diff --git a/.sops.yaml b/.sops.yaml index 92b1b2d..2630ab3 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,7 +9,7 @@ creation_rules: key_groups: - age: - *primary - - path_regex: secrets/homelab-lesser-secrets.json$ + - path_regex: secrets/homelab-secrets.lesser.json$ key_groups: - age: - *primary diff --git a/flake.lock b/flake.lock index 7547e03..7e6ced0 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1708488241, - "narHash": "sha256-9GbpCrw5Ws4mKK2rIJrKWGuUefdG8dxfl3dP3Z8/MMI=", + "lastModified": 1712688750, + "narHash": "sha256-ig9uSnX9cEGOPgnwODnliQQ+MgFEI/904qz15Xey0TE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fdd5fff7c3e8289cbb811aa05c01b2f1a1831255", + "rev": "f0e5d504f917ed7dbfefc2946740ff6c7bb44e0b", "type": "gitlab" }, "original": { @@ -56,11 +56,11 @@ }, "flatpaks": { "locked": { - "lastModified": 1708268179, - "narHash": "sha256-NNVuhf84AeDTxadfSGnFqPHR0ED+QyM2gmu+Wyz6PrY=", + "lastModified": 1711997375, + "narHash": "sha256-KvU4gOtuFMS9Il67glRGtdNfguAINT9pCaXtvCL8uI8=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "a243cb0522f6240c194b873dde68e25370b06034", + "rev": "45bf66f7068db79b552da864c0e87452be624d6c", "type": "github" }, "original": { @@ -76,11 +76,11 @@ ] }, "locked": { - "lastModified": 1708451036, - "narHash": "sha256-tgZ38NummEdnXvxj4D0StHBzXgceAw8CptytHljH790=", + "lastModified": 1712688495, + "narHash": "sha256-NrVLXkpT9ZigiI8md6NIzHS+3lE4QTj30IgXG57O9iM=", "owner": "nix-community", "repo": "home-manager", - "rev": "517601b37c6d495274454f63c5a483c8e3ca6be1", + "rev": "b00d0e4fe9cba0047f54e77418ddda5f17e6ef2c", "type": "github" }, "original": { @@ -89,8 +89,38 @@ "type": "github" } }, + "hyprcursor": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1712434681, + "narHash": "sha256-qwmR2p1oc48Bj7gUDvb1oGL19Rjs2PmEmk4ChV01A5o=", + "owner": "hyprwm", + "repo": "hyprcursor", + "rev": "818d8c4b69e0997483d60b75f701fe14b561a7a3", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprcursor", + "type": "github" + } + }, "hyprland": { "inputs": { + "hyprcursor": "hyprcursor", "hyprland-protocols": "hyprland-protocols", "hyprlang": "hyprlang", "nixpkgs": "nixpkgs", @@ -99,11 +129,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1708534664, - "narHash": "sha256-ScPWUtrusSfkL4LLWQkV14q6/N4Xx26yuZ7EUsGCuvU=", + "lastModified": 1712676164, + "narHash": "sha256-CDxfxIUTu+2nkLjq46LWHa98WB85AcdglURwi5obgAM=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "fc5ca391adeef3673e579ebf21759032c2455efc", + "rev": "1343aa865d04d80313b0e674c28ecfdbeb90e876", "type": "github" }, "original": { @@ -167,14 +197,18 @@ "nixpkgs": [ "hyprland", "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" ] }, "locked": { - "lastModified": 1708005943, - "narHash": "sha256-9TT3xk++LI5/SPYgjYX34xZ4ebR93c1uerIq+SE/ues=", + "lastModified": 1711671891, + "narHash": "sha256-C/Wwsy/RLxHP1axFFl+AnwJRWfd8gxDKKoa8nt8Qk3c=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "aeb3e012adc7b3235335c540b214b82267c2b983", + "rev": "c1402612146ba06606ebf64963a02bc1efe11e74", "type": "github" }, "original": { @@ -184,40 +218,19 @@ } }, "hyprlang_2": { - "inputs": { - "nixpkgs": [ - "hyprland", - "xdph", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1704287638, - "narHash": "sha256-TuRXJGwtK440AXQNl5eiqmQqY4LZ/9+z/R7xC0ie3iA=", - "owner": "hyprwm", - "repo": "hyprlang", - "rev": "6624f2bb66d4d27975766e81f77174adbe58ec97", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprlang", - "type": "github" - } - }, - "hyprlang_3": { "inputs": { "nixpkgs": [ "xdg-desktop-portal-hyprland", "nixpkgs" - ] + ], + "systems": "systems_2" }, "locked": { - "lastModified": 1704287638, - "narHash": "sha256-TuRXJGwtK440AXQNl5eiqmQqY4LZ/9+z/R7xC0ie3iA=", + "lastModified": 1708681732, + "narHash": "sha256-ULZZLZ9C33G13IaXLuAc4oTzHUvnATI8Fj2u6gzMfT0=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "6624f2bb66d4d27975766e81f77174adbe58ec97", + "rev": "f4466367ef0a92a6425d482050dc2b8840c0e644", "type": "github" }, "original": { @@ -252,11 +265,11 @@ ] }, "locked": { - "lastModified": 1708225687, - "narHash": "sha256-NJBDfvknI26beOFmjO2coeJMTTUCCtw2Iu+rvJ1Zb9k=", + "lastModified": 1712459390, + "narHash": "sha256-e12bNDottaGoBgd0AdH/bQvk854xunlWAdZwr/oHO1c=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "17352eb241a8d158c4ac523b19d8d2a6c8efe127", + "rev": "4676d72d872459e1e3a248d049609f110c570e9a", "type": "github" }, "original": { @@ -267,11 +280,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1707546158, - "narHash": "sha256-nYYJTpzfPMDxI8mzhQsYjIUX+grorqjKEU9Np6Xwy/0=", + "lastModified": 1712439257, + "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d934204a0f8d9198e1e4515dd6fec76a139c87f0", + "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", "type": "github" }, "original": { @@ -298,11 +311,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1708210246, - "narHash": "sha256-Q8L9XwrBK53fbuuIFMbjKvoV7ixfLFKLw4yV+SD28Y8=", + "lastModified": 1712437997, + "narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "69405156cffbdf2be50153f13cbdf9a0bea38e49", + "rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920", "type": "github" }, "original": { @@ -314,11 +327,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1708475490, - "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=", + "lastModified": 1712608508, + "narHash": "sha256-vMZ5603yU0wxgyQeHJryOI+O61yrX2AHwY6LOFyV1gM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0e74ca98a74bc7270d28838369593635a5db3260", + "rev": "4cba8b53da471aea2ab2b0c1f30a81e7c451f4b6", "type": "github" }, "original": { @@ -330,11 +343,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1703961334, - "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", + "lastModified": 1708475490, + "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", + "rev": "0e74ca98a74bc7270d28838369593635a5db3260", "type": "github" }, "original": { @@ -366,11 +379,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1708500294, - "narHash": "sha256-mvJIecY3tDKZh7297mqOtOuAvP7U1rqjfLNfmfkjFpU=", + "lastModified": 1712617241, + "narHash": "sha256-a4hbls4vlLRMciv62YrYT/Xs/3Cubce8WFHPUDWwzf8=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f6b80ab6cd25e57f297fe466ad689d8a77057c11", + "rev": "538c114cfdf1f0458f507087b1dcf018ce1c0c4c", "type": "github" }, "original": { @@ -409,6 +422,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, "tmux-plugin-manager": { "flake": false, "locked": { @@ -429,34 +457,34 @@ "flake": false, "locked": { "host": "gitlab.freedesktop.org", - "lastModified": 1706359063, - "narHash": "sha256-5HUTG0p+nCJv3cn73AmFHRZdfRV5AD5N43g8xAePSKM=", + "lastModified": 1709983277, + "narHash": "sha256-wXWIJLd4F2JZeMaihWVDW/yYXCLEC8OpeNJZg9a9ly8=", "owner": "wlroots", "repo": "wlroots", - "rev": "00b869c1a96f300a8f25da95d624524895e0ddf2", + "rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b", "type": "gitlab" }, "original": { "host": "gitlab.freedesktop.org", "owner": "wlroots", "repo": "wlroots", - "rev": "00b869c1a96f300a8f25da95d624524895e0ddf2", + "rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b", "type": "gitlab" } }, "xdg-desktop-portal-hyprland": { "inputs": { "hyprland-protocols": "hyprland-protocols_2", - "hyprlang": "hyprlang_3", + "hyprlang": "hyprlang_2", "nixpkgs": "nixpkgs_3", - "systems": "systems_2" + "systems": "systems_3" }, "locked": { - "lastModified": 1708532964, - "narHash": "sha256-Hlor9vCcGVhoF5A3VTC640MDvScYQLmjXHOkb1IuqwU=", + "lastModified": 1709299639, + "narHash": "sha256-jYqJM5khksLIbqSxCLUUcqEgI+O2LdlSlcMEBs39CAU=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "65fb44ae496051c8377c6225f7187ca123bb68a5", + "rev": "2d2fb547178ec025da643db57d40a971507b82fe", "type": "github" }, "original": { @@ -471,7 +499,10 @@ "hyprland", "hyprland-protocols" ], - "hyprlang": "hyprlang_2", + "hyprlang": [ + "hyprland", + "hyprlang" + ], "nixpkgs": [ "hyprland", "nixpkgs" @@ -482,11 +513,11 @@ ] }, "locked": { - "lastModified": 1706521509, - "narHash": "sha256-AInZ50acOJ3wzUwGzNr1TmxGTMx+8j6oSTzz4E7Vbp8=", + "lastModified": 1709299639, + "narHash": "sha256-jYqJM5khksLIbqSxCLUUcqEgI+O2LdlSlcMEBs39CAU=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "c06fd88b3da492b8f9067be021b9184f7012b5a8", + "rev": "2d2fb547178ec025da643db57d40a971507b82fe", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 93a5b41..7ed4548 100644 --- a/flake.nix +++ b/flake.nix @@ -73,8 +73,7 @@ configs); in { nixosConfigurations = create-host [ - "desktop@default" - "desktop@work" + "battleship" "homelab" ]; }; diff --git a/modules/nixos/programs/nih/cli.sh b/modules/nixos/programs/nih/cli.sh index bf43f08..70a8d3b 100644 --- a/modules/nixos/programs/nih/cli.sh +++ b/modules/nixos/programs/nih/cli.sh @@ -10,6 +10,51 @@ function util-show-diff() { rm $temp_file } +function util-build() { + local prefix="$1"; + local flake_dir="$2"; + local host="$3"; + + set -e + + pushd $flake_dir + + for f in ./secrets/*.lesser.*; do + local filename="$(basename -- "$f")" + local extension="${filename##*.}" + local filename="${filename%.*}" + local subextenstion="${filename##*.}" + + if [[ "$subextenstion" == "decrypted" ]]; then + gum log --structured --prefix "$prefix" --level warn 'File already decrypted!' file "$f" + else + gum log --structured --prefix "$prefix" --level debug 'Decrypting lesser secret file' file "$f" + sops --output "./secrets/$filename.decrypted.$extension" -d $f + fi + done + + # Add secret files + gum log --structured --prefix "$prefix" --level debug 'Adding decrypted secret files' + git add ./secrets/*.decrypted.* + + # Build NixOS + gum log --structured --prefix "$prefix" --level debug 'Building NixOS' + sudo nixos-rebuild switch --flake "$flake_dir#$host" \ + || (gum log --structured --prefix "$prefix" --level debug 'Removing decrypted secret files' \ + && git reset ./secrets/*.decrypted.* \ + && for f in ./secrets/*.decrypted.*; do rm $f; done \ + && gum log --structured --prefix "$prefix" --level error 'Error building new config' \ + && exit 1) + + git reset ./secrets/*.decrypted.* + for f in ./secrets/*.decrypted.*; do + gum log --structured --prefix "$prefix" --level debug 'Removing decrypted secret file' file "$f" + rm $f + done + + popd +} + function nih-edit() { local flake_dir="$1" local host="$2" @@ -21,7 +66,7 @@ function nih-edit() { pushd $flake_dir # Edit file - $EDITOR "$(gum file "$flakedir")" + $EDITOR "$(gum file "$flake_dir")" # Skip if there's no changes if git diff --quiet "*.*"; then @@ -45,20 +90,8 @@ function nih-edit() { # Show modifications util-show-diff 'nih edit' - # Add secret files - gum log --structured --prefix 'nih edit' --level debug 'Adding decrypted secret files' - git add ./secrets/* - - # Build NixOS - gum log --structured --prefix 'nih edit' --level debug 'Building NixOS' - sudo nixos-rebuild switch --flake "$flake_dir#$host" \ - || (gum log --structured --prefix 'nih edit' --level debug 'Removing decrypted secret files' \ - && git reset ./secrets/*.decrypted.* \ - && gum log --structured --prefix 'nih edit' --level error 'Error building new config' \ - && exit 1) - - gum log --structured --prefix 'nih edit' --level debug 'Removing decrypted secret files' - git reset ./secrets/* + # Build nixos + util-build 'nih edit' $flake_dir $host gum log --structured \ --prefix 'nih edit' \ @@ -109,9 +142,6 @@ function nih-switch () { gum log --structured --prefix 'nih switch' --level info 'Switching NixOS config' - gum log --structured --prefix 'nih switch' --level debug 'Adding decrypted secret files' - git add ./secrets/*.decrypted.* - gum log --structured --prefix 'nih switch' --level debug 'Formatting files' alejandra . &>/dev/null \ || (alejandra . ; \ @@ -120,21 +150,14 @@ function nih-switch () { --level error 'Failed to format files' \ && exit 1) - gum log --structured --prefix 'nih switch' --level debug 'Building NixOS' - sudo nixos-rebuild switch --flake "$flake_dir#$host" \ - || (gum log --structured --prefix 'nih edit' --level debug 'Removing decrypted secret files' \ - && git reset ./secrets/*.decrypted.* \ - && gum log --structured --prefix 'nih edit' --level error 'Error building new config' \ - && exit 1) + # Build nixos + util-build 'nih switch' $flake_dir $host gum log --structured --prefix 'nih switch' --level info 'NixOS rebuilt!' notify-send -e "NixOS Rebuilt!" \ --icon=software-update-available \ --urgency=low - gum log --structured --prefix 'nih switch' --level debug 'Removing decrypted secret files' - git reset ./secrets/*.decrypted.* - gum log --structured --prefix 'nih edit' --level info 'NixOS rebuilt!' notify-send -e "NixOS Rebuilt!" \ --icon=software-update-available \ @@ -188,9 +211,11 @@ function nih-sync() { --level error 'Failed to format files' \ && exit 1) - gum log --structured --prefix 'nih sync' --level debug 'Removing decrypted secret files' git reset ./secrets/*.decrypted.* - + for f in ./secrets/*.decrypted.*; do + gum log --structured --prefix "$prefix" --level debug 'Removing decrypted secret file' file "$f" + rm $f + done # Skip if there's no changes if git diff --quiet "*.*"; then diff --git a/modules/nixos/programs/nih/default.nix b/modules/nixos/programs/nih/default.nix index beeeb2a..776d030 100644 --- a/modules/nixos/programs/nih/default.nix +++ b/modules/nixos/programs/nih/default.nix @@ -15,6 +15,7 @@ (${pkgs.libnotify}/bin/notify-send "$@" &>/dev/null || echo "") } function mktemp() { ${pkgs.mktemp}/bin/mktemp "$@"; } + function sops() { ${pkgs.sops}/bin/sops "$@"; } flake_dir="${toString cfg.flakeDir}"; host="${toString cfg.host}"; diff --git a/secrets/homelab-lesser-secrets.json b/secrets/homelab-secrets.lesser.json similarity index 100% rename from secrets/homelab-lesser-secrets.json rename to secrets/homelab-secrets.lesser.json