diff --git a/flake.nix b/flake.nix index f4f440f..012ce3e 100644 --- a/flake.nix +++ b/flake.nix @@ -10,6 +10,11 @@ rust-overlay.url = "github:oxalica/rust-overlay"; nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions"; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-wsl = { url = "github:nix-community/NixOS-WSL"; inputs = { @@ -39,6 +44,7 @@ nixpkgs, unstable, nur, + agenix, utils, rust-overlay, nix-vscode-extensions, @@ -113,6 +119,12 @@ } ./machines/thinkcentre/configuration.nix + agenix.nixosModules.default + { + environment.systemPackages = [ + agenix.packages.x86_64-linux.default + ]; + } ]; specialArgs = {inherit inputs;}; }; diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..f65c165 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,8 @@ +let + venus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlbfu7ApeF0khvdzMSWfDaunI+5zy/BboN7qEE4jWd2 root@venus"; + oracle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPc/HYsbpVsyoU2n0EiqQ4+3aSiFPtddjPCGK187W24f michael@oracle"; + # systems = [system1]; +in { + "wireguard-thinkcentre.age".publicKeys = venus; + "wireguard-oracle.age".publicKeys = oracle; +} diff --git a/secrets/wireguard-oracle.age b/secrets/wireguard-oracle.age new file mode 100644 index 0000000..e69de29 diff --git a/secrets/wireguard-thinkcentre.age b/secrets/wireguard-thinkcentre.age new file mode 100644 index 0000000..7a12fc8 --- /dev/null +++ b/secrets/wireguard-thinkcentre.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 ZRcQJQ hW/podq9plJd2PjecAKIDoIrBauv2xW4fX8KnUqDWX0 +chaSLI/n9PJgS4GVLbpv72JT/ddzrQ9w5aRt8kvLr5s +-> ssh-ed25519 jBnYqQ rkO818kLhDFnnCFLFh3UkniZXscuSnVKGkf+2nck+CI +3TZVgJ6xRG0DyBjuhT+V7tr4XEauvhFh8fDJmK0Pf18 +--- P7UYIFfZ65jY4bM+MUXYptXT8UOnAkhcLqrXniG1EmQ +@>==g(nWˇA0*Z }k !mf/th +*m?sT a};lYF)]퐇[ \ No newline at end of file