diff --git a/flake.lock b/flake.lock index 3d8d275..d26c02e 100644 --- a/flake.lock +++ b/flake.lock @@ -1,6 +1,70 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1745630506, + "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", + "owner": "ryantm", + "repo": "agenix", + "rev": "96e078c646b711aee04b82ba01aefbff87004ded", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -21,6 +85,22 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1745391562, + "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1745526057, "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", @@ -38,8 +118,24 @@ }, "root": { "inputs": { - "home-manager": "home-manager", - "nixpkgs": "nixpkgs" + "agenix": "agenix", + "home-manager": "home-manager_2", + "nixpkgs": "nixpkgs_2" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index e95bad2..0ae98b1 100644 --- a/flake.nix +++ b/flake.nix @@ -18,12 +18,14 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + agenix.url = "github:ryantm/agenix"; }; outputs = { self, nixpkgs, home-manager, + agenix, }: let baseModule = { imports = [ @@ -38,6 +40,10 @@ modules = [ baseModule + { + environment.systemPackages = [agenix.packages.x86_64-linux.default]; + } + agenix.nixosModules.default ./hosts/thonkpad/configuration.nix ]; }; diff --git a/home/programs/zsh/default.nix b/home/programs/zsh/default.nix index 94895be..806b605 100644 --- a/home/programs/zsh/default.nix +++ b/home/programs/zsh/default.nix @@ -2,6 +2,8 @@ pkgs, lib, system, + config, + osConfig, ... }: { home.packages = with pkgs; [zsh-powerlevel10k meslo-lgs-nf]; @@ -39,6 +41,7 @@ [[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh ''; + # initExtra = builtins.readFile ./zshrc + builtins.readFile osConfig.age.secrets.zsh_remote.path; initExtra = builtins.readFile ./zshrc; }; } diff --git a/home/scripts/rebuild.sh b/home/scripts/rebuild.sh index 07881ca..d738f6f 100644 --- a/home/scripts/rebuild.sh +++ b/home/scripts/rebuild.sh @@ -37,7 +37,7 @@ echo "NixOS Rebuilding..." prev=$(basename $(readlink /run/current-system) | sed 's/.*nixos-system-\(.*\)-.*$/\1/') # Rebuild, output simplified errors, log trackebacks -/run/current-system/sw/bin/nixos-rebuild switch --flake /home/synchronous/nix-cfg/flake.nix#"$prev" 2>&1 | tee /tmp/nixos-switch.log +sudo /run/current-system/sw/bin/nixos-rebuild switch --flake /home/synchronous/nix-cfg/flake.nix#"$prev" 2>&1 | tee /tmp/nixos-switch.log # cat /tmp/nixos-switch.log | grep --color error && exit 1 diff --git a/hosts/thonkpad/configuration.nix b/hosts/thonkpad/configuration.nix index cabcd77..a7f96c0 100644 --- a/hosts/thonkpad/configuration.nix +++ b/hosts/thonkpad/configuration.nix @@ -41,6 +41,8 @@ in { }; res = "1366x768"; + age.secrets.zsh_remote.file = ../../secrets/zsh_remote.age; + age.identityPaths = ["/home/synchronous/.ssh/id_ed25519"]; # config = { # res = "1366x768"; @@ -188,6 +190,10 @@ in { extraRules = [ { commands = [ + { + command = "/etc/profiles/per-user/synchronous/bin/rebuild"; + options = ["NOPASSWD"]; + } { command = "/home/synchronous/nix-cfg/home/scripts/nixos-rebuild.sh"; options = ["NOPASSWD"]; diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..b4f71b4 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,5 @@ +let + key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEw4Uqg9UBakoOpS4nVGE3ePKHnst0+02lFN04n2IyKb ginesin.j@northeastern.edu"; +in { + "zsh_remote.age".publicKeys = [key]; +} diff --git a/secrets/zsh_remote.age b/secrets/zsh_remote.age new file mode 100644 index 0000000..a46d646 Binary files /dev/null and b/secrets/zsh_remote.age differ