From 91fd4c1f9ee1e932b47845a0281ff56574ded103 Mon Sep 17 00:00:00 2001
From: chaos <chaos@owo.monster>
Date: Sat, 25 May 2024 15:28:51 +0100
Subject: [PATCH] switch to vault instead of vault-bin for most things

---
 home/base/vault.nix                             |  2 +-
 home/dev/all/git.nix                            | 17 ++++++++++++-----
 .../containers/vault-ca/profiles/vault.nix      |  2 +-
 hosts/raspberry/profiles/externalDrive.nix      |  2 +-
 hosts/raspberry/profiles/rclone.nix             |  2 +-
 lib/internalWireGuardLib.nix                    |  6 +++---
 modules/nixos/secrets.nix                       |  2 +-
 modules/nixos/secretsLib/lib.nix                |  4 ++--
 outputs.nix                                     |  2 +-
 9 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/home/base/vault.nix b/home/base/vault.nix
index 08f6b46..571fef1 100644
--- a/home/base/vault.nix
+++ b/home/base/vault.nix
@@ -1,5 +1,5 @@
 {pkgs, ...}: {
-  home.packages = with pkgs; [vault-bin];
+  home.packages = with pkgs; [vault];
 
   programs.zsh.envExtra = ''
     export VAULT_ADDR="https://vault.owo.monster"
diff --git a/home/dev/all/git.nix b/home/dev/all/git.nix
index 71a24d7..3bfc26e 100644
--- a/home/dev/all/git.nix
+++ b/home/dev/all/git.nix
@@ -1,18 +1,25 @@
-{pkgs, ...}: let
-  gitPackage = pkgs.gitAndTools.gitFull;
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib.modules) mkDefault;
 in {
   programs.git = {
     enable = true;
     lfs.enable = true;
-    package = gitPackage;
+    package = mkDefault pkgs.gitMinimal;
     userName = "chaos";
     userEmail = "chaos@owo.monster";
-    extraConfig = {credential.helper = "store";};
+    extraConfig = {
+      credential.helper = "store";
+    };
   };
 
   home.packages = [
     (pkgs.runCommand "git-extras" {} (let
-      gitLibExec = "${gitPackage}/libexec/git-core";
+      gitLibExec = "${config.programs.git.package}/libexec/git-core";
     in ''
       mkdir -p $out/bin
       ln -s ${gitLibExec}/git-diff $out/bin/git-diff
diff --git a/hosts/hetzner-arm/containers/vault-ca/profiles/vault.nix b/hosts/hetzner-arm/containers/vault-ca/profiles/vault.nix
index f20c5f4..c305b11 100644
--- a/hosts/hetzner-arm/containers/vault-ca/profiles/vault.nix
+++ b/hosts/hetzner-arm/containers/vault-ca/profiles/vault.nix
@@ -1,5 +1,5 @@
 {pkgs, ...}: {
-  environment.systemPackages = with pkgs; [vault-bin];
+  environment.systemPackages = with pkgs; [vault];
   services.vault = {
     enable = true;
     package = pkgs.vault-bin;
diff --git a/hosts/raspberry/profiles/externalDrive.nix b/hosts/raspberry/profiles/externalDrive.nix
index e861371..b9f6521 100644
--- a/hosts/raspberry/profiles/externalDrive.nix
+++ b/hosts/raspberry/profiles/externalDrive.nix
@@ -7,7 +7,7 @@
 
   mountExternalDrive = let
     jq = "${pkgs.jq}/bin/jq";
-    vault = "${pkgs.vault-bin}/bin/vault";
+    vault = "${pkgs.vault}/bin/vault";
     cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
   in
     pkgs.writeShellScriptBin "mount_external_drive" ''
diff --git a/hosts/raspberry/profiles/rclone.nix b/hosts/raspberry/profiles/rclone.nix
index a17126a..8e63785 100644
--- a/hosts/raspberry/profiles/rclone.nix
+++ b/hosts/raspberry/profiles/rclone.nix
@@ -1,6 +1,6 @@
 {pkgs, ...}: let
   rclone-raspberry = pkgs.writeShellScriptBin "rclone-raspberry" (let
-    vault = "${pkgs.vault-bin}/bin/vault";
+    vault = "${pkgs.vault}/bin/vault";
     jq = "${pkgs.jq}/bin/jq";
     rclone = "${pkgs.rclone}/bin/rclone";
   in ''
diff --git a/lib/internalWireGuardLib.nix b/lib/internalWireGuardLib.nix
index 326d558..c2f38b6 100644
--- a/lib/internalWireGuardLib.nix
+++ b/lib/internalWireGuardLib.nix
@@ -14,7 +14,7 @@
   kvPathForHost = host: "/private-public-keys/wireguard/chaos-internal/${host}";
 in rec {
   initAllScript = writeShellScriptBin "wg-keys-init-all" (let
-    vault = "${pkgs.vault-bin}/bin/vault";
+    vault = "${pkgs.vault}/bin/vault";
   in ''
 
     PUBKEYS_FILE=$1
@@ -35,7 +35,7 @@ in rec {
   '');
 
   genInitScript = systemHostName: (writeShellScriptBin "wg-keys-init-${systemHostName}" (let
-    vault = "${pkgs.vault-bin}/bin/vault";
+    vault = "${pkgs.vault}/bin/vault";
     jq = "${pkgs.jq}/bin/jq";
     wg = "${pkgs.wireguard-tools}/bin/wg";
     sponge = "${pkgs.moreutils}/bin/sponge";
@@ -65,7 +65,7 @@ in rec {
   ''));
 
   genConfScript = systemHostName: (writeShellScriptBin "wg-gen-conf-${systemHostName}" (let
-    vault = "${pkgs.vault-bin}/bin/vault";
+    vault = "${pkgs.vault}/bin/vault";
     jq = "${pkgs.jq}/bin/jq";
 
     currentHostConfig = wireguardHosts.${systemHostName};
diff --git a/modules/nixos/secrets.nix b/modules/nixos/secrets.nix
index 2ba00af..00625af 100644
--- a/modules/nixos/secrets.nix
+++ b/modules/nixos/secrets.nix
@@ -306,7 +306,7 @@ in {
         systemd.services.auto-secrets = {
           wantedBy = ["multi-user.target"];
           after = ["network.target"];
-          path = with pkgs; [bash vault-bin getent];
+          path = with pkgs; [bash vault getent];
           script = ''
             ${secretsLib.mkVaultLoginScript cfg}/bin/vault-login
             ${secretsLib.mkSecretsInitScript cfg}/bin/secrets-init
diff --git a/modules/nixos/secretsLib/lib.nix b/modules/nixos/secretsLib/lib.nix
index 1feafaf..1864a62 100644
--- a/modules/nixos/secretsLib/lib.nix
+++ b/modules/nixos/secretsLib/lib.nix
@@ -280,13 +280,13 @@
       '';
   };
 
-  defaultPackages = with pkgs; [vault-bin jq];
+  defaultPackages = with pkgs; [vault jq];
 in rec {
   mkVaultLoginScript = cfg:
     writeShellApplication {
       name = "vault-login";
       runtimeInputs = with pkgs; [
-        vault-bin
+        vault
         getent
       ];
       text = let
diff --git a/outputs.nix b/outputs.nix
index ce09ccc..52583bd 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -40,7 +40,7 @@ in
                 nano
                 bat
                 nix
-                vault-bin
+                vault
                 nix-tree
                 nix-output-monitor
               ])