added github access token to nix.conf

2024-06-17 20:20:33 +01:00 · 2024-06-17 20:20:33 +01:00 · f6304cf25f
parent fd20921d1e
commit f6304cf25f
4 changed files with 184 additions and 44 deletions
--- a/flake.lock
+++ b/flake.lock
@ -45,11 +45,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1718242063,
-        "narHash": "sha256-n3AWItJ4a94GT0cray/eUV7tt3mulQ52L+lWJN9d1E8=",
+        "lastModified": 1718588625,
+        "narHash": "sha256-8ZbrJq1jcmyzJ4SDkvd8JOZD4/fNUHpL4cpqVe4w3CU=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "832a9f2c81ff3485404bd63952eadc17bf7ccef2",
+        "rev": "8262659fc990cecdf6a8de74c3de7b6ec58c2276",
        "type": "github"
      },
      "original": {
@ -147,7 +147,25 @@
    },
    "flake-utils_3": {
      "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_4"
+      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_4": {
+      "inputs": {
+        "systems": "systems_5"
      },
      "locked": {
        "lastModified": 1710146030,
@ -219,11 +237,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1718243258,
-        "narHash": "sha256-abBpj2VU8p6qlRzTU8o22q68MmOaZ4v8zZ4UlYl5YRU=",
+        "lastModified": 1718526747,
+        "narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "8d5e27b4807d25308dfe369d5a923d87e7dbfda3",
+        "rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792",
        "type": "github"
      },
      "original": {
@ -309,6 +327,27 @@
      }
    },
    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "poetry2nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703863825,
+        "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
+    "nix-github-actions_2": {
      "inputs": {
        "nixpkgs": [
          "sqlfmt",
@ -333,11 +372,11 @@
    "nix-secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1717864759,
-        "narHash": "sha256-DUtmDvpNyOZG+UDONTBfRiAdCaI7E1ngVhmUOAjj3wg=",
+        "lastModified": 1718651801,
+        "narHash": "sha256-YoYeg48dhvHzwcwb+TJMv4vlB4tcics9u6N/kXxfUYA=",
        "ref": "refs/heads/master",
-        "rev": "81aff439158dc6bb21251dc3be672db671e4a519",
-        "revCount": 89,
+        "rev": "e02bf3cecdb9a49e9cc9e777b8406f5ab28a2566",
+        "revCount": 94,
        "type": "git",
        "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
      },
@ -375,11 +414,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1717880976,
-        "narHash": "sha256-BRvSCsKtDUr83NEtbGfHLUOdDK0Cgbezj2PtcHnz+sQ=",
+        "lastModified": 1718478900,
+        "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4913a7c3d8b8d00cb9476a6bd730ff57777f740c",
+        "rev": "c884223af91820615a6146af1ae1fea25c107005",
        "type": "github"
      },
      "original": {
@ -407,11 +446,27 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1718376599,
-        "narHash": "sha256-cTFGqLYTrIxORc673fUUCecQVXiXHDj6Z8vFQ5K4SDg=",
+        "lastModified": 1718541509,
+        "narHash": "sha256-TmC5TxW5WPAfmovDzi1hLe1i4qqND79s9SH9UOKcSvo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3bac01780f87646b70326db70920902bc4d49fab",
+        "rev": "ba06293cdba1c94af9710024abf3b94cf8d76349",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1718632497,
+        "narHash": "sha256-YtlyfqOdYMuu7gumZtK0Kg7jr4OKfHUhJkZfNUryw68=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c58b4a9118498c1055c5908a5bbe666e56abe949",
        "type": "github"
      },
      "original": {
@ -435,11 +490,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1718376125,
-        "narHash": "sha256-NIJZxmY2CWsqJK/9BQCRSHfcCY9K6thjq/1XtJobxmU=",
+        "lastModified": 1718614971,
+        "narHash": "sha256-ID/Fvvd9Bz01gpm36mIfjoqXIknb2WkacSukW75cRNw=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "7a2a25af02be25987aa43cd681312f4b5ba12317",
+        "rev": "b822078ec1b2bbf666af767061e29575edc5ec05",
        "type": "github"
      },
      "original": {
@ -450,11 +505,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1718398470,
-        "narHash": "sha256-47JT0Za+js92ci0GhStCY21UiEB3MU4cBYoCVmpfudA=",
+        "lastModified": 1718649005,
+        "narHash": "sha256-1Aw+JgGQK6e9MZdV4cbO1d3GRvYRKbwOvmet5gSFwvE=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "c6325c8dee7dd1f58e1b4884672c670d6b541845",
+        "rev": "d4bfad4cd8a5c44bb469f95f20e6eb4799145046",
        "type": "github"
      },
      "original": {
@ -465,21 +520,43 @@
    },
    "poetry2nix": {
      "inputs": {
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_2",
        "nix-github-actions": "nix-github-actions",
+        "nixpkgs": "nixpkgs_2",
+        "systems": "systems_3",
+        "treefmt-nix": "treefmt-nix_2"
+      },
+      "locked": {
+        "lastModified": 1718647444,
+        "narHash": "sha256-RzTDK86nI7yzSrOCYy+jPW+7LZigJm1WnFULNdOXblU=",
+        "owner": "nix-community",
+        "repo": "poetry2nix",
+        "rev": "d3e889d71b028f61ff6a587cfe437bde16cf8ac1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "poetry2nix",
+        "type": "github"
+      }
+    },
+    "poetry2nix_2": {
+      "inputs": {
+        "flake-utils": "flake-utils_4",
+        "nix-github-actions": "nix-github-actions_2",
        "nixpkgs": [
          "sqlfmt",
          "nixpkgs"
        ],
-        "systems": "systems_4",
-        "treefmt-nix": "treefmt-nix_2"
+        "systems": "systems_6",
+        "treefmt-nix": "treefmt-nix_3"
      },
      "locked": {
-        "lastModified": 1718285706,
-        "narHash": "sha256-DScsBM+kZvxOva7QegfdtleebMXh30XPxDQr/1IGKYo=",
+        "lastModified": 1718647444,
+        "narHash": "sha256-RzTDK86nI7yzSrOCYy+jPW+7LZigJm1WnFULNdOXblU=",
        "owner": "nix-community",
        "repo": "poetry2nix",
-        "rev": "a5be1bbbe0af0266147a88e0ec43b18c722f2bb9",
+        "rev": "d3e889d71b028f61ff6a587cfe437bde16cf8ac1",
        "type": "github"
      },
      "original": {
@ -499,6 +576,7 @@
        "nixpkgs-unstable": "nixpkgs-unstable",
        "nixvim": "nixvim",
        "nur": "nur",
+        "poetry2nix": "poetry2nix",
        "sops-nix": "sops-nix",
        "sqlfmt": "sqlfmt"
      }
@ -511,11 +589,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1718137936,
-        "narHash": "sha256-psA+1Q5fPaK6yI3vzlLINNtb6EeXj111zQWnZYyJS9c=",
+        "lastModified": 1718506969,
+        "narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=",
        "owner": "mic92",
        "repo": "sops-nix",
-        "rev": "c279dec105dd53df13a5e57525da97905cc0f0d6",
+        "rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251",
        "type": "github"
      },
      "original": {
@ -526,9 +604,9 @@
    },
    "sqlfmt": {
      "inputs": {
-        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_2",
-        "poetry2nix": "poetry2nix"
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": "nixpkgs_3",
+        "poetry2nix": "poetry2nix_2"
      },
      "locked": {
        "dir": "sqlfmt",
@ -577,6 +655,20 @@
      }
    },
    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "id": "systems",
+        "type": "indirect"
+      }
+    },
+    "systems_4": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -591,7 +683,22 @@
        "type": "github"
      }
    },
-    "systems_4": {
+    "systems_5": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_6": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -627,6 +734,27 @@
      }
    },
    "treefmt-nix_2": {
+      "inputs": {
+        "nixpkgs": [
+          "poetry2nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1718522839,
+        "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
+    "treefmt-nix_3": {
      "inputs": {
        "nixpkgs": [
          "sqlfmt",
@ -635,11 +763,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1717850719,
-        "narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=",
+        "lastModified": 1718522839,
+        "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed",
+        "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -10,6 +10,7 @@

    # Import personal packages repo
    sqlfmt.url = "git+https://git.bitlab21.com/sam/flake-packages?dir=sqlfmt";
+    poetry2nix.url = "github:nix-community/poetry2nix";

    # Home manager
    home-manager = {
@ -55,6 +56,7 @@
    { self
    , nixpkgs
    , home-manager
+    , poetry2nix
    , ...
    } @ inputs:
    let
@ -66,6 +68,7 @@
      specialArgs = { inherit inputs outputs; };
    in
    {
+      poetry2nix = forAllSystems (system: nixpkgs.legacyPackages.${system}.extend poetry2nix.overlays.default);
      packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
      formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
      overlays = import ./overlays { inherit inputs; };
--- a/hosts/common/core/sops.nix
+++ b/hosts/common/core/sops.nix
@ -19,11 +19,11 @@ in
    age = {
      sshKeyPaths = [ "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key" ];
    };
-    secrets =  {
-        "passwords/root".neededForUsers = true;
-        "ssh_keys/deploy_key/id_ed25519" = {
-          path = "/etc/ssh/deploy_key-ssh-ed25519";
-        };
+    secrets = {
+      "passwords/root".neededForUsers = true;
+      "ssh_keys/deploy_key/id_ed25519" = {
+        path = "/etc/ssh/deploy_key-ssh-ed25519";
+      };
    };
  };
 }
--- a/hosts/common/users/sam/default.nix
+++ b/hosts/common/users/sam/default.nix
@ -35,6 +35,9 @@ in
      mode = "0644";
      owner = "${username}";
    };
+    "github-access-token" = {
+      mode = "0655";
+    };
    "software/postgres/btc_models/password" = { };
    "software/postgres/btc_models/ip" = { };
    "software/postgres/btc_models/username" = { };
@ -95,6 +98,12 @@ in
    '';
  };

+  nix = {
+    extraOptions = ''
+      experimental-features = nix-command flakes
+      !include ${config.sops.secrets.github-access-token.path}
+    '';
+  };
  # The containing folders are created as root and if this is the first entry when writing files,
  # the ownership is busted and home-manager can't target because it can't write to these dirs...
  # FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed