ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use secret path for SSH identity files and refresh juni flake lock

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2026-01-06 16:09:54 -06:00
parent 200fe2b85e
commit aef5e24b12
2 changed files with 97 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

42
hosts/juni/flake.lock generated
View file

@ -6,11 +6,11 @@
}, },
"locked": { "locked": {
"dir": "flakes/beszel", "dir": "flakes/beszel",
"lastModified": 1767719747, "lastModified": 1767732316,
"narHash": "sha256-1ISVytokGTCP7MvZPpMBO2bT+/VY3mxjZdWx9BcdzlE=", "narHash": "sha256-9I401qLCTPogmoPDe5h4UdiIsT1XIX42jl5ICIUXfE8=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "c90766c206e859d3eb2b273b43ef713426849d48", "rev": "200fe2b85ed48c13a74d812038faa2274a843a69",
"revCount": 1067, "revCount": 1075,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}, },
@ -39,11 +39,11 @@
"common": { "common": {
"locked": { "locked": {
"dir": "flakes/common", "dir": "flakes/common",
"lastModified": 1767719747, "lastModified": 1767732316,
"narHash": "sha256-1ISVytokGTCP7MvZPpMBO2bT+/VY3mxjZdWx9BcdzlE=", "narHash": "sha256-9I401qLCTPogmoPDe5h4UdiIsT1XIX42jl5ICIUXfE8=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "c90766c206e859d3eb2b273b43ef713426849d48", "rev": "200fe2b85ed48c13a74d812038faa2274a843a69",
"revCount": 1067, "revCount": 1075,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}, },
@ -58,20 +58,14 @@
"plasma-manager": "plasma-manager" "plasma-manager": "plasma-manager"
}, },
"locked": { "locked": {
"dir": "flakes/de_plasma", "path": "../../flakes/de_plasma",
"lastModified": 1767719747, "type": "path"
"narHash": "sha256-1ISVytokGTCP7MvZPpMBO2bT+/VY3mxjZdWx9BcdzlE=",
"ref": "refs/heads/master",
"rev": "c90766c206e859d3eb2b273b43ef713426849d48",
"revCount": 1067,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}, },
"original": { "original": {
"dir": "flakes/de_plasma", "path": "../../flakes/de_plasma",
"type": "git", "type": "path"
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" },
} "parent": []
}, },
"flatpaks": { "flatpaks": {
"inputs": { "inputs": {
@ -79,11 +73,11 @@
}, },
"locked": { "locked": {
"dir": "flakes/flatpaks", "dir": "flakes/flatpaks",
"lastModified": 1767719747, "lastModified": 1767732316,
"narHash": "sha256-1ISVytokGTCP7MvZPpMBO2bT+/VY3mxjZdWx9BcdzlE=", "narHash": "sha256-9I401qLCTPogmoPDe5h4UdiIsT1XIX42jl5ICIUXfE8=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "c90766c206e859d3eb2b273b43ef713426849d48", "rev": "200fe2b85ed48c13a74d812038faa2274a843a69",
"revCount": 1067, "revCount": 1075,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}, },

140
hosts/juni/flake.nix
View file

@ -43,9 +43,9 @@
{ {
nixosConfigurations = { nixosConfigurations = {
"${configuration_name}" = ( "${configuration_name}" = (
lib.nixosSystem { lib.nixosSystem {
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs; };
modules = [ modules = [
inputs.nixos-hardware.nixosModules.framework-12-13th-gen-intel inputs.nixos-hardware.nixosModules.framework-12-13th-gen-intel
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
({ ({
@ -69,7 +69,7 @@
}) })
inputs.common.nixosModules.jetbrains_font inputs.common.nixosModules.jetbrains_font
inputs.secrets-bao.nixosModules.default inputs.secrets-bao.nixosModules.default
inputs.ros_neovim.nixosModules.default inputs.ros_neovim.nixosModules.default
({ ({
ringofstorms-nvim.includeAllRuntimeDependencies = true; ringofstorms-nvim.includeAllRuntimeDependencies = true;
@ -90,63 +90,81 @@
inputs.common.nixosModules.tailnet inputs.common.nixosModules.tailnet
inputs.common.nixosModules.remote_lio_builds inputs.common.nixosModules.remote_lio_builds
( (
{ inputs, lib, ... }: { inputs, lib, ... }:
let let
secrets = { secrets = {
headscale_auth = { headscale_auth = {
kvPath = "kv/data/machines/home_roaming/headscale_auth"; kvPath = "kv/data/machines/home_roaming/headscale_auth";
dependencies = [ "tailscaled" ]; dependencies = [ "tailscaled" ];
configChanges = { configChanges.services.tailscale.authKeyFile = "$SECRET_PATH";
services.tailscale.authKeyFile = "$SECRET_PATH"; };
}; nix2github = {
}; owner = "josh";
nix2github = { group = "users";
owner = "josh"; hmChanges.programs.ssh.matchBlocks."github.com".identityFile = "$SECRET_PATH";
group = "users"; };
kvPath = "kv/data/machines/home_roaming/nix2github"; nix2bitbucket = {
}; owner = "josh";
nix2bitbucket = { group = "users";
owner = "josh"; hmChanges.programs.ssh.matchBlocks."bitbucket.com".identityFile = "$SECRET_PATH";
group = "users"; };
kvPath = "kv/data/machines/home_roaming/nix2bitbucket"; nix2gitforgejo = {
}; owner = "josh";
nix2gitforgejo = { group = "users";
owner = "josh"; hmChanges.programs.ssh.matchBlocks."git.joshuabell.xyz".identityFile = "$SECRET_PATH";
group = "users"; };
kvPath = "kv/data/machines/home_roaming/nix2gitforgejo"; nix2lio = {
}; owner = "josh";
nix2lio = { group = "users";
owner = "josh"; hmChanges.programs.ssh.matchBlocks = lib.genAttrs [ "lio" "lio_" ] (_: {
group = "users"; identityFile = "$SECRET_PATH";
kvPath = "kv/data/machines/home_roaming/nix2lio"; });
}; };
}; nix2oren = {
in owner = "josh";
lib.mkMerge [ group = "users";
{ hmChanges.programs.ssh.matchBlocks.oren.identityFile = "$SECRET_PATH";
ringofstorms.secretsBao = { };
enable = true; nix2gpdPocket3 = {
zitadelKeyPath = "/machine-key.json"; owner = "josh";
openBaoAddr = "https://sec.joshuabell.xyz"; group = "users";
jwtAuthMountPath = "auth/zitadel-jwt"; hmChanges.programs.ssh.matchBlocks.gp3.identityFile = "$SECRET_PATH";
openBaoRole = "machines"; };
zitadelIssuer = "https://sso.joshuabell.xyz"; nix2t = {
zitadelProjectId = "344379162166820867"; owner = "josh";
inherit secrets; group = "users";
}; hmChanges.programs.ssh.matchBlocks = lib.genAttrs [ "t" "t_" ] (_: {
} identityFile = "$SECRET_PATH";
(inputs.secrets-bao.lib.applyConfigChanges secrets) });
] };
) };
in
lib.mkMerge [
{
ringofstorms.secretsBao = {
enable = true;
zitadelKeyPath = "/machine-key.json";
openBaoAddr = "https://sec.joshuabell.xyz";
jwtAuthMountPath = "auth/zitadel-jwt";
openBaoRole = "machines";
zitadelIssuer = "https://sso.joshuabell.xyz";
zitadelProjectId = "344379162166820867";
inherit secrets;
};
}
(inputs.secrets-bao.lib.applyConfigChanges secrets)
(inputs.secrets-bao.lib.applyHmChanges secrets)
]
)
# inputs.beszel.nixosModules.agent inputs.beszel.nixosModules.agent
# ({ ({
# beszelAgent = { beszelAgent = {
# token = "2fb5f0a0-24aa-4044-a893-6d0f916cd063"; token = "2fb5f0a0-24aa-4044-a893-6d0f916cd063";
# }; };
# } }
# ) )
./hardware-configuration.nix ./hardware-configuration.nix
./hardware-mounts.nix ./hardware-mounts.nix
@ -176,7 +194,7 @@
inputs.common.homeManagerModules.starship inputs.common.homeManagerModules.starship
inputs.common.homeManagerModules.zoxide inputs.common.homeManagerModules.zoxide
inputs.common.homeManagerModules.zsh inputs.common.homeManagerModules.zsh
# inputs.common.homeManagerModules.ssh inputs.common.homeManagerModules.ssh
( (
{ ... }: { ... }:
{ {