flake.lock: Update

Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c' (2023-06-19) → 'github:numtide/flake-utils/dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7' (2023-06-25) • Updated input 'home-manager': 'github:nix-community/home-manager/6ca1e16eb3016c94b7ac16699e1d4158bd4e39a4' (2023-06-24) → 'github:nix-community/home-manager/07c347bb50994691d7b0095f45ebd8838cf6bc38' (2023-06-27) • Updated input 'nixinate': 'github:matthewcroughan/nixinate/b4d17b8e2a4abc47e93e1a1c466e0286a63640d8' (2022-12-15) → 'github:matthewcroughan/nixinate/7902ae845e6cc5bd450e510cdf5e009a6e4a44d9' (2023-06-30) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/ecb441f22067ba1d6312f4932a7c64efa8d19a7b' (2023-06-22) → 'github:NixOS/nixpkgs/b72aa95f7f096382bff3aea5f8fde645bca07422' (2023-06-30) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/b154feadb9abd34350360a80cb4b7e6ce8525a75' (2023-06-25) → 'github:NixOS/nixpkgs/3eb8ccf3b3922be5586a263e7d6f4f98e3acf728' (2023-07-02) • Updated input 'nur': 'github:nix-community/NUR/9eed2d0c604236451550cede1095b94bc8897133' (2023-06-25) → 'github:nix-community/NUR/8993e5d37ab3ec80883751b5d86d48e9b74bed43' (2023-07-02) • Updated input 'retiolum': 'git+https://git.thalheim.io/Mic92/retiolum?ref=refs/heads/master&rev=f79b533caf30820d93a79878d871c08faa35b3f4' (2023-06-06) → 'git+https://git.thalheim.io/Mic92/retiolum?ref=refs/heads/master&rev=5204150c92b7c412a3331337ef73b0eb0f01f6ba' (2023-07-01) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/ec002586144fe0f48039dced270c188f0b8213ab' (2023-06-24) → 'github:oxalica/rust-overlay/ef95001485c25edb43ea236bdb03640b9073abef' (2023-07-01) • Updated input 'secrets': 'path:./secrets?lastModified=1&narHash=sha256-D9ZMDdN7FOG%2Bx8Ds2FuBUz/ujRLjJ07rxiV8AFuEqbQ%3D' (1970-01-01) → 'path:./secrets?lastModified=1&narHash=sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo%3D' (1970-01-01)
chore: get secrets via input, mock for CI
2026-03-29 08:41:07 +02:00 · 2023-07-02 00:59:43 +00:00 · 2023-06-27 20:13:09 +02:00 · 2023-06-27 17:57:26 +02:00 · 2023-06-27 17:50:07 +02:00 · 2023-06-27 17:49:56 +02:00
33 changed files with 238 additions and 135 deletions
--- a/.github/workflows/niveum.yml
+++ b/.github/workflows/niveum.yml
@@ -10,5 +10,21 @@ jobs:
        system: [makanek,manakish,kabsa,zaatar,ful]
    steps:
    - uses: actions/checkout@v2
-    - uses: cachix/install-nix-action@v16
-    - run: nix run .?submodules=1#apps.nixinate.${{matrix.system}}-dry-run
+    - name: Install QEMU (ARM)
+      run: sudo apt-get install -y qemu-user-static
+      if: ${{ matrix.system == 'ful' }}
+    - name: Install Nix (ARM)
+      uses: cachix/install-nix-action@v16
+      if: ${{ matrix.system == 'ful' }}
+      with:
+        extra_nix_config: |
+          system = aarch64-linux
+    - name: Install Nix (x86_64)
+      uses: cachix/install-nix-action@v16
+      if: ${{ matrix.system != 'ful' }}
+    - run: |
+        rm -rf secrets
+        mkdir secrets
+        cat secrets.txt | while read -r path; do echo dummy > $path; done
+        find
+    - run: nix run nixpkgs#nixos-rebuild -- dry-build --override-input secrets ./secrets --flake .#${{matrix.system}}
--- a/configs/aerc.nix
+++ b/configs/aerc.nix
@@ -2,6 +2,7 @@
  pkgs,
  config,
  lib,
+  inputs,
  ...
 }: let
  defaults = {
@@ -19,43 +20,43 @@
 in {
  age.secrets = {
    email-password-cock = {
-      file = ../secrets/email-password-cock.age;
+      file = inputs.secrets + "/email-password-cock.age";
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
    };
    email-password-fysi = {
-      file = ../secrets/email-password-fysi.age;
+      file = inputs.secrets + "/secrets/email-password-fysi.age";
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
    };
    email-password-posteo = {
-      file = ../secrets/email-password-posteo.age;
+      file = inputs.secrets + "/email-password-posteo.age";
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
    };
    email-password-meinhark = {
-      file = ../secrets/email-password-meinhark.age;
+      file = inputs.secrets + "/email-password-meinhark.age";
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
    };
    email-password-meinhaki = {
-      file = ../secrets/email-password-meinhaki.age;
+      file = inputs.secrets + "/email-password-meinhaki.age";
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
    };
    email-password-dslalewa = {
-      file = ../secrets/email-password-dslalewa.age;
+      file = inputs.secrets + "/email-password-dslalewa.age";
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
    };
    email-password-fsklassp = {
-      file = ../secrets/email-password-fsklassp.age;
+      file = inputs.secrets + "/email-password-fsklassp.age";
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
--- a/configs/cloud.nix
+++ b/configs/cloud.nix
@@ -2,6 +2,7 @@
  config,
  lib,
  pkgs,
+  inputs,
  ...
 }: let
  inherit (import ../lib) tmpfilesConfig;
@@ -97,7 +98,7 @@ in {
  ];

  age.secrets.mega-password = {
-    file = ../secrets/mega-password.age;
+    file = inputs.secrets + "/mega-password.age";
    owner = config.users.users.me.name;
    group = config.users.users.me.group;
    mode = "400";
@@ -125,6 +126,7 @@ in {
    folders = let
      cloud-dir = "${config.users.users.me.home}/cloud";
    in {
+      "${cloud-dir}/syncthing/zotero".devices = ["kabsa" "manakish"];
      "${cloud-dir}/syncthing/common".devices = ["kabsa" "manakish"];
      "${cloud-dir}/syncthing/library".devices = ["kabsa" "manakish" "heym"];
      "${cloud-dir}/syncthing/mundoiu".devices = ["kabsa" "manakish" "heym"];
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -37,13 +37,13 @@ in {
    {
      age.secrets = {
        di-fm-key = {
-          file = ../secrets/di-fm-key.age;
+          file = inputs.secrets + "/di-fm-key.age";
          owner = config.users.users.me.name;
          group = config.users.users.me.group;
          mode = "400";
        };
        restic = {
-          file = ../secrets/restic.age;
+          file = inputs.secrets + "/restic.age";
          owner = config.users.users.me.name;
          group = config.users.users.me.group;
          mode = "400";
@@ -76,7 +76,7 @@ in {
      };

      age.secrets = {
-        kfm-password.file = ../secrets/kfm-password.age;
+        kfm-password.file = inputs.secrets + "/kfm-password.age";
      };

      home-manager.users.me.xdg.enable = true;
--- a/configs/fonts.nix
+++ b/configs/fonts.nix
@@ -109,7 +109,7 @@ in {
    fontconfig.defaultFonts = rec {
      monospace = ["Noto Sans Mono"] ++ emoji;
      serif = ["Noto Serif" "Noto Naskh Arabic" "Noto Serif Devanagari"];
-      sansSerif = ["Noto Sans Display" "Noto Kufi Arabic" "Noto Sans Devanagari" "Noto Sans CJK JP"];
+      sansSerif = ["Noto Sans Display" "Noto Naskh Arabic" "Noto Sans Devanagari" "Noto Sans CJK JP" "Noto Sans Coptic"];
      emoji = ["Noto Color Emoji"];
    };
    # xelatex fails with woff files
--- a/configs/hu-berlin.nix
+++ b/configs/hu-berlin.nix
@@ -1,15 +1,9 @@
 {
  config,
  pkgs,
-  lib,
+  inputs,
  ...
 }: let
-  inherit (lib.strings) fileContents;
-  inherit (import ../lib) sshPort;
-  eduroam = {
-    identity = fileContents <secrets/eduroam/identity>;
-    password = fileContents <secrets/eduroam/password>;
-  };
  hu-berlin-cifs-options = [
    "uid=${toString config.users.users.me.uid}"
    "gid=${toString config.users.groups.users.gid}"
@@ -35,7 +29,7 @@ in {
    options = hu-berlin-cifs-options;
  };

-  age.secrets.cifs-credentials-hu-berlin.file = ../secrets/cifs-credentials-hu-berlin.age;
+  age.secrets.cifs-credentials-hu-berlin.file = inputs.secrets + "/cifs-credentials-hu-berlin.age";

  home-manager.users.me.programs.ssh = {
    matchBlocks = {
@@ -63,6 +57,9 @@ in {
    )
  ];

+  # ref https://github.com/NixOS/nixpkgs/issues/231038#issuecomment-1591888919
+  environment.etc."ppp/options".text = "ipcp-accept-remote";
+
  systemd.services.hu-vpn = {
    enable = true;
    wants = ["network-online.target"];
--- a/configs/i3.nix
+++ b/configs/i3.nix
@@ -3,6 +3,7 @@
  pkgs,
  lib,
  niveumPackages,
+  inputs,
  ...
 }: let
  inherit (import ../lib) defaultApplications colours;
@@ -65,13 +66,13 @@
 in {
  age.secrets = {
    github-token-i3status-rust = {
-      file = ../secrets/github-token-i3status-rust.age;
+      file = inputs.secrets + "/github-token-i3status-rust.age";
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
    };
    openweathermap-api-key = {
-      file = ../secrets/openweathermap-api-key.age;
+      file = inputs.secrets + "/openweathermap-api-key.age";
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
--- a/configs/khal.nix
+++ b/configs/khal.nix
@@ -1,7 +1,7 @@
 {
  config,
  pkgs,
-  lib,
+  inputs,
  ...
 }: let
  davHome = "~/.local/share/dav";
@@ -18,13 +18,13 @@
 in {
  age.secrets = {
    nextcloud-password-kieran = {
-      file = ../secrets/nextcloud-password-kieran.age;
+      file = inputs.secrets + "/nextcloud-password-kieran.age";
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
    };
    nextcloud-password-fysi = {
-      file = ../secrets/nextcloud-password-fysi.age;
+      file = inputs.secrets + "/nextcloud-password-fysi.age";
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
--- a/configs/packages.nix
+++ b/configs/packages.nix
@@ -1,10 +1,8 @@
 {
  config,
  pkgs,
-  lib,
  inputs,
  niveumPackages,
-  unstablePackages,
  ...
 }: let
  worldradio = pkgs.callPackage ../packages/worldradio.nix {};
@@ -291,7 +289,7 @@ in {
  ];

  age.secrets.home-assistant-token = {
-    file = ../secrets/home-assistant-token.age;
+    file = inputs.secrets + "/home-assistant-token.age";
    owner = config.users.users.me.name;
    group = config.users.users.me.group;
    mode = "400";
--- a/configs/telegram-bots/autorenkalender.nix
+++ b/configs/telegram-bots/autorenkalender.nix
@@ -1,6 +1,6 @@
 {
  pkgs,
-  lib,
+  inputs,
  config,
  ...
 }: let
@@ -22,7 +22,7 @@ in {
    command = "${autorenkalender}/bin/autorenkalender";
  };

-  age.secrets.telegram-token-kmein.file = ../../secrets/telegram-token-kmein.age;
+  age.secrets.telegram-token-kmein.file = inputs.secrets + "/telegram-token-kmein.age";

  niveum.passport.services = [
    {
--- a/configs/telegram-bots/default.nix
+++ b/configs/telegram-bots/default.nix
@@ -1,7 +1,6 @@
 {
  config,
  pkgs,
-  lib,
  inputs,
  ...
 }: let
@@ -48,9 +47,9 @@ in {
  ];

  age.secrets = {
-    telegram-token-reverse.file = ../../secrets/telegram-token-reverse.age;
-    telegram-token-betacode.file = ../../secrets/telegram-token-betacode.age;
-    telegram-token-proverb.file = ../../secrets/telegram-token-proverb.age;
+    telegram-token-reverse.file = inputs.secrets + "/telegram-token-reverse.age";
+    telegram-token-betacode.file = inputs.secrets + "/telegram-token-betacode.age";
+    telegram-token-proverb.file = inputs.secrets + "/telegram-token-proverb.age";
  };

  systemd.services.telegram-reverse = {
--- a/configs/telegram-bots/nachtischsatan.nix
+++ b/configs/telegram-bots/nachtischsatan.nix
@@ -1,7 +1,7 @@
 {
  pkgs,
  config,
-  lib,
+  inputs,
  ...
 }: let
  nachtischsatan-bot = {tokenFile}:
@@ -36,7 +36,7 @@ in {
    serviceConfig.Restart = "always";
  };

-  age.secrets.telegram-token-nachtischsatan.file = ../../secrets/telegram-token-nachtischsatan.age;
+  age.secrets.telegram-token-nachtischsatan.file = inputs.secrets + "/telegram-token-nachtischsatan.age";

  niveum.passport.services = [
    {
--- a/configs/traadfri.nix
+++ b/configs/traadfri.nix
@@ -1,7 +1,7 @@
 {
  config,
  pkgs,
-  lib,
+  inputs,
  ...
 }: let
  inherit (import ../lib) localAddresses;
@@ -20,7 +20,7 @@ in {
  ];

  age.secrets.traadfri-key = {
-    file = ../secrets/traadfri-key.age;
+    file = inputs.secrets + "/traadfri-key.age";
    owner = config.users.users.me.name;
    group = config.users.users.me.group;
    mode = "400";
--- a/flake.lock
+++ b/flake.lock
@@ -67,11 +67,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1687171271,
-        "narHash": "sha256-BJlq+ozK2B1sJDQXS3tzJM5a+oVZmi1q0FlBK/Xqv7M=",
+        "lastModified": 1687709756,
+        "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c",
+        "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
        "type": "github"
      },
      "original": {
@@ -102,11 +102,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1687647567,
-        "narHash": "sha256-Ua90LZYJO7/7KW/KK/AqijhIekd+wxPwbVKXuBYzJeQ=",
+        "lastModified": 1687871164,
+        "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "6ca1e16eb3016c94b7ac16699e1d4158bd4e39a4",
+        "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
        "type": "github"
      },
      "original": {
@@ -175,11 +175,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1671116920,
-        "narHash": "sha256-QmDGsUUmAGn77UTR7eQJmebl8f3IIUCtmbbAdJqKA3s=",
+        "lastModified": 1688141737,
+        "narHash": "sha256-qHrNMYWukOKmKVf6wXOGKj1xxUnOGjvTRbt/PLLXuBE=",
        "owner": "matthewcroughan",
        "repo": "nixinate",
-        "rev": "b4d17b8e2a4abc47e93e1a1c466e0286a63640d8",
+        "rev": "7902ae845e6cc5bd450e510cdf5e009a6e4a44d9",
        "type": "github"
      },
      "original": {
@@ -190,11 +190,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1687466461,
-        "narHash": "sha256-oupXI7g7RPzlpGUfAu1xG4KBK53GrZH8/xeKgKDB4+Q=",
+        "lastModified": 1688109178,
+        "narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ecb441f22067ba1d6312f4932a7c64efa8d19a7b",
+        "rev": "b72aa95f7f096382bff3aea5f8fde645bca07422",
        "type": "github"
      },
      "original": {
@@ -222,11 +222,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1687652732,
-        "narHash": "sha256-J5DIQzLejT/9xjSSOxjHJ6r1nc4VawKnLejHtOQKjV4=",
+        "lastModified": 1688258489,
+        "narHash": "sha256-Ve3r2lv3bTJh/0/2IRhF5+4uco3YlqIjFPDd3rs4frw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b154feadb9abd34350360a80cb4b7e6ce8525a75",
+        "rev": "3eb8ccf3b3922be5586a263e7d6f4f98e3acf728",
        "type": "github"
      },
      "original": {
@@ -254,11 +254,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1687654170,
-        "narHash": "sha256-82D7t8R2SoFqt06HLVMbFMPjQy32nTrECJBLZvTt2aI=",
+        "lastModified": 1688258911,
+        "narHash": "sha256-nu6KIfmhQqCMo+tecCMOP13TH8BLrm8hpDqF6ckz8Ik=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "9eed2d0c604236451550cede1095b94bc8897133",
+        "rev": "8993e5d37ab3ec80883751b5d86d48e9b74bed43",
        "type": "github"
      },
      "original": {
@@ -293,11 +293,11 @@
    },
    "retiolum": {
      "locked": {
-        "lastModified": 1686076643,
-        "narHash": "sha256-midjyNXeGAqXzwXKnHNsTnRwPIbturlq2FcHOh9fivg=",
+        "lastModified": 1688225912,
+        "narHash": "sha256-YXiHX9YmZ1ApZ3g58+nJrJA+H35stAvIAaewUnG1eZg=",
        "ref": "refs/heads/master",
-        "rev": "f79b533caf30820d93a79878d871c08faa35b3f4",
-        "revCount": 306,
+        "rev": "5204150c92b7c412a3331337ef73b0eb0f01f6ba",
+        "revCount": 307,
        "type": "git",
        "url": "https://git.thalheim.io/Mic92/retiolum"
      },
@@ -322,6 +322,7 @@
        "retiolum": "retiolum",
        "rust-overlay": "rust-overlay",
        "scripts": "scripts",
+        "secrets": "secrets",
        "telebots": "telebots",
        "tinc-graph": "tinc-graph",
        "traadfri": "traadfri",
@@ -338,11 +339,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1687573996,
-        "narHash": "sha256-F7pDERmi8MomkMhcUW88IW6RRrxAk7QO2PXs+LMpxpI=",
+        "lastModified": 1688178944,
+        "narHash": "sha256-4fef6jlv73WW6FLXssEa88WaTVEU268ipI6fatg9vRE=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "ec002586144fe0f48039dced270c188f0b8213ab",
+        "rev": "ef95001485c25edb43ea236bdb03640b9073abef",
        "type": "github"
      },
      "original": {
@@ -377,6 +378,19 @@
        "type": "github"
      }
    },
+    "secrets": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1,
+        "narHash": "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo=",
+        "path": "./secrets",
+        "type": "path"
+      },
+      "original": {
+        "path": "./secrets",
+        "type": "path"
+      }
+    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
--- a/flake.nix
+++ b/flake.nix
@@ -13,6 +13,7 @@
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
    nur.url = "github:nix-community/NUR";
    recht.url = "github:kmein/recht";
+    secrets.url = "path:./secrets";
    scripts.url = "github:kmein/scripts";
    retiolum.url = "git+https://git.thalheim.io/Mic92/retiolum";
    rust-overlay.url = "github:oxalica/rust-overlay";
@@ -38,6 +39,7 @@
    scripts.inputs.flake-utils.follows = "flake-utils";
    scripts.inputs.nixpkgs.follows = "nixpkgs";
    scripts.inputs.rust-overlay.follows = "rust-overlay";
+    secrets.flake = false;
    tinc-graph.inputs.flake-utils.follows = "flake-utils";
    tinc-graph.inputs.nixpkgs.follows = "nixpkgs";
    tinc-graph.inputs.rust-overlay.follows = "rust-overlay";
@@ -62,19 +64,27 @@
      apps =
        nixinate.nixinate.x86_64-linux self
        // {
-          x86_64-linux.deploy = let
+          x86_64-linux = let
            pkgs = nixpkgs.legacyPackages.x86_64-linux;
          in {
-            type = "app";
-            program = toString (pkgs.writers.writeDash "deploy" ''
-              if [ $# -eq 0 ]
-              then
-                systems='${toString (builtins.attrNames self.nixosConfigurations)}'
-              else
-                systems=$*
-              fi
-              ${pkgs.parallel}/bin/parallel --line-buffer --tagstring '{}' 'nix run .\?submodules=1\#apps.nixinate.{}' ::: $systems
-            '');
+            mock-secrets = {
+              type = "app";
+              program = toString (pkgs.writers.writeDash "mock-secrets" ''
+                ${pkgs.findutils}/bin/find secrets -not -path '*/.*' -type f  > secrets.txt
+              '');
+            };
+            deploy =  {
+              type = "app";
+              program = toString (pkgs.writers.writeDash "deploy" ''
+                if [ $# -eq 0 ]
+                then
+                  systems='${toString (builtins.attrNames self.nixosConfigurations)}'
+                else
+                  systems=$*
+                fi
+                ${pkgs.parallel}/bin/parallel --line-buffer --tagstring '{}' 'nix run .\?submodules=1\#apps.nixinate.{}' ::: $systems
+              '');
+            };
          };
        };

--- a/secrets.txt
+++ b/secrets.txt
@@ -0,0 +1,62 @@
+secrets/di-fm-key.age
+secrets/email-password-meinhark.age
+secrets/kabsa-retiolum-privateKey-ed25519.age
+secrets/makanek-specus-privateKey.age
+secrets/manakish-retiolum-privateKey-rsa.age
+secrets/kfm-password.age
+secrets/email-password-fysi.age
+secrets/github-token-i3status-rust.age
+secrets/nextcloud-password-admin.age
+secrets/zaatar-retiolum-privateKey-ed25519.age
+secrets/manakish-syncthing-cert.age
+secrets/telegram-token-betacode.age
+secrets/tabula-retiolum-privateKey-rsa.age
+secrets/zaatar-ympd-basicAuth.age
+secrets/zaatar-moodle-dl-basicAuth.age
+secrets/mega-password.age
+secrets/telegram-token-reverse.age
+secrets/email-password-meinhaki.age
+secrets/spotify-password.age
+secrets/telegram-token-kmein.age
+secrets/maxmind-license-key.age
+secrets/makanek-retiolum-privateKey-rsa.age
+secrets/spotify-username.age
+secrets/onlyoffice-jwt-key.age
+secrets/miniflux-credentials.age
+secrets/email-password-fsklassp.age
+secrets/kabsa-retiolum-privateKey-rsa.age
+secrets/traadfri-key.age
+secrets/tahina-retiolum-privateKey-rsa.age
+secrets/makanek-retiolum-privateKey-ed25519.age
+secrets/zaatar-retiolum-privateKey-rsa.age
+secrets/kabsa-specus-privateKey.age
+secrets/nextcloud-password-kieran.age
+secrets/ful-root.age
+secrets/manakish-syncthing-key.age
+secrets/email-password-dslalewa.age
+secrets/zaatar-moodle-dl-tokens.json.age
+secrets/tabula-retiolum-privateKey-ed25519.age
+secrets/tahina-retiolum-privateKey-ed25519.age
+secrets/cifs-credentials-hu-berlin.age
+secrets/kabsa-syncthing-key.age
+secrets/ful-retiolum-privateKey-rsa.age
+secrets/ful-retiolum-privateKey-ed25519.age
+secrets/zaatar-syncthing-key.age
+secrets/openweathermap-api-key.age
+secrets/secrets.nix
+secrets/email-password-cock.age
+secrets/telegram-token-nachtischsatan.age
+secrets/kabsa-syncthing-cert.age
+secrets/grafana-password-admin.age
+secrets/email-password-posteo.age
+secrets/manakish-retiolum-privateKey-ed25519.age
+secrets/restic.age
+secrets/home-assistant-token.age
+secrets/zaatar-syncthing-cert.age
+secrets/nextcloud-password-database.age
+secrets/telegram-token-menstruation.age
+secrets/alertmanager-token-reporters.age
+secrets/ful-specus-privateKey.age
+secrets/nextcloud-password-fysi.age
+secrets/weechat-sec.conf.age
+secrets/telegram-token-proverb.age
--- a/systems/ful/configuration.nix
+++ b/systems/ful/configuration.nix
@@ -1,5 +1,5 @@
 {
-  lib,
+  inputs,
  config,
  pkgs,
  ...
@@ -36,19 +36,19 @@ in {

  age.secrets = {
    retiolum-rsa = {
-      file = ../../secrets/ful-retiolum-privateKey-rsa.age;
+      file = inputs.secrets + "/ful-retiolum-privateKey-rsa.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
    };
    retiolum-ed25519 = {
-      file = ../../secrets/ful-retiolum-privateKey-ed25519.age;
+      file = inputs.secrets + "/ful-retiolum-privateKey-ed25519.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
    };
-    root.file = ../../secrets/ful-root.age;
-    restic.file = ../../secrets/restic.age;
+    root.file = inputs.secrets + "/ful-root.age";
+    restic.file = inputs.secrets + "/restic.age";
  };

  services.restic.backups.niveum = {
--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -1,7 +1,6 @@
 {
-  config,
+  inputs,
  pkgs,
-  lib,
  ...
 }: let
  inherit (import ../../lib) retiolumAddresses;
@@ -26,20 +25,20 @@ in {

  age.secrets = {
    retiolum-rsa = {
-      file = ../../secrets/kabsa-retiolum-privateKey-rsa.age;
+      file = inputs.secrets + "/kabsa-retiolum-privateKey-rsa.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
    };
    retiolum-ed25519 = {
-      file = ../../secrets/kabsa-retiolum-privateKey-ed25519.age;
+      file = inputs.secrets + "/kabsa-retiolum-privateKey-ed25519.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
    };
-    restic.file = ../../secrets/restic.age;
-    syncthing-cert.file = ../../secrets/kabsa-syncthing-cert.age;
-    syncthing-key.file = ../../secrets/kabsa-syncthing-key.age;
+    restic.file = inputs.secrets + "/restic.age";
+    syncthing-cert.file = inputs.secrets + "/kabsa-syncthing-cert.age";
+    syncthing-key.file = inputs.secrets + "/kabsa-syncthing-key.age";
  };

  environment.systemPackages = [pkgs.minecraft pkgs.zeroad];
--- a/systems/makanek/configuration.nix
+++ b/systems/makanek/configuration.nix
@@ -1,5 +1,5 @@
 {
-  lib,
+  inputs,
  config,
  pkgs,
  ...
@@ -84,18 +84,18 @@ in {

  age.secrets = {
    retiolum-rsa = {
-      file = ../../secrets/makanek-retiolum-privateKey-rsa.age;
+      file = inputs.secrets + "/makanek-retiolum-privateKey-rsa.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
    };
    retiolum-ed25519 = {
-      file = ../../secrets/makanek-retiolum-privateKey-ed25519.age;
+      file = inputs.secrets + "/makanek-retiolum-privateKey-ed25519.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
    };
-    restic.file = ../../secrets/restic.age;
+    restic.file = inputs.secrets + "/restic.age";
  };

  system.stateVersion = "20.03";
--- a/systems/makanek/menstruation.nix
+++ b/systems/makanek/menstruation.nix
@@ -1,7 +1,6 @@
 {
  config,
  pkgs,
-  lib,
  inputs,
  ...
 }: let
@@ -47,7 +46,7 @@ in {
    };
  };

-  age.secrets.telegram-token-menstruation.file = ../../secrets/telegram-token-menstruation.age;
+  age.secrets.telegram-token-menstruation.file = inputs.secrets + "/telegram-token-menstruation.age";

  systemd.services.menstruation-backend = {
    wants = ["network-online.target"];
--- a/systems/makanek/monitoring/default.nix
+++ b/systems/makanek/monitoring/default.nix
@@ -2,6 +2,7 @@
  lib,
  config,
  pkgs,
+  inputs,
  ...
 }: let
  lokiConfig = import ./loki.nix;
@@ -241,19 +242,19 @@ in {

  age.secrets = {
    email-password-cock = {
-      file = ../../../secrets/email-password-cock.age;
+      file = inputs.secrets + "/email-password-cock.age";
      owner = "grafana";
      group = "grafana";
      mode = "440";
    };
    grafana-password-admin = {
-      file = ../../../secrets/grafana-password-admin.age;
+      file = inputs.secrets + "/grafana-password-admin.age";
      owner = "grafana";
      group = "grafana";
      mode = "440";
    };
    alertmanager-token-reporters = {
-      file = ../../../secrets/alertmanager-token-reporters.age;
+      file = inputs.secrets + "/alertmanager-token-reporters.age";
      owner = "prometheus";
      group = "prometheus";
      mode = "440";
--- a/systems/makanek/nextcloud.nix
+++ b/systems/makanek/nextcloud.nix
@@ -1,6 +1,7 @@
 {
  pkgs,
  config,
+  inputs,
  lib,
  ...
 }: let
@@ -8,13 +9,13 @@
 in {
  age.secrets = {
    nextcloud-password-database = {
-      file = ../../secrets/nextcloud-password-database.age;
+      file = inputs.secrets + "/nextcloud-password-database.age";
      owner = "nextcloud";
      group = "nextcloud";
      mode = "440";
    };
    nextcloud-password-admin = {
-      file = ../../secrets/nextcloud-password-admin.age;
+      file = inputs.secrets + "/nextcloud-password-admin.age";
      owner = "nextcloud";
      group = "nextcloud";
      mode = "440";
--- a/systems/makanek/onlyoffice.nix
+++ b/systems/makanek/onlyoffice.nix
@@ -1,5 +1,5 @@
 {
-  pkgs,
+  inputs,
  config,
  ...
 }: {
@@ -11,7 +11,7 @@
  };

  age.secrets.onlyoffice-key = {
-    file = ../../secrets/onlyoffice-jwt-key.age;
+    file = inputs.secrets + "/onlyoffice-jwt-key.age";
    owner = "onlyoffice";
  };

--- a/systems/makanek/retiolum-map.nix
+++ b/systems/makanek/retiolum-map.nix
@@ -45,7 +45,7 @@ in {
    };
  };

-  age.secrets.maxmind-license-key.file = ../../secrets/maxmind-license-key.age;
+  age.secrets.maxmind-license-key.file = inputs.secrets + "/maxmind-license-key.age";

  niveum.passport.services = [
    {
--- a/systems/makanek/tt-rss.nix
+++ b/systems/makanek/tt-rss.nix
@@ -1,6 +1,5 @@
 {
-  pkgs,
-  lib,
+  inputs,
  config,
  ...
 }: let
@@ -19,7 +18,7 @@ in {
    };
  };

-  age.secrets.miniflux-credentials.file = ../../secrets/miniflux-credentials.age;
+  age.secrets.miniflux-credentials.file = inputs.secrets + "/miniflux-credentials.age";

  services.postgresqlBackup = {
    enable = true;
--- a/systems/makanek/weechat.nix
+++ b/systems/makanek/weechat.nix
@@ -1,7 +1,7 @@
 {
  lib,
  pkgs,
-  config,
+  inputs,
  ...
 }: let
  inherit (import ../../lib) kieran;
@@ -205,7 +205,7 @@ in {
  };

  age.secrets.weechat-sec = {
-    file = ../../secrets/weechat-sec.conf.age;
+    file = inputs.secrets + "/weechat-sec.conf.age";
    path = "/var/lib/weechat/sec.conf";
    owner = "weechat";
    group = "weechat";
--- a/systems/manakish/configuration.nix
+++ b/systems/manakish/configuration.nix
@@ -1,8 +1,4 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
+{inputs, ...}: let
  inherit (import ../../lib) retiolumAddresses;
 in {
  imports = [
@@ -16,19 +12,19 @@ in {

  age.secrets = {
    retiolum-rsa = {
-      file = ../../secrets/manakish-retiolum-privateKey-rsa.age;
+      file = inputs.secrets + "/manakish-retiolum-privateKey-rsa.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
    };
    retiolum-ed25519 = {
-      file = ../../secrets/manakish-retiolum-privateKey-ed25519.age;
+      file = inputs.secrets + "/manakish-retiolum-privateKey-ed25519.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
    };
-    syncthing-cert.file = ../../secrets/manakish-syncthing-cert.age;
-    syncthing-key.file = ../../secrets/manakish-syncthing-key.age;
+    syncthing-cert.file = inputs.secrets + "/manakish-syncthing-cert.age";
+    syncthing-key.file = inputs.secrets + "/manakish-syncthing-key.age";
  };

  niveum = {
--- a/systems/tabula/configuration.nix
+++ b/systems/tabula/configuration.nix
@@ -1,5 +1,5 @@
 {
-  config,
+  inputs,
  pkgs,
  ...
 }: let
@@ -15,13 +15,13 @@ in {

  age.secrets = {
    retiolum-rsa = {
-      file = ../../secrets/tabula-retiolum-privateKey-rsa.age;
+      file = inputs.secrets + "/tabula-retiolum-privateKey-rsa.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
    };
    retiolum-ed25519 = {
-      file = ../../secrets/tabula-retiolum-privateKey-ed25519.age;
+      file = inputs.secrets + "/tabula-retiolum-privateKey-ed25519.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
--- a/systems/tahina/configuration.nix
+++ b/systems/tahina/configuration.nix
@@ -1,5 +1,5 @@
 {
-  config,
+  inputs,
  pkgs,
  ...
 }: let
@@ -15,13 +15,13 @@ in {

  age.secrets = {
    retiolum-rsa = {
-      file = ../../secrets/tahina-retiolum-privateKey-rsa.age;
+      file = inputs.secrets + "/tahina-retiolum-privateKey-rsa.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
    };
    retiolum-ed25519 = {
-      file = ../../secrets/tahina-retiolum-privateKey-ed25519.age;
+      file = inputs.secrets + "/tahina-retiolum-privateKey-ed25519.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
--- a/systems/zaatar/configuration.nix
+++ b/systems/zaatar/configuration.nix
@@ -1,7 +1,7 @@
 {
  config,
  pkgs,
-  lib,
+  inputs,
  ...
 }: let
  inherit (import ../../lib) retiolumAddresses restic;
@@ -31,18 +31,18 @@ in {

  age.secrets = {
    retiolum-rsa = {
-      file = ../../secrets/zaatar-retiolum-privateKey-rsa.age;
+      file = inputs.secrets + "/zaatar-retiolum-privateKey-rsa.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
    };
    retiolum-ed25519 = {
-      file = ../../secrets/zaatar-retiolum-privateKey-ed25519.age;
+      file = inputs.secrets + "/zaatar-retiolum-privateKey-ed25519.age";
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
    };
-    restic.file = ../../secrets/restic.age;
+    restic.file = inputs.secrets + "/restic.age";
  };

  services.restic.backups.moodle-dl = {
--- a/systems/zaatar/moodle-dl-meinhark.nix
+++ b/systems/zaatar/moodle-dl-meinhark.nix
@@ -2,6 +2,7 @@
  config,
  pkgs,
  lib,
+  inputs,
  ...
 }: let
  moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old:
@@ -11,14 +12,16 @@
    });
 in {
  age.secrets = {
+    /*
    moodle-dl-tokens = {
-      file = ../../secrets/zaatar-moodle-dl-tokens.json.age;
+      file = inputs.secrets + "/zaatar-moodle-dl-tokens.json.age";
      owner = "moodle-dl";
      group = "moodle-dl";
      mode = "400";
    };
+    */
    moodle-dl-basicAuth = {
-      file = ../../secrets/zaatar-moodle-dl-basicAuth.age;
+      file = inputs.secrets + "/zaatar-moodle-dl-basicAuth.age";
      owner = "nginx";
      group = "nginx";
      mode = "400";
--- a/systems/zaatar/mpd.nix
+++ b/systems/zaatar/mpd.nix
@@ -2,6 +2,7 @@
  config,
  pkgs,
  lib,
+  inputs,
  ...
 }: let
  firewall = (import ../../lib).firewall lib;
@@ -102,14 +103,14 @@ in {

  age.secrets = {
    ympd-basicAuth = {
-      file = ../../secrets/zaatar-ympd-basicAuth.age;
+      file = inputs.secrets + "/zaatar-ympd-basicAuth.age";
      owner = "nginx";
      group = "nginx";
      mode = "400";
    };
-    syncthing-cert.file = ../../secrets/zaatar-syncthing-cert.age;
-    syncthing-key.file = ../../secrets/zaatar-syncthing-key.age;
-    di-fm-key.file = ../../secrets/di-fm-key.age;
+    syncthing-cert.file = inputs.secrets + "/zaatar-syncthing-cert.age";
+    syncthing-key.file = inputs.secrets + "/zaatar-syncthing-key.age";
+    di-fm-key.file = inputs.secrets + "/di-fm-key.age";
  };

  services.nginx = {
--- a/systems/zaatar/spotifyd.nix
+++ b/systems/zaatar/spotifyd.nix
@@ -1,4 +1,8 @@
-{config, ...}: {
+{
+  config,
+  inputs,
+  ...
+}: {
  services.spotifyd = {
    enable = true;
    settings = {
@@ -21,8 +25,8 @@
  };

  age.secrets = {
-    spotify-username.file = ../../secrets/spotify-username.age;
-    spotify-password.file = ../../secrets/spotify-password.age;
+    spotify-username.file = inputs.secrets + "/spotify-username.age";
+    spotify-password.file = inputs.secrets + "/spotify-password.age";
  };

  # ref https://github.com/NixOS/nixpkgs/issues/71362#issuecomment-753461502
Author	SHA1	Message	Date
github-actions[bot]	7a99500f72	flake.lock: Update Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c' (2023-06-19) → 'github:numtide/flake-utils/dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7' (2023-06-25) • Updated input 'home-manager': 'github:nix-community/home-manager/6ca1e16eb3016c94b7ac16699e1d4158bd4e39a4' (2023-06-24) → 'github:nix-community/home-manager/07c347bb50994691d7b0095f45ebd8838cf6bc38' (2023-06-27) • Updated input 'nixinate': 'github:matthewcroughan/nixinate/b4d17b8e2a4abc47e93e1a1c466e0286a63640d8' (2022-12-15) → 'github:matthewcroughan/nixinate/7902ae845e6cc5bd450e510cdf5e009a6e4a44d9' (2023-06-30) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/ecb441f22067ba1d6312f4932a7c64efa8d19a7b' (2023-06-22) → 'github:NixOS/nixpkgs/b72aa95f7f096382bff3aea5f8fde645bca07422' (2023-06-30) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/b154feadb9abd34350360a80cb4b7e6ce8525a75' (2023-06-25) → 'github:NixOS/nixpkgs/3eb8ccf3b3922be5586a263e7d6f4f98e3acf728' (2023-07-02) • Updated input 'nur': 'github:nix-community/NUR/9eed2d0c604236451550cede1095b94bc8897133' (2023-06-25) → 'github:nix-community/NUR/8993e5d37ab3ec80883751b5d86d48e9b74bed43' (2023-07-02) • Updated input 'retiolum': 'git+https://git.thalheim.io/Mic92/retiolum?ref=refs/heads/master&rev=f79b533caf30820d93a79878d871c08faa35b3f4' (2023-06-06) → 'git+https://git.thalheim.io/Mic92/retiolum?ref=refs/heads/master&rev=5204150c92b7c412a3331337ef73b0eb0f01f6ba' (2023-07-01) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/ec002586144fe0f48039dced270c188f0b8213ab' (2023-06-24) → 'github:oxalica/rust-overlay/ef95001485c25edb43ea236bdb03640b9073abef' (2023-07-01) • Updated input 'secrets': 'path:./secrets?lastModified=1&narHash=sha256-D9ZMDdN7FOG%2Bx8Ds2FuBUz/ujRLjJ07rxiV8AFuEqbQ%3D' (1970-01-01) → 'path:./secrets?lastModified=1&narHash=sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo%3D' (1970-01-01)	2023-07-02 00:59:43 +00:00
Kierán Meinhardt	3138fd23ef	chore: get secrets via input, mock for CI this fixes CI, yay!	2023-06-27 20:13:09 +02:00
Kierán Meinhardt	d0edb9c915	feat(syncthing): sync zotero	2023-06-27 17:57:26 +02:00
Kierán Meinhardt	120a50db3b	feat(fonts): coptic and correct arabic	2023-06-27 17:50:07 +02:00
Kierán Meinhardt	3736b99603	fix: moodle-dl nfs	2023-06-27 17:49:56 +02:00
Kierán Meinhardt	6db3928a47	fix: ci	2023-06-26 16:03:19 +02:00
Kierán Meinhardt	d980fe6da5	fix(zaatar): remove moodle-dl fully	2023-06-26 15:26:25 +02:00
Kierán Meinhardt	a599e5a64b	Merge remote-tracking branch 'origin/update_flake_lock_action'	2023-06-26 15:11:38 +02:00
Kierán Meinhardt	6dd286b2bf	fix(hu-berlin): vpn	2023-06-26 14:27:27 +02:00