From 27b58dc288041ab5b9004c021eec802b10cafc6d Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Tue, 24 Sep 2024 02:30:54 -0500
Subject: [PATCH] switched submodule files to non flake input
---
.gitmodules | 2 +-
README.md | 1 -
enviroments/server/default.nix | 3 ++-
flake.lock | 18 ++++++++++++++++++
flake.nix | 7 ++++++-
install.sh | 2 +-
rebuild.sh | 4 ++--
users/ester/default.nix | 3 ++-
users/eve/default.nix | 3 ++-
users/leyla/default.nix | 3 ++-
10 files changed, 36 insertions(+), 10 deletions(-)
diff --git a/.gitmodules b/.gitmodules
index 810e39f..dcfaddd 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,3 @@
[submodule "secrets"]
path = secrets
- url = git@git.jan-leila.com:jan-leila/nix-config.git
+ url = git@git.jan-leila.com:jan-leila/nix-config-secrets.git
diff --git a/README.md b/README.md
index d086102..b42f061 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.
- join config for systemd.tmpfiles.rules and service directory bindings
- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml`
- move applications in server environment into their own flakes
-- make subrepo a flake that gets imported (and then remove `path:` from build scripts)
## New Features
- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
- fix pre commit hook
diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix
index 5a55a69..a36a1db 100644
--- a/enviroments/server/default.nix
+++ b/enviroments/server/default.nix
@@ -2,6 +2,7 @@
lib,
config,
pkgs,
+ inputs,
...
}: {
imports = [
@@ -77,7 +78,7 @@
config = {
sops.secrets = {
"services/pi-hole" = {
- sopsFile = ../../secrets/defiant-services.yaml;
+ sopsFile = "${inputs.secrets}/defiant-services.yaml";
};
};
diff --git a/flake.lock b/flake.lock
index a424800..d6f3015 100644
--- a/flake.lock
+++ b/flake.lock
@@ -167,9 +167,27 @@
"nix-vscode-extensions": "nix-vscode-extensions",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
+ "secrets": "secrets",
"sops-nix": "sops-nix"
}
},
+ "secrets": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1727152771,
+ "narHash": "sha256-GYtrV//xaqamqRynEaHJrbklliHyAN9/4NZRXBZlahs=",
+ "ref": "main",
+ "rev": "46172e93709498e57d188a1bd19349c28fe4e3e3",
+ "revCount": 2,
+ "type": "git",
+ "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets"
+ },
+ "original": {
+ "ref": "main",
+ "type": "git",
+ "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets"
+ }
+ },
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2",
diff --git a/flake.nix b/flake.nix
index 70992b0..d1ff05b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -5,9 +5,14 @@
# base packages
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
- # encrypt files that contain secreats that I would like to not encrypt
+ # encrypt files that contain secrets that I would like to not encrypt
sops-nix.url = "github:Mic92/sops-nix";
+ secrets = {
+ url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main";
+ flake = false;
+ };
+
# declairtive disk configuration
disko = {
url = "github:nix-community/disko";
diff --git a/install.sh b/install.sh
index d7e10df..882a935 100755
--- a/install.sh
+++ b/install.sh
@@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY
cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY
# commit number in this is because the main branch of nixos-anywhere is broken right now
-nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake "path:.#$flake" ${user:-nixos}@$target
+nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target
diff --git a/rebuild.sh b/rebuild.sh
index 96cfc3d..630a2b4 100755
--- a/rebuild.sh
+++ b/rebuild.sh
@@ -58,9 +58,9 @@ user=${user:-$USER}
# access secret files in the submodule this is kinda bad and we should find a way to not need it
if [[ "$target" == "$(hostname)" ]];
then
- nixos-rebuild $mode --use-remote-sudo --flake path:.#$flake
+ nixos-rebuild $mode --use-remote-sudo --flake .#$flake
else
- nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake path:.#$flake
+ nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake
fi
if [ -d "result" ];
diff --git a/users/ester/default.nix b/users/ester/default.nix
index 3597d2d..f6a1203 100644
--- a/users/ester/default.nix
+++ b/users/ester/default.nix
@@ -2,6 +2,7 @@
lib,
config,
pkgs,
+ inputs,
...
}: let
cfg = config.users.ester;
@@ -16,7 +17,7 @@ in {
sops.secrets = lib.mkIf cfg.isFullUser {
"passwords/ester" = {
neededForUsers = true;
- sopsFile = ../../secrets/user-passwords.yaml;
+ sopsFile = "${inputs.secrets}/user-passwords.yaml";
};
};
diff --git a/users/eve/default.nix b/users/eve/default.nix
index 16787f8..7902ff2 100644
--- a/users/eve/default.nix
+++ b/users/eve/default.nix
@@ -2,6 +2,7 @@
lib,
config,
pkgs,
+ inputs,
...
}: let
cfg = config.users.eve;
@@ -16,7 +17,7 @@ in {
sops.secrets = lib.mkIf cfg.isFullUser {
"passwords/eve" = {
neededForUsers = true;
- sopsFile = ../../secrets/user-passwords.yaml;
+ sopsFile = "${inputs.secrets}/user-passwords.yaml";
};
};
diff --git a/users/leyla/default.nix b/users/leyla/default.nix
index 20f99ab..1cd30fe 100644
--- a/users/leyla/default.nix
+++ b/users/leyla/default.nix
@@ -1,6 +1,7 @@
{
lib,
config,
+ inputs,
...
}: let
cfg = config.users.leyla;
@@ -21,7 +22,7 @@ in {
sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) {
"passwords/leyla" = {
neededForUsers = true;
- sopsFile = ../../secrets/user-passwords.yaml;
+ sopsFile = "${inputs.secrets}/user-passwords.yaml";
};
};