aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--README.md39
-rw-r--r--flake.lock88
-rw-r--r--flake.nix10
-rw-r--r--justfile7
-rw-r--r--nix/lib/mkSystem.nix2
-rw-r--r--secrets/ddns-updater.agebin982 -> 0 bytes
-rw-r--r--secrets/restic-backups.age7
-rw-r--r--secrets/secrets.nix12
8 files changed, 6 insertions, 159 deletions
diff --git a/README.md b/README.md
index 0fd9de9..154709f 100644
--- a/README.md
+++ b/README.md
@@ -1,40 +1 @@
Tools, scripts, and configurations for my machines.
-
-# Secret management with `agenix`
-I use `[agenix](https://github.com/ryantm/agenix)` to manage secrets.
-
-## Create a new secret
-To create a new secret:
-```shell
-cd secrets
-agenix -e <name of the secret>.age
-```
-
-## Manage the secrets
-In [secrets.nix](secrets/secrets.nix) you need to add the secret and who need to have access to it.
-
-In the configuration for one of the host, you'll then need to add:
-```nix
-age.secrets.restic = {
- file = ../../../secrets/restic-backups.age;
- owner = "root";
- group = "root";
- path = "/etc/restic/secret";
- mode = "600";
-};
-```
-
-## Edit secrets
-This is the easiest command to work with 1password:
-```shell
-agenix -e restic-backups.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub)
-```
-
-There's a target in the [Justfile](justfile) to edit the secrets: `just secrets <secret-name>`.
-
-# Services
-
-## ddns-updater
-This service runs on `vm-synology`.
-
-There's a web UI accessible at <http://vm-synology:8000> to check the status of the updates.
diff --git a/flake.lock b/flake.lock
index e6a5185..6960949 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,53 +1,8 @@
{
"nodes": {
- "agenix": {
- "inputs": {
- "darwin": "darwin",
- "home-manager": "home-manager",
- "nixpkgs": [
- "nixpkgs"
- ],
- "systems": "systems"
- },
- "locked": {
- "lastModified": 1723293904,
- "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
- "owner": "ryantm",
- "repo": "agenix",
- "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
- "type": "github"
- },
- "original": {
- "owner": "ryantm",
- "repo": "agenix",
- "type": "github"
- }
- },
"darwin": {
"inputs": {
"nixpkgs": [
- "agenix",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1700795494,
- "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
- "owner": "lnl7",
- "repo": "nix-darwin",
- "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
- "type": "github"
- },
- "original": {
- "owner": "lnl7",
- "ref": "master",
- "repo": "nix-darwin",
- "type": "github"
- }
- },
- "darwin_2": {
- "inputs": {
- "nixpkgs": [
"nixpkgs"
]
},
@@ -103,7 +58,7 @@
},
"flake-utils": {
"inputs": {
- "systems": "systems_2"
+ "systems": "systems"
},
"locked": {
"lastModified": 1731533236,
@@ -143,27 +98,6 @@
"home-manager": {
"inputs": {
"nixpkgs": [
- "agenix",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1703113217,
- "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
- "owner": "nix-community",
- "repo": "home-manager",
- "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "home-manager",
- "type": "github"
- }
- },
- "home-manager_2": {
- "inputs": {
- "nixpkgs": [
"nixpkgs"
]
},
@@ -239,11 +173,10 @@
},
"root": {
"inputs": {
- "agenix": "agenix",
- "darwin": "darwin_2",
+ "darwin": "darwin",
"devshell": "devshell",
"flake-utils": "flake-utils",
- "home-manager": "home-manager_2",
+ "home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks",
"treefmt-nix": "treefmt-nix"
@@ -264,21 +197,6 @@
"type": "github"
}
},
- "systems_2": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
- },
"treefmt-nix": {
"inputs": {
"nixpkgs": [
diff --git a/flake.nix b/flake.nix
index 740ee94..2e85e3f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -31,10 +31,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
- agenix = {
- url = "github:ryantm/agenix";
- inputs.nixpkgs.follows = "nixpkgs";
- };
};
# Output config, or config for NixOS system
@@ -47,7 +43,7 @@
pre-commit-hooks,
devshell,
treefmt-nix,
- agenix,
+
...
}@inputs:
flake-utils.lib.eachDefaultSystem (
@@ -90,9 +86,9 @@
devShells.default = pkgs.devshell.mkShell {
packages = with pkgs; [
just
- agenix
+
treefmt
- inputs.agenix.packages."${system}".default
+
];
devshell.startup.pre-commit.text = self.checks.${system}.pre-commit-check.shellHook;
env = [
diff --git a/justfile b/justfile
index b6cdc21..f99e6c5 100644
--- a/justfile
+++ b/justfile
@@ -49,13 +49,6 @@ history:
gcroot:
ls -al /nix/var/nix/gcroots/auto/
-[doc('edit a secret')]
-[group('secrets')]
-[macos]
-secrets +args:
- #!/usr/bin/env fish
- cd secrets && agenix -e {{ args }}.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub)
-
[doc('build the configuration for the current host')]
[group('machines')]
[macos]
diff --git a/nix/lib/mkSystem.nix b/nix/lib/mkSystem.nix
index b54a4f4..b0f17ee 100644
--- a/nix/lib/mkSystem.nix
+++ b/nix/lib/mkSystem.nix
@@ -40,8 +40,6 @@ systemFunc rec {
};
}
- inputs.agenix.nixosModules.default
-
# We expose some extra arguments so that our modules can parameterize
# better based on these values.
{
diff --git a/secrets/ddns-updater.age b/secrets/ddns-updater.age
deleted file mode 100644
index 7089031..0000000
--- a/secrets/ddns-updater.age
+++ /dev/null
Binary files differ
diff --git a/secrets/restic-backups.age b/secrets/restic-backups.age
deleted file mode 100644
index 70c4bcc..0000000
--- a/secrets/restic-backups.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 9Ia8+w yiSD9W1I3M/Rg8c6QpzRpEd7eNVLjfISYFh/3/dVgl0
-bR8A17+lv7sStJyxhsr8zQROWdzUbVWMkttpIXXA4tw
--> ssh-ed25519 pXC0Mg 6kBmBLXNvNzA/8a1XYTB5cZpSgL+6D2aeg23cy1GqU0
-MN7srTewbHXBWPOd8LAQdPF8TKZ7t3Fi1rOncDOCfoU
---- lNp487YxUggnR0bhdm4QA+1kYFdvbT34W79CzLWXE7I
-;^{_Wp[gy[`(4rm۶hgOG \ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
deleted file mode 100644
index 34439cd..0000000
--- a/secrets/secrets.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-let
- fcuny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
- users = [ fcuny ];
- vm-synology = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHf5gXGbOjaoqdpCDnHjBMhikuM0smLKhUo7J83+by+K";
-in
-{
- "restic-backups.age".publicKeys = [
- fcuny
- vm-synology
- ];
- "ddns-updater.age".publicKeys = users ++ [ vm-synology ];
-}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 16:11:45 +0000