From f6304cf25f83b1d0b76de9cc36547f57a993ed77 Mon Sep 17 00:00:00 2001 From: Sam Date: Mon, 17 Jun 2024 20:20:33 +0100 Subject: [PATCH] added github access token to nix.conf --- flake.lock | 206 +++++++++++++++++++++++------ flake.nix | 3 + hosts/common/core/sops.nix | 10 +- hosts/common/users/sam/default.nix | 9 ++ 4 files changed, 184 insertions(+), 44 deletions(-) diff --git a/flake.lock b/flake.lock index c32bfea..632b8e7 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ ] }, "locked": { - "lastModified": 1718242063, - "narHash": "sha256-n3AWItJ4a94GT0cray/eUV7tt3mulQ52L+lWJN9d1E8=", + "lastModified": 1718588625, + "narHash": "sha256-8ZbrJq1jcmyzJ4SDkvd8JOZD4/fNUHpL4cpqVe4w3CU=", "owner": "nix-community", "repo": "disko", - "rev": "832a9f2c81ff3485404bd63952eadc17bf7ccef2", + "rev": "8262659fc990cecdf6a8de74c3de7b6ec58c2276", "type": "github" }, "original": { @@ -147,7 +147,25 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_5" }, "locked": { "lastModified": 1710146030, @@ -219,11 +237,11 @@ ] }, "locked": { - "lastModified": 1718243258, - "narHash": "sha256-abBpj2VU8p6qlRzTU8o22q68MmOaZ4v8zZ4UlYl5YRU=", + "lastModified": 1718526747, + "narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=", "owner": "nix-community", "repo": "home-manager", - "rev": "8d5e27b4807d25308dfe369d5a923d87e7dbfda3", + "rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792", "type": "github" }, "original": { @@ -309,6 +327,27 @@ } }, "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703863825, + "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix-github-actions_2": { "inputs": { "nixpkgs": [ "sqlfmt", @@ -333,11 +372,11 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1717864759, - "narHash": "sha256-DUtmDvpNyOZG+UDONTBfRiAdCaI7E1ngVhmUOAjj3wg=", + "lastModified": 1718651801, + "narHash": "sha256-YoYeg48dhvHzwcwb+TJMv4vlB4tcics9u6N/kXxfUYA=", "ref": "refs/heads/master", - "rev": "81aff439158dc6bb21251dc3be672db671e4a519", - "revCount": 89, + "rev": "e02bf3cecdb9a49e9cc9e777b8406f5ab28a2566", + "revCount": 94, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, @@ -375,11 +414,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1717880976, - "narHash": "sha256-BRvSCsKtDUr83NEtbGfHLUOdDK0Cgbezj2PtcHnz+sQ=", + "lastModified": 1718478900, + "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4913a7c3d8b8d00cb9476a6bd730ff57777f740c", + "rev": "c884223af91820615a6146af1ae1fea25c107005", "type": "github" }, "original": { @@ -407,11 +446,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1718376599, - "narHash": "sha256-cTFGqLYTrIxORc673fUUCecQVXiXHDj6Z8vFQ5K4SDg=", + "lastModified": 1718541509, + "narHash": "sha256-TmC5TxW5WPAfmovDzi1hLe1i4qqND79s9SH9UOKcSvo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3bac01780f87646b70326db70920902bc4d49fab", + "rev": "ba06293cdba1c94af9710024abf3b94cf8d76349", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1718632497, + "narHash": "sha256-YtlyfqOdYMuu7gumZtK0Kg7jr4OKfHUhJkZfNUryw68=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c58b4a9118498c1055c5908a5bbe666e56abe949", "type": "github" }, "original": { @@ -435,11 +490,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1718376125, - "narHash": "sha256-NIJZxmY2CWsqJK/9BQCRSHfcCY9K6thjq/1XtJobxmU=", + "lastModified": 1718614971, + "narHash": "sha256-ID/Fvvd9Bz01gpm36mIfjoqXIknb2WkacSukW75cRNw=", "owner": "nix-community", "repo": "nixvim", - "rev": "7a2a25af02be25987aa43cd681312f4b5ba12317", + "rev": "b822078ec1b2bbf666af767061e29575edc5ec05", "type": "github" }, "original": { @@ -450,11 +505,11 @@ }, "nur": { "locked": { - "lastModified": 1718398470, - "narHash": "sha256-47JT0Za+js92ci0GhStCY21UiEB3MU4cBYoCVmpfudA=", + "lastModified": 1718649005, + "narHash": "sha256-1Aw+JgGQK6e9MZdV4cbO1d3GRvYRKbwOvmet5gSFwvE=", "owner": "nix-community", "repo": "NUR", - "rev": "c6325c8dee7dd1f58e1b4884672c670d6b541845", + "rev": "d4bfad4cd8a5c44bb469f95f20e6eb4799145046", "type": "github" }, "original": { @@ -465,21 +520,43 @@ }, "poetry2nix": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs_2", + "systems": "systems_3", + "treefmt-nix": "treefmt-nix_2" + }, + "locked": { + "lastModified": 1718647444, + "narHash": "sha256-RzTDK86nI7yzSrOCYy+jPW+7LZigJm1WnFULNdOXblU=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "d3e889d71b028f61ff6a587cfe437bde16cf8ac1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, + "poetry2nix_2": { + "inputs": { + "flake-utils": "flake-utils_4", + "nix-github-actions": "nix-github-actions_2", "nixpkgs": [ "sqlfmt", "nixpkgs" ], - "systems": "systems_4", - "treefmt-nix": "treefmt-nix_2" + "systems": "systems_6", + "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1718285706, - "narHash": "sha256-DScsBM+kZvxOva7QegfdtleebMXh30XPxDQr/1IGKYo=", + "lastModified": 1718647444, + "narHash": "sha256-RzTDK86nI7yzSrOCYy+jPW+7LZigJm1WnFULNdOXblU=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "a5be1bbbe0af0266147a88e0ec43b18c722f2bb9", + "rev": "d3e889d71b028f61ff6a587cfe437bde16cf8ac1", "type": "github" }, "original": { @@ -499,6 +576,7 @@ "nixpkgs-unstable": "nixpkgs-unstable", "nixvim": "nixvim", "nur": "nur", + "poetry2nix": "poetry2nix", "sops-nix": "sops-nix", "sqlfmt": "sqlfmt" } @@ -511,11 +589,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1718137936, - "narHash": "sha256-psA+1Q5fPaK6yI3vzlLINNtb6EeXj111zQWnZYyJS9c=", + "lastModified": 1718506969, + "narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=", "owner": "mic92", "repo": "sops-nix", - "rev": "c279dec105dd53df13a5e57525da97905cc0f0d6", + "rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251", "type": "github" }, "original": { @@ -526,9 +604,9 @@ }, "sqlfmt": { "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2", - "poetry2nix": "poetry2nix" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_3", + "poetry2nix": "poetry2nix_2" }, "locked": { "dir": "sqlfmt", @@ -577,6 +655,20 @@ } }, "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "systems_4": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -591,7 +683,22 @@ "type": "github" } }, - "systems_4": { + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_6": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -627,6 +734,27 @@ } }, "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1718522839, + "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_3": { "inputs": { "nixpkgs": [ "sqlfmt", @@ -635,11 +763,11 @@ ] }, "locked": { - "lastModified": 1717850719, - "narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=", + "lastModified": 1718522839, + "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed", + "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e5bfa0c..7738745 100644 --- a/flake.nix +++ b/flake.nix @@ -10,6 +10,7 @@ # Import personal packages repo sqlfmt.url = "git+https://git.bitlab21.com/sam/flake-packages?dir=sqlfmt"; + poetry2nix.url = "github:nix-community/poetry2nix"; # Home manager home-manager = { @@ -55,6 +56,7 @@ { self , nixpkgs , home-manager + , poetry2nix , ... } @ inputs: let @@ -66,6 +68,7 @@ specialArgs = { inherit inputs outputs; }; in { + poetry2nix = forAllSystems (system: nixpkgs.legacyPackages.${system}.extend poetry2nix.overlays.default); packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra); overlays = import ./overlays { inherit inputs; }; diff --git a/hosts/common/core/sops.nix b/hosts/common/core/sops.nix index 0c10f6e..6cb172f 100644 --- a/hosts/common/core/sops.nix +++ b/hosts/common/core/sops.nix @@ -19,11 +19,11 @@ in age = { sshKeyPaths = [ "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key" ]; }; - secrets = { - "passwords/root".neededForUsers = true; - "ssh_keys/deploy_key/id_ed25519" = { - path = "/etc/ssh/deploy_key-ssh-ed25519"; - }; + secrets = { + "passwords/root".neededForUsers = true; + "ssh_keys/deploy_key/id_ed25519" = { + path = "/etc/ssh/deploy_key-ssh-ed25519"; + }; }; }; } diff --git a/hosts/common/users/sam/default.nix b/hosts/common/users/sam/default.nix index 03591ff..8c55ff4 100644 --- a/hosts/common/users/sam/default.nix +++ b/hosts/common/users/sam/default.nix @@ -35,6 +35,9 @@ in mode = "0644"; owner = "${username}"; }; + "github-access-token" = { + mode = "0655"; + }; "software/postgres/btc_models/password" = { }; "software/postgres/btc_models/ip" = { }; "software/postgres/btc_models/username" = { }; @@ -95,6 +98,12 @@ in ''; }; + nix = { + extraOptions = '' + experimental-features = nix-command flakes + !include ${config.sops.secrets.github-access-token.path} + ''; + }; # The containing folders are created as root and if this is the first entry when writing files, # the ownership is busted and home-manager can't target because it can't write to these dirs... # FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed