replacing sops with agenix

2024-08-30 13:08:18 +02:00
parent 6befe2e0fe
commit 963a579d89
24 changed files with 603 additions and 607 deletions
--- a/system/modules/default.nix
+++ b/system/modules/default.nix
@@ -10,7 +10,7 @@
    "${systemModules}/hardware/graphics/amd"
    "${systemModules}/hardware/graphics/nvidia"
    "${systemModules}/hardware/logitech"
-    "${systemModules}/network"
+    "${systemModules}/hardware/network"
    "${systemModules}/studio/blender"
    "${systemModules}/studio/gimp"
    "${systemModules}/studio/inkscape"
@@ -25,12 +25,12 @@
    "${systemModules}/sysd/pipewire"
    "${systemModules}/sysd/powerd"
    "${systemModules}/sysd/samba"
-    "${systemModules}/sysd/sops"
    "${systemModules}/sysd/ssh"
    "${systemModules}/sysd/udisks"
    "${systemModules}/sysd/xserver/amd"
    "${systemModules}/sysd/xserver/amd/hhkbse"
    "${systemModules}/sysd/xserver/nvidia"
+    "${systemModules}/utils/agenix"
    "${systemModules}/utils/android"
    "${systemModules}/utils/anyrun"
    "${systemModules}/utils/corectrl"
--- a/system/modules/gaming/gamemode/default.nix
+++ b/system/modules/gaming/gamemode/default.nix
@@ -15,7 +15,7 @@ in {
  options = {
    modules.gaming.gamemode = {
      enable = mkEnableOption "Enables gamemode";
-      optimizeGpu = mkOption {
+      optimizeGpu.enable = mkOption {
        type = lib.types.bool;
        default = false;
        description = "Whether to apply GPU optimizations.";
@@ -31,7 +31,7 @@ in {
          softrealtime = "auto";
          renice = 15;
        };
-        gpu = mkIf cfg.optimizeGpu {
+        gpu = mkIf cfg.optimizeGpu.enable {
          apply_gpu_optimisations = "accept-responsibility";
          gpu_device = 0;
          amd_performance_level = "high";
--- a/system/modules/hardware/network/default.nix
+++ b/system/modules/hardware/network/default.nix
@@ -0,0 +1,50 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib) mkIf mkEnableOption mkOption types;
+  cfg = config.modules.hardware.network;
+in {
+  options = {
+    modules = {
+      hardware = {
+        network = {
+          enable = mkEnableOption "Enable the custom networking module";
+
+          hostName = mkOption {
+            type = types.str;
+            default = "default-hostname";
+            description = "Hostname for the system.";
+          };
+
+          interfaces = mkOption {
+            type = types.attrsOf (types.submodule {
+              options = {
+                allowedTCPPorts = mkOption {
+                  type = types.listOf types.int;
+                  default = [];
+                  description = "List of allowed TCP ports for this interface.";
+                };
+              };
+            });
+            default = {};
+            description = "Network interface configurations.";
+          };
+        };
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking = {
+      networkmanager.enable = true;
+      inherit (cfg) hostName;
+      nftables.enable = true;
+      firewall = {
+        enable = true;
+        inherit (cfg) interfaces;
+      };
+    };
+  };
+}
--- a/system/modules/network/default.nix
+++ b/system/modules/network/default.nix
@@ -1,48 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  inherit (lib) mkIf mkEnableOption mkOption types;
-  cfg = config.modules.network;
-in {
-  options = {
-    modules = {
-      network = {
-        enable = mkEnableOption "Enable the custom networking module";
-
-        hostName = mkOption {
-          type = types.str;
-          default = "default-hostname";
-          description = "Hostname for the system.";
-        };
-
-        interfaces = mkOption {
-          type = types.attrsOf (types.submodule {
-            options = {
-              allowedTCPPorts = mkOption {
-                type = types.listOf types.int;
-                default = [];
-                description = "List of allowed TCP ports for this interface.";
-              };
-            };
-          });
-          default = {};
-          description = "Network interface configurations.";
-        };
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    networking = {
-      networkmanager.enable = true;
-      inherit (cfg) hostName;
-      nftables.enable = true;
-      firewall = {
-        enable = true;
-        inherit (cfg) interfaces;
-      };
-    };
-  };
-}
--- a/system/modules/studio/blender/default.nix
+++ b/system/modules/studio/blender/default.nix
@@ -10,7 +10,7 @@ in {
  options = {
    modules.studio.blender = {
      enable = mkEnableOption "Enables Blender";
-      hip = mkOption {
+      hip.enable = mkOption {
        type = lib.types.bool;
        default = false;
        description = "Use the HIP-enabled version of Blender (for AMD GPUs).";
@@ -20,7 +20,7 @@ in {
  config = mkIf cfg.enable {
    environment.systemPackages = [
      (
-        if cfg.hip
+        if cfg.hip.enable
        then pkgs.blender-hip
        else pkgs.blender
      )
--- a/system/modules/sysd/sops/default.nix
+++ b/system/modules/sysd/sops/default.nix
@@ -1,76 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  self,
-  ...
-}: let
-  inherit (lib) mkIf mkEnableOption mkOption;
-  cfg = config.modules.sysd.sops;
-in {
-  options = {
-    modules.sysd.sops = {
-      enable = mkEnableOption "Enables sops system environment";
-      cnix.enable = mkOption {
-        type = lib.types.bool;
-        default = false;
-        description = "Apply cnix sops settings";
-      };
-      toothpc.enable = mkOption {
-        type = lib.types.bool;
-        default = false;
-        description = "Apply toothpc sops settings";
-      };
-      adampad.enable = mkOption {
-        type = lib.types.bool;
-        default = false;
-        description = "Apply adampad sops settings";
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    sops = lib.mkMerge [
-      {
-        age = {sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];};
-        gnupg = {
-          home = "~/.gnupg";
-          sshKeyPaths = [];
-        };
-      }
-      (mkIf cfg.cnix.enable {
-        secrets = {
-          openai_api_key = {
-            format = "yaml";
-            sopsFile = "${self}/secrets/cnix-secrets.yaml";
-          };
-          ssh_host = {
-            format = "yaml";
-            sopsFile = "${self}/secrets/cnix-secrets.yaml";
-          };
-        };
-      })
-      (mkIf cfg.toothpc.enable {
-        secrets = {
-          ssh_host = {
-            format = "yaml";
-            # sopsFile = "${self}/secrets/toothpc-secrets.yaml";
-          };
-        };
-      })
-      (mkIf cfg.adampad.enable {
-        secrets = {
-          ssh_host = {
-            format = "yaml";
-            sopsFile = "${self}/secrets/adampad-secrets.yaml";
-          };
-        };
-      })
-    ];
-
-    environment.systemPackages = [
-      pkgs.sops
-      pkgs.age
-    ];
-  };
-}
--- a/system/modules/utils/agenix/default.nix
+++ b/system/modules/utils/agenix/default.nix
@@ -0,0 +1,58 @@
+{
+  config,
+  lib,
+  inputs,
+  pkgs,
+  self,
+  ...
+}: let
+  inherit (lib) mkIf mkEnableOption mkOption mkMerge;
+  cfg = config.modules.utils.agenix;
+in {
+  options = {
+    modules.utils.agenix = {
+      enable = mkEnableOption "Enables agenix system environment";
+      cnix.enable = mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Apply cnix agenix settings";
+      };
+      toothpc.enable = mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Apply toothpc agenix settings";
+      };
+      adampad.enable = mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Apply adampad agenix settings";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    age = mkMerge [
+      (mkIf cfg.cnix.enable {
+        secrets = {
+          cnstssh.file = "${self}/secrets/cnstssh.age";
+          cnixssh.file = "${self}/secrets/cnixssh.age";
+        };
+      })
+      (mkIf cfg.toothpc.enable {
+        secrets = {
+          # Add toothpc specific secrets here
+        };
+      })
+      (mkIf cfg.adampad.enable {
+        secrets = {
+          # Add adampad specific secrets here
+        };
+      })
+    ];
+
+    environment.systemPackages = [
+      inputs.agenix.packages.x86_64-linux.default
+      pkgs.age
+    ];
+  };
+}
--- a/system/modules/utils/misc/default.nix
+++ b/system/modules/utils/misc/default.nix
@@ -11,11 +11,11 @@ in {
    modules.utils.misc.enable = mkEnableOption "Enables miscellaneous pacakges";
  };
  config = mkIf cfg.enable {
-    environment.systemPackages = with pkgs; [
-      nodejs_22
-      ripgrep
-      fd
-      beekeeper-studio
+    environment.systemPackages = [
+      pkgs.nodejs_22
+      pkgs.ripgrep
+      pkgs.fd
+      pkgs.beekeeper-studio
    ];
  };
 }