remove agenix
This commit is contained in:
parent
632d80837c
commit
2caefe4bcb
11 changed files with 2 additions and 80 deletions
2
.github/labeler.yml
vendored
2
.github/labeler.yml
vendored
|
@ -11,7 +11,7 @@
|
|||
- "secrets.yaml"
|
||||
- "**/*/*.enc.json"
|
||||
- "**/*/secrets.yaml"
|
||||
- "secrets/**/*"
|
||||
- "modules/secrets/**/*"
|
||||
|
||||
"terraform":
|
||||
- changed-files:
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
{ inputs', pkgs, ... }:
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
devShells = {
|
||||
default =
|
||||
with pkgs;
|
||||
mkShellNoCC {
|
||||
packages = [
|
||||
inputs'.agenix.packages.default
|
||||
jq
|
||||
python3.pkgs.deploykit
|
||||
python3.pkgs.invoke
|
||||
|
|
|
@ -32,7 +32,6 @@
|
|||
};
|
||||
|
||||
settings.global.excludes = [
|
||||
"*.age"
|
||||
# vendored from external source
|
||||
"hosts/build02/packages-with-update-script.nix"
|
||||
];
|
||||
|
|
|
@ -4,8 +4,6 @@
|
|||
|
||||
- Add their user and ssh key to [users](../users) as member of the `trusted` and `wheel` groups.
|
||||
|
||||
- Add their user to [secrets/secrets.nix](../secrets/secrets.nix) and run `inv update-agenix-files`.
|
||||
|
||||
- Add their age key to [sops.json](../sops.json) and run `inv update-sops-files`.
|
||||
|
||||
- Add their email in [terraform/locals.tf](../terraform/locals.tf), this will give them access to:
|
||||
|
|
30
flake.lock
generated
30
flake.lock
generated
|
@ -1,34 +1,5 @@
|
|||
{
|
||||
"nodes": {
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": [
|
||||
"nix-darwin"
|
||||
],
|
||||
"home-manager": [
|
||||
"empty"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"systems": [
|
||||
"systems"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1723293904,
|
||||
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"buildbot-nix": {
|
||||
"inputs": {
|
||||
"flake-parts": [
|
||||
|
@ -353,7 +324,6 @@
|
|||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"buildbot-nix": "buildbot-nix",
|
||||
"cgroup-exporter": "cgroup-exporter",
|
||||
"disko": "disko",
|
||||
|
|
|
@ -7,11 +7,6 @@
|
|||
];
|
||||
|
||||
inputs = {
|
||||
agenix.inputs.darwin.follows = "nix-darwin";
|
||||
agenix.inputs.home-manager.follows = "empty";
|
||||
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
agenix.inputs.systems.follows = "systems";
|
||||
agenix.url = "github:ryantm/agenix";
|
||||
buildbot-nix.inputs.flake-parts.follows = "flake-parts";
|
||||
buildbot-nix.inputs.hercules-ci-effects.follows = "hercules-ci-effects";
|
||||
buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
|
|
@ -12,7 +12,6 @@
|
|||
./sops-nix.nix
|
||||
./telegraf.nix
|
||||
./users.nix
|
||||
inputs.agenix.darwinModules.age
|
||||
inputs.srvos.darwinModules.server
|
||||
];
|
||||
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
{ inputs, ... }:
|
||||
{
|
||||
imports = [
|
||||
inputs.agenix.nixosModules.age
|
||||
];
|
||||
}
|
|
@ -8,7 +8,6 @@
|
|||
imports = [
|
||||
../../shared/known-hosts.nix
|
||||
../../shared/nix-daemon.nix
|
||||
./agenix.nix
|
||||
./builder.nix
|
||||
./security.nix
|
||||
./sops-nix.nix
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
let
|
||||
users = map (name: builtins.readFile ../users/keys/${name}) userNames;
|
||||
|
||||
userNames = [
|
||||
"adisbladis"
|
||||
"mic92"
|
||||
"ryantm"
|
||||
"zimbatm"
|
||||
"zowoq"
|
||||
];
|
||||
|
||||
inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts;
|
||||
|
||||
secrets = {
|
||||
};
|
||||
in
|
||||
builtins.listToAttrs (
|
||||
map (secretName: {
|
||||
name = "${secretName}.age";
|
||||
value.publicKeys = secrets."${secretName}" ++ users;
|
||||
}) (builtins.attrNames secrets)
|
||||
)
|
9
tasks.py
9
tasks.py
|
@ -53,15 +53,6 @@ def sotp(c: Any, acct: str) -> None:
|
|||
c.run(f"nix develop .#sotp -c sotp {acct}")
|
||||
|
||||
|
||||
@task
|
||||
def update_agenix_files(c: Any) -> None:
|
||||
"""
|
||||
Update all agenix secrets
|
||||
"""
|
||||
os.chdir("secrets")
|
||||
c.run("agenix --rekey", pty=True)
|
||||
|
||||
|
||||
@task
|
||||
def update_sops_files(c: Any) -> None:
|
||||
"""
|
||||
|
|
Loading…
Add table
Reference in a new issue