remove secrets and agenix since nothing uses them

author: Franck Cuny <franck@fcuny.net> 2024-12-28 13:14:34 -0800
committer: Franck Cuny <franck@fcuny.net> 2024-12-28 13:14:34 -0800
commit: 1f11bea4be519cbf2b08daac19acef93d2cb181a (patch)
tree: afc4df047b9ba927a19f730eacab5c4876ab0873
parent: removed a few services from vm-synology (diff)
download: infra-1f11bea4be519cbf2b08daac19acef93d2cb181a.tar.gz
8 files changed, 6 insertions, 159 deletions
diff --git a/README.md b/README.md
index 0fd9de9..154709f 100644
--- a/README.md
+++ b/README.md
@@ -1,40 +1 @@
 Tools, scripts, and configurations for my machines.
-
-# Secret management with `agenix`
-I use `[agenix](https://github.com/ryantm/agenix)` to manage secrets.
-
-## Create a new secret
-To create a new secret:
-```shell
-cd secrets
-agenix -e <name of the secret>.age
-```
-
-## Manage the secrets
-In [secrets.nix](secrets/secrets.nix) you need to add the secret and who need to have access to it.
-
-In the configuration for one of the host, you'll then need to add:
-```nix
-age.secrets.restic = {
-    file = ../../../secrets/restic-backups.age;
-    owner = "root";
-    group = "root";
-    path = "/etc/restic/secret";
-    mode = "600";
-};
-```
-
-## Edit secrets
-This is the easiest command to work with 1password:
-```shell
-agenix -e restic-backups.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub)
-```
-
-There's a target in the [Justfile](justfile) to edit the secrets: `just secrets <secret-name>`.
-
-# Services
-
-## ddns-updater
-This service runs on `vm-synology`.
-
-There's a web UI accessible at <http://vm-synology:8000> to check the status of the updates.
diff --git a/flake.lock b/flake.lock
index e6a5185..6960949 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,53 +1,8 @@
 {
   "nodes": {
-    "agenix": {
-      "inputs": {
-        "darwin": "darwin",
-        "home-manager": "home-manager",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1723293904,
-        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
-        "owner": "ryantm",
-        "repo": "agenix",
-        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
-        "type": "github"
-      },
-      "original": {
-        "owner": "ryantm",
-        "repo": "agenix",
-        "type": "github"
-      }
-    },
     "darwin": {
       "inputs": {
         "nixpkgs": [
-          "agenix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1700795494,
-        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
-        "owner": "lnl7",
-        "repo": "nix-darwin",
-        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "lnl7",
-        "ref": "master",
-        "repo": "nix-darwin",
-        "type": "github"
-      }
-    },
-    "darwin_2": {
-      "inputs": {
-        "nixpkgs": [
           "nixpkgs"
         ]
       },
@@ -103,7 +58,7 @@
     },
     "flake-utils": {
       "inputs": {
-        "systems": "systems_2"
+        "systems": "systems"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -143,27 +98,6 @@
     "home-manager": {
       "inputs": {
         "nixpkgs": [
-          "agenix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1703113217,
-        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "type": "github"
-      }
-    },
-    "home-manager_2": {
-      "inputs": {
-        "nixpkgs": [
           "nixpkgs"
         ]
       },
@@ -239,11 +173,10 @@
     },
     "root": {
       "inputs": {
-        "agenix": "agenix",
-        "darwin": "darwin_2",
+        "darwin": "darwin",
         "devshell": "devshell",
         "flake-utils": "flake-utils",
-        "home-manager": "home-manager_2",
+        "home-manager": "home-manager",
         "nixpkgs": "nixpkgs",
         "pre-commit-hooks": "pre-commit-hooks",
         "treefmt-nix": "treefmt-nix"
@@ -264,21 +197,6 @@
         "type": "github"
       }
     },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "treefmt-nix": {
       "inputs": {
         "nixpkgs": [
diff --git a/flake.nix b/flake.nix
index 740ee94..2e85e3f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -31,10 +31,6 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    agenix = {
-      url = "github:ryantm/agenix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
   };
 
   # Output config, or config for NixOS system
@@ -47,7 +43,7 @@
       pre-commit-hooks,
       devshell,
       treefmt-nix,
-      agenix,
+
       ...
     }@inputs:
     flake-utils.lib.eachDefaultSystem (
@@ -90,9 +86,9 @@
         devShells.default = pkgs.devshell.mkShell {
           packages = with pkgs; [
             just
-            agenix
+
             treefmt
-            inputs.agenix.packages."${system}".default
+
           ];
           devshell.startup.pre-commit.text = self.checks.${system}.pre-commit-check.shellHook;
           env = [
diff --git a/justfile b/justfile
index b6cdc21..f99e6c5 100644
--- a/justfile
+++ b/justfile
@@ -49,13 +49,6 @@ history:
 gcroot:
     ls -al /nix/var/nix/gcroots/auto/
 
-[doc('edit a secret')]
-[group('secrets')]
-[macos]
-secrets +args:
-    #!/usr/bin/env fish
-    cd secrets && agenix -e {{ args }}.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub)
-
 [doc('build the configuration for the current host')]
 [group('machines')]
 [macos]
diff --git a/nix/lib/mkSystem.nix b/nix/lib/mkSystem.nix
index b54a4f4..b0f17ee 100644
--- a/nix/lib/mkSystem.nix
+++ b/nix/lib/mkSystem.nix
@@ -40,8 +40,6 @@ systemFunc rec {
       };
     }
 
-    inputs.agenix.nixosModules.default
-
     # We expose some extra arguments so that our modules can parameterize
     # better based on these values.
     {
diff --git a/secrets/ddns-updater.age b/secrets/ddns-updater.age
deleted file mode 100644
index 7089031..0000000
--- a/secrets/ddns-updater.age
+++ /dev/null
diff --git a/secrets/restic-backups.age b/secrets/restic-backups.age
deleted file mode 100644
index 70c4bcc..0000000
--- a/secrets/restic-backups.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 9Ia8+w yiSD9W1I3M/Rg8c6QpzRpEd7eNVLjfISYFh/3/dVgl0
-bR8A17+lv7sStJyxhsr8zQROWdzUbVWMkttpIXXA4tw
--> ssh-ed25519 pXC0Mg 6kBmBLXNvNzA/8a1XYTB5cZpSgL+6D2aeg23cy1GqU0
-MN7srTewbHXBWPOd8LAQdPF8TKZ7t3Fi1rOncDOCfoU
---- lNp487YxUggnR0bhdm4QA+1kYFdvbT34W79CzLWXE7I
-;^�{_Wp����[��gy[`��(4r�m��۶h����gOG�
-\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
deleted file mode 100644
index 34439cd..0000000
--- a/secrets/secrets.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-let
-  fcuny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
-  users = [ fcuny ];
-  vm-synology = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHf5gXGbOjaoqdpCDnHjBMhikuM0smLKhUo7J83+by+K";
-in
-{
-  "restic-backups.age".publicKeys = [
-    fcuny
-    vm-synology
-  ];
-  "ddns-updater.age".publicKeys = users ++ [ vm-synology ];
-}
author	Franck Cuny <franck@fcuny.net>	2024-12-28 13:14:34 -0800
committer	Franck Cuny <franck@fcuny.net>	2024-12-28 13:14:34 -0800
commit	1f11bea4be519cbf2b08daac19acef93d2cb181a (patch)
tree	afc4df047b9ba927a19f730eacab5c4876ab0873
parent	removed a few services from vm-synology (diff)
download	infra-1f11bea4be519cbf2b08daac19acef93d2cb181a.tar.gz