diff --git a/.github/labeler.yml b/.github/labeler.yml
index 374d7ce..2b5eed0 100644
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -11,7 +11,7 @@
- "secrets.yaml"
- "**/*/*.enc.json"
- "**/*/secrets.yaml"
- - "secrets/**/*"
+ - "modules/secrets/**/*"
"terraform":
- changed-files:
diff --git a/dev/shell.nix b/dev/shell.nix
index b649aa3..225c075 100644
--- a/dev/shell.nix
+++ b/dev/shell.nix
@@ -1,11 +1,10 @@
-{ inputs', pkgs, ... }:
+{ pkgs, ... }:
{
devShells = {
default =
with pkgs;
mkShellNoCC {
packages = [
- inputs'.agenix.packages.default
jq
python3.pkgs.deploykit
python3.pkgs.invoke
diff --git a/dev/treefmt.nix b/dev/treefmt.nix
index 7011fdd..866dbe7 100644
--- a/dev/treefmt.nix
+++ b/dev/treefmt.nix
@@ -32,7 +32,6 @@
};
settings.global.excludes = [
- "*.age"
# vendored from external source
"hosts/build02/packages-with-update-script.nix"
];
diff --git a/devdoc/onboarding.md b/devdoc/onboarding.md
index 52cad21..a0d0be0 100644
--- a/devdoc/onboarding.md
+++ b/devdoc/onboarding.md
@@ -4,8 +4,6 @@
- Add their user and ssh key to [users](../users) as member of the `trusted` and `wheel` groups.
-- Add their user to [secrets/secrets.nix](../secrets/secrets.nix) and run `inv update-agenix-files`.
-
- Add their age key to [sops.json](../sops.json) and run `inv update-sops-files`.
- Add their email in [terraform/locals.tf](../terraform/locals.tf), this will give them access to:
diff --git a/flake.lock b/flake.lock
index 98c5fda..11dadac 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,34 +1,5 @@
{
"nodes": {
- "agenix": {
- "inputs": {
- "darwin": [
- "nix-darwin"
- ],
- "home-manager": [
- "empty"
- ],
- "nixpkgs": [
- "nixpkgs"
- ],
- "systems": [
- "systems"
- ]
- },
- "locked": {
- "lastModified": 1723293904,
- "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
- "owner": "ryantm",
- "repo": "agenix",
- "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
- "type": "github"
- },
- "original": {
- "owner": "ryantm",
- "repo": "agenix",
- "type": "github"
- }
- },
"buildbot-nix": {
"inputs": {
"flake-parts": [
@@ -353,7 +324,6 @@
},
"root": {
"inputs": {
- "agenix": "agenix",
"buildbot-nix": "buildbot-nix",
"cgroup-exporter": "cgroup-exporter",
"disko": "disko",
diff --git a/flake.nix b/flake.nix
index d79e59d..0534703 100644
--- a/flake.nix
+++ b/flake.nix
@@ -7,11 +7,6 @@
];
inputs = {
- agenix.inputs.darwin.follows = "nix-darwin";
- agenix.inputs.home-manager.follows = "empty";
- agenix.inputs.nixpkgs.follows = "nixpkgs";
- agenix.inputs.systems.follows = "systems";
- agenix.url = "github:ryantm/agenix";
buildbot-nix.inputs.flake-parts.follows = "flake-parts";
buildbot-nix.inputs.hercules-ci-effects.follows = "hercules-ci-effects";
buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
diff --git a/modules/darwin/common/default.nix b/modules/darwin/common/default.nix
index 9807c35..d926b03 100644
--- a/modules/darwin/common/default.nix
+++ b/modules/darwin/common/default.nix
@@ -12,7 +12,6 @@
./sops-nix.nix
./telegraf.nix
./users.nix
- inputs.agenix.darwinModules.age
inputs.srvos.darwinModules.server
];
diff --git a/modules/nixos/common/agenix.nix b/modules/nixos/common/agenix.nix
deleted file mode 100644
index 339885e..0000000
--- a/modules/nixos/common/agenix.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ inputs, ... }:
-{
- imports = [
- inputs.agenix.nixosModules.age
- ];
-}
diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix
index 887d359..5a57d61 100644
--- a/modules/nixos/common/default.nix
+++ b/modules/nixos/common/default.nix
@@ -8,7 +8,6 @@
imports = [
../../shared/known-hosts.nix
../../shared/nix-daemon.nix
- ./agenix.nix
./builder.nix
./security.nix
./sops-nix.nix
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
deleted file mode 100644
index 02cbb51..0000000
--- a/secrets/secrets.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-let
- users = map (name: builtins.readFile ../users/keys/${name}) userNames;
-
- userNames = [
- "adisbladis"
- "mic92"
- "ryantm"
- "zimbatm"
- "zowoq"
- ];
-
- inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts;
-
- secrets = {
- };
-in
-builtins.listToAttrs (
- map (secretName: {
- name = "${secretName}.age";
- value.publicKeys = secrets."${secretName}" ++ users;
- }) (builtins.attrNames secrets)
-)
diff --git a/tasks.py b/tasks.py
index cdfe1be..4e7ade6 100644
--- a/tasks.py
+++ b/tasks.py
@@ -53,15 +53,6 @@ def sotp(c: Any, acct: str) -> None:
c.run(f"nix develop .#sotp -c sotp {acct}")
-@task
-def update_agenix_files(c: Any) -> None:
- """
- Update all agenix secrets
- """
- os.chdir("secrets")
- c.run("agenix --rekey", pty=True)
-
-
@task
def update_sops_files(c: Any) -> None:
"""