Merge branch 'master' of github.com:RingOfStorms/dotfiles

flake.lock

@@ -110,11 +110,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1709884566,
-        "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=",
+        "lastModified": 1710197026,
+        "narHash": "sha256-0OdO4FsI7isTUKIGoFF6YRSp0H9oRAnb9ET1SlNu5G4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e",
+        "rev": "9c1dfe2db4be1095cc221e97a54323bc55d42696",
         "type": "github"
       },
       "original": {

flake.nix

@@ -21,10 +21,11 @@
     # home-manager = { };
   };
 
-  outputs = { self, nypkgs, nixpkgs, ragenix, ... } @ args:
+  outputs = { self, nypkgs, nixpkgs, ... } @ inputs:
     let
       nixosSystem = nixpkgs.lib.nixosSystem;
       mkMerge = nixpkgs.lib.mkMerge;
+
       settings = {
         system = {
           hostname = "gpdPocket3";
@@ -39,21 +40,20 @@
             name = "RingOfStorms (Joshua Bell)";
           };
         };
-        usersDir = ./users;
-        systemsDir = ./systems;
-        commonDir = ./_common;
         flakeDir = ./.;
+        secretsDir = ./secrets;
+        systemsDir = ./systems;
+        usersDir = ./users;
       };
 
       ypkgs = nypkgs.legacyPackages.${settings.system.architecture};
       ylib = ypkgs.lib;
-      ragenixPkg = ragenix.packages.${settings.system.architecture}.default;
     in
     {
       nixosConfigurations.${settings.system.hostname} = nixosSystem {
         system = settings.system.architecture;
         modules = [ ./systems/_common/configuration.nix ./systems/${settings.system.hostname}/configuration.nix ];
-        specialArgs = args // { inherit settings; inherit ylib; inherit ragenixPkg; };
+        specialArgs = inputs // { inherit settings; inherit ylib; };
       };
       # homeConfigurations = { };
     };

secrets/secrets.nix

@@ -6,8 +6,6 @@
 # from authority
 # `nix run github:yaxitech/ragenix/ -- -i ~/.ssh/ragenix_authority --rules /etc/nixos/secrets/secrets.nix` <-r(eykey)|-e(edit) <File>>
 
-# Creating a new secret: 
-
 let
   publicKeys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBdG4tG18VeuEr/g4GM7HWUzHuUVcR9k6oS3TPBs4JRF ragenix authority key"

systems/_common/configuration.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, settings, ylib, ragenixPkg, ... }:
+{ config, lib, pkgs, settings, ylib, ... } @ args:
 let
   home-manager = builtins.fetchTarball {
     url = "https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz";
@@ -14,6 +14,7 @@ in
       (/${settings.systemsDir}/${settings.system.hostname}/hardware-configuration.nix)
       # home manager import
       (import "${home-manager}/nixos")
+      # ./ragenix.nix
     ];
 
   # Enable flakes
@@ -23,7 +24,7 @@ in
   security.polkit.enable = true;
   home-manager.useUserPackages = true;
   home-manager.useGlobalPkgs = true;
-  home-manager.extraSpecialArgs = { inherit settings; inherit ylib; };
+  home-manager.extraSpecialArgs = args;
 
   # ==========
   #   Common
@@ -61,9 +62,6 @@ in
     git
     fzf
     ripgrep
-
-    # nix secrets
-    ragenixPkg
   ];
 
   environment.shellAliases = {

systems/_common/ragenix.nix

@@ -0,0 +1,23 @@
+# TODO check out the by host way this person does: https://github.com/hlissner/dotfiles/blob/089f1a9da9018df9e5fc200c2d7bef70f4546026/modules/agenix.nix
+{ settings, lib, inputs, ... }:
+let
+  secretsDir = "${settings.secretsDir}";
+  secretsFile = "${secretsDir}/secrets.nix";
+in
+{
+  # imports = [ inputs.ragenix.nixosModules.age ];
+  environment.systemPackages = [ inputs.ragenix.defaultPackage.${settings.system.architecture} ];
+
+  # age = {
+  #   secrets =
+  #     if pathExists secretsFile
+  #     then
+  #       mapAttrs'
+  #         (n: _: nameValuePair (removeSuffix ".age" n) {
+  #           file = "${secretsDir}/${n}";
+  #           owner = mkDefault settings.user.username; # TODO and root? or does that matter...
+  #         })
+  #         (import secretsFile)
+  #     else { };
+  # };
+}

users/_common/home.nix

@@ -5,8 +5,9 @@
   home.username = settings.user.username;
   home.homeDirectory = "/home/${settings.user.username}";
 
-  # We always want a standard ssh key-pair used for secret management, create it if not there.
-  home.activation.generateSshKey = lib.hm.dag.entryAfter [ "writeBoundary" ] (import ./generate_ssh_key.nix args);
-
-  imports = ylib.umport { paths = [ ./programs ]; recursive = true; };
+  imports = ylib.umport {
+    paths = [ ./programs ];
+    recursive = true;
+    exclude = [ ./programs/ssh/generate_ssh_key.nix ];
+  };
 }

users/_common/programs/ssh/ssh.nix

@@ -0,0 +1,17 @@
+{ lib, ... } @ args:
+{
+  # We always want a standard ssh key-pair used for secret management, create it if not there.
+  home.activation.generateSshKey = lib.hm.dag.entryAfter [ "writeBoundary" ] (import ./generate_ssh_key.nix args);
+
+  programs.ssh = {
+    enable = true;
+    matchBlocks = {
+      github = {
+        hostname = "github.com";
+        # TODO lEFT OFF HERE TRYING TO GET THIS TO WORK
+        # identityFile = age.secrets.test1.file;
+      };
+    };
+  };
+}
+

users/josh/home.nix

@@ -1,4 +1,4 @@
-{ settings, ylib, ... } @ _args:
+{ settings, ylib, ... }:
 {
   imports =
     # Common settings all users share