chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

switch to vault instead of vault-bin for most things

Browse source
This commit is contained in:
chaos 2024-05-25 15:28:51 +01:00
parent 0adb7bfa4d
commit 91fd4c1f9e
No known key found for this signature in database
9 changed files with 23 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
home/base/vault.nix
View file

@ -1,5 +1,5 @@
{pkgs, ...}: { {pkgs, ...}: {
home.packages = with pkgs; [vault-bin]; home.packages = with pkgs; [vault];
programs.zsh.envExtra = '' programs.zsh.envExtra = ''
export VAULT_ADDR="https://vault.owo.monster" export VAULT_ADDR="https://vault.owo.monster"

17
home/dev/all/git.nix
View file

@ -1,18 +1,25 @@
{pkgs, ...}: let {
gitPackage = pkgs.gitAndTools.gitFull; pkgs,
lib,
config,
...
}: let
inherit (lib.modules) mkDefault;
in { in {
programs.git = { programs.git = {
enable = true; enable = true;
lfs.enable = true; lfs.enable = true;
package = gitPackage; package = mkDefault pkgs.gitMinimal;
userName = "chaos"; userName = "chaos";
userEmail = "chaos@owo.monster"; userEmail = "chaos@owo.monster";
extraConfig = {credential.helper = "store";}; extraConfig = {
credential.helper = "store";
};
}; };
home.packages = [ home.packages = [
(pkgs.runCommand "git-extras" {} (let (pkgs.runCommand "git-extras" {} (let
gitLibExec = "${gitPackage}/libexec/git-core"; gitLibExec = "${config.programs.git.package}/libexec/git-core";
in '' in ''
mkdir -p $out/bin mkdir -p $out/bin
ln -s ${gitLibExec}/git-diff $out/bin/git-diff ln -s ${gitLibExec}/git-diff $out/bin/git-diff

2
hosts/hetzner-arm/containers/vault-ca/profiles/vault.nix
View file

@ -1,5 +1,5 @@
{pkgs, ...}: { {pkgs, ...}: {
environment.systemPackages = with pkgs; [vault-bin]; environment.systemPackages = with pkgs; [vault];
services.vault = { services.vault = {
enable = true; enable = true;
package = pkgs.vault-bin; package = pkgs.vault-bin;

2
hosts/raspberry/profiles/externalDrive.nix
View file

@ -7,7 +7,7 @@
mountExternalDrive = let mountExternalDrive = let
jq = "${pkgs.jq}/bin/jq"; jq = "${pkgs.jq}/bin/jq";
vault = "${pkgs.vault-bin}/bin/vault"; vault = "${pkgs.vault}/bin/vault";
cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup"; cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
in in
pkgs.writeShellScriptBin "mount_external_drive" '' pkgs.writeShellScriptBin "mount_external_drive" ''

2
hosts/raspberry/profiles/rclone.nix
View file

@ -1,6 +1,6 @@
{pkgs, ...}: let {pkgs, ...}: let
rclone-raspberry = pkgs.writeShellScriptBin "rclone-raspberry" (let rclone-raspberry = pkgs.writeShellScriptBin "rclone-raspberry" (let
vault = "${pkgs.vault-bin}/bin/vault"; vault = "${pkgs.vault}/bin/vault";
jq = "${pkgs.jq}/bin/jq"; jq = "${pkgs.jq}/bin/jq";
rclone = "${pkgs.rclone}/bin/rclone"; rclone = "${pkgs.rclone}/bin/rclone";
in '' in ''

6
lib/internalWireGuardLib.nix
View file

@ -14,7 +14,7 @@
kvPathForHost = host: "/private-public-keys/wireguard/chaos-internal/${host}"; kvPathForHost = host: "/private-public-keys/wireguard/chaos-internal/${host}";
in rec { in rec {
initAllScript = writeShellScriptBin "wg-keys-init-all" (let initAllScript = writeShellScriptBin "wg-keys-init-all" (let
vault = "${pkgs.vault-bin}/bin/vault"; vault = "${pkgs.vault}/bin/vault";
in '' in ''
PUBKEYS_FILE=$1 PUBKEYS_FILE=$1
@ -35,7 +35,7 @@ in rec {
''); '');
genInitScript = systemHostName: (writeShellScriptBin "wg-keys-init-${systemHostName}" (let genInitScript = systemHostName: (writeShellScriptBin "wg-keys-init-${systemHostName}" (let
vault = "${pkgs.vault-bin}/bin/vault"; vault = "${pkgs.vault}/bin/vault";
jq = "${pkgs.jq}/bin/jq"; jq = "${pkgs.jq}/bin/jq";
wg = "${pkgs.wireguard-tools}/bin/wg"; wg = "${pkgs.wireguard-tools}/bin/wg";
sponge = "${pkgs.moreutils}/bin/sponge"; sponge = "${pkgs.moreutils}/bin/sponge";
@ -65,7 +65,7 @@ in rec {
'')); ''));
genConfScript = systemHostName: (writeShellScriptBin "wg-gen-conf-${systemHostName}" (let genConfScript = systemHostName: (writeShellScriptBin "wg-gen-conf-${systemHostName}" (let
vault = "${pkgs.vault-bin}/bin/vault"; vault = "${pkgs.vault}/bin/vault";
jq = "${pkgs.jq}/bin/jq"; jq = "${pkgs.jq}/bin/jq";
currentHostConfig = wireguardHosts.${systemHostName}; currentHostConfig = wireguardHosts.${systemHostName};

2
modules/nixos/secrets.nix
View file

@ -306,7 +306,7 @@ in {
systemd.services.auto-secrets = { systemd.services.auto-secrets = {
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
after = ["network.target"]; after = ["network.target"];
path = with pkgs; [bash vault-bin getent]; path = with pkgs; [bash vault getent];
script = '' script = ''
${secretsLib.mkVaultLoginScript cfg}/bin/vault-login ${secretsLib.mkVaultLoginScript cfg}/bin/vault-login
${secretsLib.mkSecretsInitScript cfg}/bin/secrets-init ${secretsLib.mkSecretsInitScript cfg}/bin/secrets-init

4
modules/nixos/secretsLib/lib.nix
View file

@ -280,13 +280,13 @@
''; '';
}; };
defaultPackages = with pkgs; [vault-bin jq]; defaultPackages = with pkgs; [vault jq];
in rec { in rec {
mkVaultLoginScript = cfg: mkVaultLoginScript = cfg:
writeShellApplication { writeShellApplication {
name = "vault-login"; name = "vault-login";
runtimeInputs = with pkgs; [ runtimeInputs = with pkgs; [
vault-bin vault
getent getent
]; ];
text = let text = let

2
outputs.nix
View file

@ -40,7 +40,7 @@ in
nano nano
bat bat
nix nix
vault-bin vault
nix-tree nix-tree
nix-output-monitor nix-output-monitor
]) ])