From e7d7218c79b3be6b828508bdd42e2574d0e7f6d4 Mon Sep 17 00:00:00 2001 From: Hunter Halloran Date: Wed, 10 Dec 2025 17:58:25 -0500 Subject: [PATCH] feat: Enabled package ragenix for secret management --- flake.lock | 204 +++++++++++++++++++++++++++++++++++++++++++--- flake.nix | 8 +- hosts/default.nix | 2 + sw/default.nix | 3 +- 4 files changed, 202 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 5fecac2..bec3755 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,91 @@ { "nodes": { + "agenix": { + "inputs": { + "agenix": "agenix_2", + "crane": "crane", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1761832913, + "narHash": "sha256-VCNVjjuRvrKPiYYwqhE3BAKIaReiKXGpxGp27lZ0MFM=", + "owner": "yaxitech", + "repo": "ragenix", + "rev": "83bccfdea758241999f32869fb6b36f7ac72f1ac", + "type": "github" + }, + "original": { + "owner": "yaxitech", + "repo": "ragenix", + "type": "github" + } + }, + "agenix_2": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "agenix", + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1761656077, + "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", + "owner": "ryantm", + "repo": "agenix", + "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "crane": { + "locked": { + "lastModified": 1760924934, + "narHash": "sha256-tuuqY5aU7cUkR71sO2TraVKK2boYrdW3gCSXUkF4i44=", + "owner": "ipetkov", + "repo": "crane", + "rev": "c6b4d5308293d0d04fcfeee92705017537cad02f", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "devshell": { "inputs": { "nixpkgs": [ @@ -79,7 +165,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -97,7 +183,25 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_4" }, "locked": { "lastModified": 1681202837, @@ -172,15 +276,37 @@ "home-manager": { "inputs": { "nixpkgs": [ + "agenix", + "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1765170903, - "narHash": "sha256-O8VTGey1xxiRW+Fpb+Ps9zU7ShmxUA1a7cMTcENCVNg=", + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "owner": "nix-community", "repo": "home-manager", - "rev": "20561be440a11ec57a89715480717baf19fe6343", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765384171, + "narHash": "sha256-FuFtkJrW1Z7u+3lhzPRau69E0CNjADku1mLQQflUORo=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "44777152652bc9eacf8876976fa72cc77ca8b9d8", "type": "github" }, "original": { @@ -190,7 +316,7 @@ "type": "github" } }, - "home-manager_2": { + "home-manager_3": { "inputs": { "nixpkgs": [ "lazyvim-nixvim", @@ -370,11 +496,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1764983851, - "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=", + "lastModified": 1765311797, + "narHash": "sha256-mSD5Ob7a+T2RNjvPvOA1dkJHGVrNVl8ZOrAwBjKBDQo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454", + "rev": "09eb77e94fa25202af8f3e81ddc7353d9970ac1b", "type": "github" }, "original": { @@ -393,7 +519,7 @@ "flake-parts" ], "git-hooks": "git-hooks", - "home-manager": "home-manager_2", + "home-manager": "home-manager_3", "nix-darwin": "nix-darwin", "nixpkgs": [ "lazyvim-nixvim", @@ -418,7 +544,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "ixx": "ixx", "nixpkgs": [ "lazyvim-nixvim", @@ -442,8 +568,9 @@ }, "root": { "inputs": { + "agenix": "agenix", "disko": "disko", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "lazyvim-nixvim": "lazyvim-nixvim", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", @@ -452,6 +579,27 @@ "vscode-server": "vscode-server" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1761791894, + "narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "59c45eb69d9222a4362673141e00ff77842cd219", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -482,6 +630,36 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -506,7 +684,7 @@ }, "vscode-server": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 4b74eb0..deea56b 100644 --- a/flake.nix +++ b/flake.nix @@ -28,6 +28,11 @@ # Hardware quirks and configurations nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + agenix = { + url = "github:yaxitech/ragenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # Neovim configuration lazyvim-nixvim.url = "github:azuwis/lazyvim-nixvim"; @@ -50,6 +55,7 @@ nixpkgs-old-kernel, home-manager, disko, + agenix, lazyvim-nixvim, nixos-hardware, vscode-server, @@ -73,7 +79,7 @@ { # Formatter for 'nix fmt' formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); - + # Generate NixOS configurations from hosts/default.nix nixosConfigurations = hosts.nixosConfigurations; diff --git a/hosts/default.nix b/hosts/default.nix index 1fcd511..f3f3ed8 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -17,6 +17,7 @@ let nixpkgs = inputs.nixpkgs; lib = nixpkgs.lib; home-manager = inputs.home-manager; + agenix = inputs.agenix; disko = inputs.disko; # Modules shared by all hosts @@ -26,6 +27,7 @@ let ../users.nix ../sw home-manager.nixosModules.home-manager + agenix.nixosModules.default disko.nixosModules.disko { system.stateVersion = "25.11"; diff --git a/sw/default.nix b/sw/default.nix index 43288ae..6826768 100644 --- a/sw/default.nix +++ b/sw/default.nix @@ -73,6 +73,7 @@ in git oh-my-posh inputs.lazyvim-nixvim.packages.${stdenv.hostPlatform.system}.nvim + inputs.agenix.packages.${stdenv.hostPlatform.system}.default # Custom update script (writeShellScriptBin "update-system" '' HOSTNAME=$(hostname) @@ -92,7 +93,7 @@ in ]; } # Import Desktop or Kiosk modules based on type - (mkIf (cfg.type == "desktop") ( + (mkIf (cfg.type == "desktop") ( import ./desktop { inherit config