diff --git a/flakes/common/hm_modules/ssh.nix b/flakes/common/hm_modules/ssh.nix index e3f0ab9a..76b30078 100644 --- a/flakes/common/hm_modules/ssh.nix +++ b/flakes/common/hm_modules/ssh.nix @@ -4,11 +4,10 @@ ... }: let - inherit (osConfig) age; hasSecret = secret: let - secrets = age.secrets or { }; + secrets = osConfig.age.secrets or { }; in secrets ? ${secret} && secrets.${secret} != null; in @@ -39,39 +38,39 @@ in # EXTERNAL "github.com" = lib.mkIf (hasSecret "nix2github") { - identityFile = age.secrets.nix2github.path; + identityFile = osConfig.age.secrets.nix2github.path; }; "bitbucket.org" = lib.mkIf (hasSecret "nix2bitbucket") { - identityFile = age.secrets.nix2bitbucket.path; + identityFile = osConfig.age.secrets.nix2bitbucket.path; }; "git.joshuabell.xyz" = { - identityFile = lib.mkIf (hasSecret "nix2gitforgejo") age.secrets.nix2gitforgejo.path; + identityFile = lib.mkIf (hasSecret "nix2gitforgejo") osConfig.age.secrets.nix2gitforgejo.path; user = "git"; }; # PERSONAL DEVICES "lio" = { - identityFile = lib.mkIf (hasSecret "nix2lio") age.secrets.nix2lio.path; + identityFile = lib.mkIf (hasSecret "nix2lio") osConfig.age.secrets.nix2lio.path; user = "josh"; }; "lio_" = { - identityFile = lib.mkIf (hasSecret "nix2lio") age.secrets.nix2lio.path; + identityFile = lib.mkIf (hasSecret "nix2lio") osConfig.age.secrets.nix2lio.path; hostname = "10.12.14.116"; user = "josh"; }; "oren" = { - identityFile = lib.mkIf (hasSecret "nix2oren") age.secrets.nix2oren.path; + identityFile = lib.mkIf (hasSecret "nix2oren") osConfig.age.secrets.nix2oren.path; user = "josh"; }; "juni" = { - identityFile = lib.mkIf (hasSecret "nix2nix") age.secrets.nix2nix.path; + identityFile = lib.mkIf (hasSecret "nix2nix") osConfig.age.secrets.nix2nix.path; user = "josh"; }; "gp3" = { - identityFile = lib.mkIf (hasSecret "nix2gpdPocket3") age.secrets.nix2gpdPocket3.path; + identityFile = lib.mkIf (hasSecret "nix2gpdPocket3") osConfig.age.secrets.nix2gpdPocket3.path; user = "josh"; }; "t" = { - identityFile = lib.mkIf (hasSecret "nix2t") age.secrets.nix2t.path; + identityFile = lib.mkIf (hasSecret "nix2t") osConfig.age.secrets.nix2t.path; user = "joshua.bell"; localForwards = [ { @@ -85,7 +84,7 @@ in }; }; "t_" = { - identityFile = lib.mkIf (hasSecret "nix2t") age.secrets.nix2t.path; + identityFile = lib.mkIf (hasSecret "nix2t") osConfig.age.secrets.nix2t.path; hostname = "10.12.14.181"; user = "joshua.bell"; localForwards = [ @@ -101,54 +100,54 @@ in }; # HOME SERVERS "h001" = { - identityFile = lib.mkIf (hasSecret "nix2h001") age.secrets.nix2h001.path; + identityFile = lib.mkIf (hasSecret "nix2h001") osConfig.age.secrets.nix2h001.path; user = "luser"; }; "h001_" = { - identityFile = lib.mkIf (hasSecret "nix2h001") age.secrets.nix2h001.path; + identityFile = lib.mkIf (hasSecret "nix2h001") osConfig.age.secrets.nix2h001.path; hostname = "10.12.14.10"; user = "luser"; }; "h002" = { - identityFile = lib.mkIf (hasSecret "nix2nix") age.secrets.nix2nix.path; + identityFile = lib.mkIf (hasSecret "nix2nix") osConfig.age.secrets.nix2nix.path; user = "luser"; }; "h002_" = { - identityFile = lib.mkIf (hasSecret "nix2nix") age.secrets.nix2nix.path; + identityFile = lib.mkIf (hasSecret "nix2nix") osConfig.age.secrets.nix2nix.path; hostname = "10.12.14.183"; user = "luser"; }; "h003" = { - identityFile = lib.mkIf (hasSecret "nix2h003") age.secrets.nix2h003.path; + identityFile = lib.mkIf (hasSecret "nix2h003") osConfig.age.secrets.nix2h003.path; hostname = "10.12.14.1"; user = "luser"; }; "h003_" = { - identityFile = lib.mkIf (hasSecret "nix2h003") age.secrets.nix2h003.path; + identityFile = lib.mkIf (hasSecret "nix2h003") osConfig.age.secrets.nix2h003.path; user = "luser"; }; # LINODE SERVERS "l001" = { - identityFile = lib.mkIf (hasSecret "nix2linode") age.secrets.nix2linode.path; + identityFile = lib.mkIf (hasSecret "nix2linode") osConfig.age.secrets.nix2linode.path; hostname = "172.236.111.33"; # Not on the tailscale network it is the primary host user = "root"; }; "l002_" = { - identityFile = lib.mkIf (hasSecret "nix2linode") age.secrets.nix2linode.path; + identityFile = lib.mkIf (hasSecret "nix2linode") osConfig.age.secrets.nix2linode.path; hostname = "172.234.26.141"; user = "root"; }; "l002" = { - identityFile = lib.mkIf (hasSecret "nix2linode") age.secrets.nix2linode.path; + identityFile = lib.mkIf (hasSecret "nix2linode") osConfig.age.secrets.nix2linode.path; user = "root"; }; # ORACLE SERVERS "o001" = { - identityFile = lib.mkIf (hasSecret "nix2oracle") age.secrets.nix2oracle.path; + identityFile = lib.mkIf (hasSecret "nix2oracle") osConfig.age.secrets.nix2oracle.path; user = "root"; }; "o001_" = { - identityFile = lib.mkIf (hasSecret "nix2oracle") age.secrets.nix2oracle.path; + identityFile = lib.mkIf (hasSecret "nix2oracle") osConfig.age.secrets.nix2oracle.path; hostname = "64.181.210.7"; user = "root"; }; diff --git a/flakes/common/nix_modules/tailnet.nix b/flakes/common/nix_modules/tailnet.nix index fe9e9be8..bcc151e4 100644 --- a/flakes/common/nix_modules/tailnet.nix +++ b/flakes/common/nix_modules/tailnet.nix @@ -4,6 +4,14 @@ lib, ... }: +let + hasSecret = + secret: + let + secrets = config.age.secrets or { }; + in + secrets ? ${secret} && secrets.${secret} != null; +in { environment.systemPackages = with pkgs; [ tailscale ]; boot.kernelModules = [ "tun" ]; @@ -12,7 +20,7 @@ enable = true; openFirewall = true; useRoutingFeatures = "client"; - authKeyFile = config.age.secrets.headscale_auth.path; + authKeyFile = lib.mkIf (hasSecret "headscale_auth") config.age.secrets.headscale_auth.path; extraUpFlags = [ "--login-server=https://headscale.joshuabell.xyz" ]; diff --git a/hosts/juni/flake.lock b/hosts/juni/flake.lock index d81ab9f8..35d0db16 100644 --- a/hosts/juni/flake.lock +++ b/hosts/juni/flake.lock @@ -6,11 +6,11 @@ }, "locked": { "dir": "flakes/beszel", - "lastModified": 1767737541, - "narHash": "sha256-7e8xFdNxTJpP8X85gJ/l5czveU3qKw8VUK889BYHsP8=", + "lastModified": 1767743368, + "narHash": "sha256-mdCzyG8OHo7XNaqN9fKQjoZO8/w6/grgisexOsUcrKI=", "ref": "refs/heads/master", - "rev": "abf8f5381d683a3968239206d69b0a5ad6852799", - "revCount": 1078, + "rev": "c223dedb701601f1b19e1c347396d19ca7aeb418", + "revCount": 1086, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -38,20 +38,14 @@ }, "common": { "locked": { - "dir": "flakes/common", - "lastModified": 1767737953, - "narHash": "sha256-rHqjhsGc8iInvJ7tw3jqS6H3U0Z6TTYU6fMyiErNnNs=", - "ref": "refs/heads/master", - "rev": "8cd92aaba4d4db2d605f597eb68f501b9069efee", - "revCount": 1080, - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" + "path": "../../flakes/common", + "type": "path" }, "original": { - "dir": "flakes/common", - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" - } + "path": "../../flakes/common", + "type": "path" + }, + "parent": [] }, "de_plasma": { "inputs": { @@ -73,11 +67,11 @@ }, "locked": { "dir": "flakes/flatpaks", - "lastModified": 1767737541, - "narHash": "sha256-7e8xFdNxTJpP8X85gJ/l5czveU3qKw8VUK889BYHsP8=", + "lastModified": 1767743368, + "narHash": "sha256-mdCzyG8OHo7XNaqN9fKQjoZO8/w6/grgisexOsUcrKI=", "ref": "refs/heads/master", - "rev": "abf8f5381d683a3968239206d69b0a5ad6852799", - "revCount": 1078, + "rev": "c223dedb701601f1b19e1c347396d19ca7aeb418", + "revCount": 1086, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -1141,11 +1135,11 @@ }, "locked": { "dir": "flakes/opencode", - "lastModified": 1767737541, - "narHash": "sha256-7e8xFdNxTJpP8X85gJ/l5czveU3qKw8VUK889BYHsP8=", + "lastModified": 1767743368, + "narHash": "sha256-mdCzyG8OHo7XNaqN9fKQjoZO8/w6/grgisexOsUcrKI=", "ref": "refs/heads/master", - "rev": "abf8f5381d683a3968239206d69b0a5ad6852799", - "revCount": 1078, + "rev": "c223dedb701601f1b19e1c347396d19ca7aeb418", + "revCount": 1086, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, diff --git a/hosts/juni/flake.nix b/hosts/juni/flake.nix index 9ec10aef..e6177c8a 100644 --- a/hosts/juni/flake.nix +++ b/hosts/juni/flake.nix @@ -9,8 +9,8 @@ impermanence.url = "github:nix-community/impermanence"; # Use relative to get current version for testin - # common.url = "path:../../flakes/common"; - common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common"; + common.url = "path:../../flakes/common"; + # common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common"; # secrets-bao.url = "path:../../flakes/secrets-bao"; # NOTE: using an absolute path so this works before you commit/push. # After you add `flakes/secrets-bao` to the repo, switch to a git URL like your other flakes.