chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

switch to vault instead of vault-bin for most things

Browse source
This commit is contained in:
chaos 2024-05-25 15:28:51 +01:00
parent 0adb7bfa4d
commit 91fd4c1f9e
No known key found for this signature in database
9 changed files with 23 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
home/base/vault.nix
View file

@ -1,5 +1,5 @@
{pkgs, ...}: {
home.packages = with pkgs; [vault-bin];
home.packages = with pkgs; [vault];
programs.zsh.envExtra = ''
export VAULT_ADDR="https://vault.owo.monster"

17
home/dev/all/git.nix
View file

@ -1,18 +1,25 @@
{pkgs, ...}: let
gitPackage = pkgs.gitAndTools.gitFull;
{
pkgs,
lib,
config,
...
}: let
inherit (lib.modules) mkDefault;
in {
programs.git = {
enable = true;
lfs.enable = true;
package = gitPackage;
package = mkDefault pkgs.gitMinimal;
userName = "chaos";
userEmail = "chaos@owo.monster";
extraConfig = {credential.helper = "store";};
extraConfig = {
credential.helper = "store";
};
};
home.packages = [
(pkgs.runCommand "git-extras" {} (let
gitLibExec = "${gitPackage}/libexec/git-core";
gitLibExec = "${config.programs.git.package}/libexec/git-core";
in ''
mkdir -p $out/bin
ln -s ${gitLibExec}/git-diff $out/bin/git-diff

2
hosts/hetzner-arm/containers/vault-ca/profiles/vault.nix
View file

@ -1,5 +1,5 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [vault-bin];
environment.systemPackages = with pkgs; [vault];
services.vault = {
enable = true;
package = pkgs.vault-bin;

2
hosts/raspberry/profiles/externalDrive.nix
View file

@ -7,7 +7,7 @@
mountExternalDrive = let
jq = "${pkgs.jq}/bin/jq";
vault = "${pkgs.vault-bin}/bin/vault";
vault = "${pkgs.vault}/bin/vault";
cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
in
pkgs.writeShellScriptBin "mount_external_drive" ''

2
hosts/raspberry/profiles/rclone.nix
View file

@ -1,6 +1,6 @@
{pkgs, ...}: let
rclone-raspberry = pkgs.writeShellScriptBin "rclone-raspberry" (let
vault = "${pkgs.vault-bin}/bin/vault";
vault = "${pkgs.vault}/bin/vault";
jq = "${pkgs.jq}/bin/jq";
rclone = "${pkgs.rclone}/bin/rclone";
in ''

6
lib/internalWireGuardLib.nix
View file

@ -14,7 +14,7 @@
kvPathForHost = host: "/private-public-keys/wireguard/chaos-internal/${host}";
in rec {
initAllScript = writeShellScriptBin "wg-keys-init-all" (let
vault = "${pkgs.vault-bin}/bin/vault";
vault = "${pkgs.vault}/bin/vault";
in ''
PUBKEYS_FILE=$1
@ -35,7 +35,7 @@ in rec {
'');
genInitScript = systemHostName: (writeShellScriptBin "wg-keys-init-${systemHostName}" (let
vault = "${pkgs.vault-bin}/bin/vault";
vault = "${pkgs.vault}/bin/vault";
jq = "${pkgs.jq}/bin/jq";
wg = "${pkgs.wireguard-tools}/bin/wg";
sponge = "${pkgs.moreutils}/bin/sponge";
@ -65,7 +65,7 @@ in rec {
''));
genConfScript = systemHostName: (writeShellScriptBin "wg-gen-conf-${systemHostName}" (let
vault = "${pkgs.vault-bin}/bin/vault";
vault = "${pkgs.vault}/bin/vault";
jq = "${pkgs.jq}/bin/jq";
currentHostConfig = wireguardHosts.${systemHostName};

2
modules/nixos/secrets.nix
View file

@ -306,7 +306,7 @@ in {
systemd.services.auto-secrets = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
path = with pkgs; [bash vault-bin getent];
path = with pkgs; [bash vault getent];
script = ''
${secretsLib.mkVaultLoginScript cfg}/bin/vault-login
${secretsLib.mkSecretsInitScript cfg}/bin/secrets-init

4
modules/nixos/secretsLib/lib.nix
View file

@ -280,13 +280,13 @@
'';
};
defaultPackages = with pkgs; [vault-bin jq];
defaultPackages = with pkgs; [vault jq];
in rec {
mkVaultLoginScript = cfg:
writeShellApplication {
name = "vault-login";
runtimeInputs = with pkgs; [
vault-bin
vault
getent
];
text = let

2
outputs.nix
View file

@ -40,7 +40,7 @@ in
nano
bat
nix
vault-bin
vault
nix-tree
nix-output-monitor
])