zwQxWx4YN5qQSF8jmObd +v2Ac8oOekJ10FpfLihvjoo+6wJ+ak4zcYvUph+ggUnUJ6wLEDDVmyDQ9q4Eg0fOS +HjpsvWkJ9+mB64kbA3QxwVo3CsvTKhrwASZHQTxkfk3sUwKw6DK1Vy8TQHShBZNT +QwzNwUpV9PWDDumv8qWyZg5QgsMyyTLX2TCfBWFkGSvuN4BqeajMH7Sl4WRdZHvn +lm0tIUIuO/8Jlv31WzpKHf8Wl3uaflLLfduaNYPee8PPoQp72JZrNFH+gLPThKvy +rXaQ0afBOuShPjOfjWj7QCzQguDJg+Obyu7GdqfVFuhoZOjNlxFnAkSqUE+La5dl +26D0JDl41EOKxGR4sa6uaPmwtlIvRKd4utTv2XHO+Gy2P+Nvtb5t1GpPdJDuOgb0 +rX6R3cZZDm4fFaAqKU8xw9h3TQbbkLlyKnFea4ZUVq7bDgv4XmiDuDoCATSwthws +3pqQKdKDWEnaJ9WEdR/9sM+WKSM/+TbV3QL6Eu8y3k0erI+y8Y6m3L0i95VaNcwX +/p2B0hOzpBzM2WcEry8GwtO0oCBfhdb2cKBlXHk5RjdEA5bebILqOWut6UHGs62B +KCB7diX6G/gDeesEl1y4XzCxiXpHFUC222rCIGneuKJGEw0JrLfALC4efv8ATh19 +4qPJWKteVvaUJpRIaTGRuKN6ISBkK0D7bwaOXaHK0f5dhHgHpmLtcxDOrE+2FSeS +FhQaFDmlVs3GdgEAruSxvu6DXygIQkdUqVGDArJJNm3W/5kr7+LN4TG3cL1ma2oZ +SbdpuigE3o1x5ht1+w2dEYDF0qMOCgGSdyzx9C2xbf5pI3+sw1WBAY8VH8H8W9ws +5SYKmFEdjimjNKf6mwDJ895H6tULcfNnKQhFa54zEKZ8XB2dBz2itpI8PlS5a0Wv +Vnr/xdpEiCfoq9+0KT1S6q9QZIfCKDgiH8qAja6P8uZA4oMnW9QGbz9esAOyTNQ/ +acnHoiVeDS1TN9pnkfs4kBn6Tz3Rr7r6ztGyykdBgkUvcZOi//Z8fpS7qVW+pbwJ +yhmE7wNXETRHhV4/ad7ZjGX4fJ5PjHt1NlVwjTvbzo6ID+ISalS24s7UX0vdQrco +QCdrK5dEcFOuuxMJyDZzt+sXKN1pp+ro06gizvy+d2dLM1T9o6hTGXrTVo3duNC/ +O4VIWyJUEuX4x4+KXJUaH19Aawjt4FX5HSxuMrnGSeM4odXBinggwGrwlfpIfSDW +1DfHkbYvBGfuP6LtQh8FuIqrAnWOfRHw56eoAyqUC5xfP/pO0XYJnmS+ulj803mW +nFIgB1itj6U5O1GEiy4rZmVFosv9G543NWjrwPvXl2hMwyGrFOp4KLPGtwztHo6o +5CipNOoVsvtHIBpBQ0c9sxEt0BWmjl3+NPDRItTCi10cYD37XgZQSz/UpEOdjnH0 +Yx/oBEwiW3YTVvD9MBaHensknamPQcUr8q0Ty+3zpChV1rQgSEz226OeGykmS4hx +eUOzqMePDyAisBWWjLsBNWyWYLmf/pr/5ZUSsg4ZiRtvLwiwAum3BSUb8JTW+wxi +PqO5WJOcM9YIl8x2JmtbLmSvYYzYcavxyt9LcbYMQa6GgQKJafSfAjTmNjnw2g4F +c8fjud9T2Ld8WbJUpFVwoHv8CbFdkjhdGt8To9TSlhx1M0KMJczOX61innSLS4qg +oYc9SqaJUJ1lx6JKQWt97IJc4Nf6S5DOdKd01EnCS9kd5l/m0gT5fy9UooSk3dgj +YzNXd95lht1yv5YxMHSDViWzHTXPS7cmfSGQC9tJz/qmsyfTDKX6DSufc36w9/rg +3HYWr2UhrZ4UJGynqI9unwSfmNpeNHFEOeFIWkI5gh9eQKZtKevyPwBTcIPYLMwk +OoZbGRH6TQswhO1USNGF0QLN7dgBh5XAG7M9KvFOqcO+wwwB1iXNWKPv1KW6Md9b +gK/7VQw7PB2fLB5J0XY2vlLmNMEV/JzzDPOom8I+tZ6aSUUdnk9MU2kkJ0wc1UMi +wDNnPonLWeIqHADvgTrUV2Uar9E65DExDuAFy+H20oaHl0mkBbPpHVsR55h4mpK9 +0UJkffn8mvcfes1+/9eFVcC/KF5mnQd+o59AE8WtG8W7c0uFVuXcDD69ZhnnmQLS +SxCitjda8uY40VIBKhZr+PxaHSrKZpwWj4SoKxyOSYbQk9DjEBBOPvm/G2NjcTbQ +bsZ6FHuCzQkiAbI1KTs6BksEiv+8DpUzHek8D50WDlOztWuGuHqdHQo0DDmLI/VL +4Tv9BWiClq05LU42Ej9lIM7lgKahVPpmrRHxRT/5cPlzzhwrCeHeTuqfUEE6/LH7 +WU3JWhDbzKTguKkSgy91dQXEGz7JZWZVb+QHeuQGxnWlzWvV0qpInEUAsyE3qPkL +OMluQSwqRCj+df66xFymY6yP+e6ZFfzRdSamtOvDTtRAspE9btJDdw3OG0xNtJyU +WYzhzPlHg1Az/Y7EQoX+pYx3zZ9dTnL89WEd0FcJos41pi0a84SC710R1JrXXN5K +fSQ7QpqWyl+9EDFCMEk5jSS6CtD3qa5hUbY+c28BYCQK+UvZGAhDLPcKElbSq9py +WGVpPZ/pMY6maS3KFR+3xH8T4XAg3sqfK+NlW7Vs8TREImRf3YIixzkzRwWmuYjB +q6uNEIiQl7EV07p9ni1mvxUn1h4B3r7BWSSTBzdkIwoABL3bEoxtVtkF/PYkNrB4 +6nVFmww2dxlq7QB+0pwy6eGdRv704HaHq/qpD5/595hcgtysnEc0i+eB1ivhAo4p +UdbYa0W+HCn6wSitqHPOn0WLZuhIz1xtYQwYltFy8cbs2zYBGEGEDqC67+Xm8quN +WsjlnHF67zHUTVs2GPG6Jo5PfxsxfbFTglFbyx/ffa9oFyuGLhI/eAjPe4MNHxnV +4yTMyGhN1Zk/Bi+/8ZSXXKzYNePthcp/HsHJSRlpdOf+rlfaJ2fbMUA/J/xvMLJA +OfKiTM88fM1KsSxzL3ytQRRy/oRucV4CUSV4A6kAyCchomBz3TiE0RI6+SfQ9l58 +OXCapFo/AHFIgThJFPcmqGMAPbZ8oH6gawjcxraE59VssM56akKAy4ddsl1+guGT +E27BYYEHCardSrPMS9ivZTrVXgHf1P+2YughWZZvl4PMs63v4MTW6Uip1OTB9slP +QPVGLeKcbBxnLW/2WAMlh1cT8Q8lLB3r18ojz2NObaHy9K7TA8Rd6NyoTnpHfTws +SwcxPB/djGusx0K3s/HG4LYMSkrIp4QsZ4rfrYlRawpZQpx98JOgTkBDWjxItUHP +5kDJPXt/YynvvoEPr14ntNPfgtaNT1RGiO3UW0vKGdiy9uac++sj8DhEdX1tbieD +l+AKx3J0Fb/B/pi4YSIcwmao+V2FumLJNk4nFS/b1MDxzBbhCrWFqLw9o3GhrH3y +SThAVil5O6GdQldXD4KNrnj4gH4xyolpdTjICumEgjqvp2/ahcKS3yzTYm8W4e1R +8UJAi/fvmB6k37wuRPhhQzipuEBXwmMbBMLmPmlvPGqsqpS09wZxvKhB9qAzTOva +L06H1kb5qMHNGEu7NcDAJCIZAuHNboMLS4azIZFjsb37hDWS2/HZHhavk/Lo9vMM +99plYz3XlqKpBZWmhKPMF2A1tC8+9+F+36AkeC38Clf00MtHmfR5BHGwsMMK9I/q +zxXl43Oz4qbxrPtCvVh4gzqTQUK+KIqYJ1ho5wWciu7r26xgIiumjH5xgwmDoJw4 +vahPcLxRNemKYgpZv5lLNgGxYTxD488hoScAXt9U9qku7ceC0lHTLX20Lq3IEbRi +mkv2gS4JbRdZDju/AF3DCNFNVj7C5rCp+w4JHDl/wTHt/ymPURI7fb4Wmm/QqMUe +klJ9oK68vlPcVVbzBpJDwfZkvpLmjdr0onR+nXDM7/GzyQrBpkn+u8PjlAel0Haj +f/E/gA870gQJivs09k41ygsSM3hnqvBiUZRiiSMKAYewn/R87w3IGoky6vevolAz +ZUhHUcOUbzmHpogFV5Fn7lw/KjGno7NBxHhefesewAk3wr2Rfe4Vt9XfeJO/6Ybf +kxPkbrRWeowhiG9X9hXABB2LcxQweA2WpuPNh5IsRN3511X8Gzw+L2sujiX2/y9h +nnWrXrS/5iPPJpG/OVyJ3qtHO8nwRyI7TILxUZ7Btx0YbLEkaUWxD7l3iLDG+oYM +nsE2UiY0Aw8t07uCo9Eh8HeMaTYjS5IiEaLg5sYAng1D6BobRgwqsh863TTKkMcb +bVacVJydW9sv0ZWOFiygimHoXMhXHSFOa4BxZj4ONJm/CcfiWj2RIH5SgdXOYdGX +byrJuj9sm3kGOPDAmoBON/bVqbovG2KJzzclgCL32JJW+LrVbFjswYe4UCvVcPWX +1AUKlitddpAF0jFait2/Kxwt+51CHZl5hQyaDSevlFyLJSXguJE/aCXfgSQ5Bn3I +/NPegIUjwQWTy2/ukMgfjJiYQ/HosNOFHpYEJNh2XVQ9BePkHDuZw0/FOk5UvMNa +sPzZBK0x1GlYoDfC4gTyE01GZpXDFMuqo7y9Glkpvk7I40vR3gVUYBb07g7B880w +QXXXLO2iDse8gnZqez9P8IZqlajIlnsQnGBB5ff6I3PbGbRu34Xbu481cm/4A1fh +G8jiJVE/6Qh3xazrw20Vbjg8IqKqZG6Bo2wKOggLgdSrrbwQTkn4GZt0YV9r+IzP +d1gHVZewOcHGUL30htN0EZugNrRmFHne91hILy/4XrhydWPEe3waeKFO+ZCvqPnM +SBYc6/jLNqxw5Dv1wB+n6aoSetQwhdTtZNNo7Mcb2tJGxR24krrKkj3JaSDfcM16 +PhjEAI+746WRoRYFvAkT+51oM0SbR+VZk1ZyBCZvWfaHIhg2TZNY/sFLHQ+L+k26 +Ub31cjY= +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets b/secrets/secrets @@ -13,8 +13,8 @@ echo "$(pass agenix-privkey)" > $tempfile case $1 in "-e") - if [ -f 'default.nix' ]; then - age -i $tempfile --encrypt --armor --output default.nix.age default.nix + if [ -f "$HOME/proj/nix-secrets/flake.nix" ]; then + age -i $tempfile --encrypt --armor --output flake.nix.age $HOME/proj/nix-secrets/flake.nix else echo "There is no 'default.nix file!'" exit 1 @@ -22,7 +22,12 @@ case $1 in ;; "-d") - age -i $tempfile --decrypt --output default.nix default.nix.age + rm -rf $HOME/proj/nix-secrets + mkdir -p $HOME/proj/nix-secrets + git -C $HOME/proj/nix-secrets init --quiet + age -i $tempfile --decrypt --output $HOME/proj/nix-secrets/flake.nix flake.nix.age + git -C $HOME/proj/nix-secrets add flake.nix + git -C $HOME/proj/nix-secrets commit -m 'add secrets' --quiet ;; "")