Price/NixOS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

style: format with nixfmt

Browse Source
This commit is contained in:
Price Hiller 2024-03-14 03:51:03 -05:00
parent 3b890fc629
commit a6cdb184ab
Signed by: Price
GPG Key ID: C3FADDE7A8534BEB
34 changed files with 186 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
flake.nix
View File

@ -147,4 +147,4 @@
''; '';
}; };
}); });
} }

5
hosts/luna/default.nix
View File

@ -1,5 +1,4 @@
{ config, lib, nixpkgs, ... }: { config, lib, nixpkgs, ... }: {
{
imports = (lib.recurseFilesInDirs [ ./os ./modules ] ".nix"); imports = (lib.recurseFilesInDirs [ ./os ./modules ] ".nix");
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

2
hosts/luna/modules/default.nix
View File

@ -5,4 +5,4 @@
systemd.extraConfig = '' systemd.extraConfig = ''
DefaultTimeoutStopSec=10s DefaultTimeoutStopSec=10s
''; '';
} }

10
hosts/luna/modules/docker/default.nix
View File

@ -1,9 +1,5 @@
{ pkgs, ... }: { pkgs, ... }: {
{ environment.systemPackages = with pkgs; [ docker docker-compose ];
environment.systemPackages = with pkgs; [
docker
docker-compose
];
virtualisation = { virtualisation = {
oci-containers.backend = "docker"; oci-containers.backend = "docker";
@ -14,4 +10,4 @@
package = pkgs.docker; package = pkgs.docker;
}; };
}; };
} }

2
hosts/luna/modules/monitoring/auditd.nix
View File

@ -33,4 +33,4 @@
# Root command executions # Root command executions
"-a always,exit -F arch=b64 -F euid=0 -F auid>=1000 -F auid!=-1 -S execve -F key=rootcmd" "-a always,exit -F arch=b64 -F euid=0 -F auid>=1000 -F auid!=-1 -S execve -F key=rootcmd"
]; ];
} }

2
hosts/luna/modules/monitoring/grafana.nix
View File

@ -24,4 +24,4 @@ in {
}; };
}; };
}; };
} }

2
hosts/luna/modules/monitoring/prometheus.nix
View File

@ -89,4 +89,4 @@ in {
user = "prometheus"; user = "prometheus";
group = "prometheus"; group = "prometheus";
}]; }];
} }

12
hosts/luna/modules/networking.nix
View File

@ -20,9 +20,9 @@ let
"2620:fe::9#dns.quad9.net" "2620:fe::9#dns.quad9.net"
"2001:4860:4860::8888#dns.google" "2001:4860:4860::8888#dns.google"
]; ];
resolved_fallback_nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ]; resolved_fallback_nameservers =
in [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
{ in {
systemd.network = { systemd.network = {
enable = true; enable = true;
# HACK: Disable wait-online, check in on https://github.com/NixOS/nixpkgs/pull/258680 & # HACK: Disable wait-online, check in on https://github.com/NixOS/nixpkgs/pull/258680 &
@ -89,11 +89,7 @@ in
nftables.enable = true; nftables.enable = true;
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ allowedTCPPorts = [ 80 443 2200 ];
80
443
2200
];
}; };
hostName = "${hostname}"; hostName = "${hostname}";
}; };

5
hosts/luna/modules/services/fail2ban.nix
View File

@ -1,7 +1,6 @@
{ ... }: { ... }: {
{
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
maxretry = 10; maxretry = 10;
}; };
} }

6
hosts/luna/modules/services/gitea.nix
View File

@ -59,9 +59,7 @@ in {
url = config.services.gitea.settings.server.ROOT_URL; url = config.services.gitea.settings.server.ROOT_URL;
tokenFile = config.age.secrets.gitea-runner-token.path; tokenFile = config.age.secrets.gitea-runner-token.path;
name = "Default"; name = "Default";
settings = { settings = { runner.capacity = 8; };
runner.capacity = 8;
};
labels = [ labels = [
"default:docker://nixos/nix:latest" "default:docker://nixos/nix:latest"
"alpine:docker://alpine:latest" "alpine:docker://alpine:latest"
@ -87,4 +85,4 @@ in {
user = config.services.gitea.user; user = config.services.gitea.user;
group = config.services.gitea.group; group = config.services.gitea.group;
}]; }];
} }

3
hosts/luna/modules/services/journald.nix
View File

@ -1,5 +1,4 @@
{ ... }: { ... }: {
{
services.journald = { services.journald = {
extraConfig = '' extraConfig = ''
SystemMaxUse=100G SystemMaxUse=100G

5
hosts/luna/modules/services/nginx.nix
View File

@ -1,5 +1,4 @@
{ config, pkgs, blog, fqdn, ... }: { config, pkgs, blog, fqdn, ... }: {
{
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
@ -18,4 +17,4 @@
root = blog.packages.${pkgs.system}.default; root = blog.packages.${pkgs.system}.default;
locations."/".index = "home.html"; locations."/".index = "home.html";
}; };
} }

2
hosts/luna/modules/services/openssh.nix
View File

@ -36,4 +36,4 @@
''; '';
}; };
} }

27
hosts/luna/modules/services/postgresql.nix
View File

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{
services.postgresqlBackup = { services.postgresqlBackup = {
location = "/var/backup/postgresql"; location = "/var/backup/postgresql";
backupAll = true; backupAll = true;
@ -16,18 +15,24 @@
log_statement = "all"; log_statement = "all";
log_destination = lib.mkForce "syslog,jsonlog"; log_destination = lib.mkForce "syslog,jsonlog";
}; };
ensureUsers = [ ensureUsers = [{
{ name = "root";
name = "root"; ensureClauses.superuser = true;
ensureClauses.superuser = true; }];
}
];
}; };
environment.systemPackages = [ pkgs.pgloader ]; environment.systemPackages = [ pkgs.pgloader ];
environment.persistence.save.directories = [ environment.persistence.save.directories = [
{ directory = config.services.postgresql.dataDir; user = "postgres"; group = "postgres"; } {
{ directory = config.services.postgresqlBackup.location; user = "postgres"; group = "postgres"; } directory = config.services.postgresql.dataDir;
user = "postgres";
group = "postgres";
}
{
directory = config.services.postgresqlBackup.location;
user = "postgres";
group = "postgres";
}
]; ];
} }

6
hosts/luna/modules/system.nix
View File

@ -7,11 +7,7 @@
dates = "05:00"; dates = "05:00";
allowReboot = true; allowReboot = true;
flake = self.outPath; flake = self.outPath;
flags = [ flags = [ "--update-input" "nixpkgs" "-L" ];
"--update-input"
"nixpkgs"
"-L"
];
}; };
}; };
} }

7
hosts/luna/modules/users.nix
View File

@ -14,6 +14,9 @@
}; };
environment.persistence.ephemeral.users = { environment.persistence.ephemeral.users = {
price = { files = [ ".bash_history" ]; }; price = { files = [ ".bash_history" ]; };
root = { home = "/root"; files = [ ".bash_history" ]; }; root = {
home = "/root";
files = [ ".bash_history" ];
};
}; };
} }

10
hosts/luna/os/boot.nix
View File

@ -1,10 +1,6 @@
{ modulesPath, pkgs, ... }: { modulesPath, pkgs, ... }: {
{
imports = imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = { boot = {
tmp = { tmp = {
@ -73,4 +69,4 @@
}; };
}; };
} }

2
hosts/luna/os/default.nix
View File

@ -2,4 +2,4 @@
{ {
zramSwap.enable = true; zramSwap.enable = true;
} }

125
hosts/luna/os/fs.nix
View File

@ -1,14 +1,9 @@
{ lib, root-disk, persist-dir, ... }: { lib, root-disk, persist-dir, ... }: {
{
services = { services = {
fstrim.enable = true; fstrim.enable = true;
btrfs.autoScrub = { btrfs.autoScrub = {
enable = true; enable = true;
fileSystems = [ fileSystems = [ "/" "/nix" "/persist" ];
"/"
"/nix"
"/persist"
];
}; };
snapper = { snapper = {
# NOTE: According to `snapper-config(5)` the default timeline count for all timelines is 10 # NOTE: According to `snapper-config(5)` the default timeline count for all timelines is 10
@ -23,73 +18,61 @@
fileSystems."${persist-dir}".neededForBoot = true; fileSystems."${persist-dir}".neededForBoot = true;
disko.devices = disko.devices = {
{ disk.${lib.removePrefix "/dev/" root-disk} = {
disk.${lib.removePrefix "/dev/" root-disk} = { type = "disk";
type = "disk"; device = "${root-disk}";
device = "${root-disk}"; content = {
content = { type = "gpt";
type = "gpt"; partitions = {
partitions = { esp = let label = "NixOS-Boot";
esp = in {
let priority = 1;
label = "NixOS-Boot"; size = "512M";
in type = "EF00";
{ content = {
priority = 1; extraArgs = [ "-n ${label}" "-F 32" ];
size = "512M"; type = "filesystem";
type = "EF00"; format = "vfat";
content = { mountpoint = "/boot";
extraArgs = [ "-n ${label}" "-F 32" ]; mountOptions = [ "umask=0077" "defaults" ];
type = "filesystem"; };
format = "vfat"; };
mountpoint = "/boot"; root = let label = "NixOS-Primary";
mountOptions = [ in {
"umask=0077" size = "100%";
"defaults" content = {
]; type = "btrfs";
}; extraArgs = [ "-f" "--label ${label}" ];
}; postCreateHook = ''
root = MOUNT="$(mktemp -d)"
let mount "/dev/disk/by-label/${label}" "$MOUNT" -o subvol=/
label = "NixOS-Primary"; trap 'umount $MOUNT; rm -rf $MOUNT' EXIT
in btrfs subvolume snapshot -r "$MOUNT/root" "$MOUNT/root-base"
{ '';
size = "100%"; subvolumes = {
content = { "/root" = { mountpoint = "/"; };
type = "btrfs"; "/var-log" = {
extraArgs = [ "-f" "--label ${label}" ]; mountpoint = "/var/log";
postCreateHook = '' mountOptions = [ "compress=zstd" "noatime" ];
MOUNT="$(mktemp -d)" };
mount "/dev/disk/by-label/${label}" "$MOUNT" -o subvol=/ "/nix" = {
trap 'umount $MOUNT; rm -rf $MOUNT' EXIT mountpoint = "/nix";
btrfs subvolume snapshot -r "$MOUNT/root" "$MOUNT/root-base" mountOptions = [ "compress=zstd" "noatime" ];
''; };
subvolumes = { "${persist-dir}" = {
"/root" = { mountpoint = "${persist-dir}";
mountpoint = "/"; mountOptions = [ "compress=zstd" "noatime" ];
}; };
"/var-log" = { "${persist-dir}/.snapshots" = {
mountpoint = "/var/log"; mountpoint = "${persist-dir}/.snapshots";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"${persist-dir}" = {
mountpoint = "${persist-dir}";
mountOptions = [ "compress=zstd" "noatime" ];
};
"${persist-dir}/.snapshots" = {
mountpoint = "${persist-dir}/.snapshots";
mountOptions = [ "compress=zstd" "noatime" ];
};
};
}; };
}; };
};
}; };
}; };
}; };
}; };
} };
}

6
hosts/luna/os/hardware.nix
View File

@ -1,6 +1,6 @@
{ lib, config, ... }: { lib, config, ... }: {
{ hardware.cpu.intel.updateMicrocode =
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
services.fstrim.enable = true; services.fstrim.enable = true;
} }

2
hosts/luna/pubkey.nix
View File

@ -1 +1 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZzZ6q/V7f8zbb9Xm0uZPn4zfdXAj3QgwGkGKzEV9Q5 luna" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZzZ6q/V7f8zbb9Xm0uZPn4zfdXAj3QgwGkGKzEV9Q5 luna"

5
hosts/orion/default.nix
View File

@ -1,5 +1,4 @@
{ config, lib, nixpkgs, ... }: { config, lib, nixpkgs, ... }: {
{
imports = (lib.recurseFilesInDirs [ ./os ./modules ] ".nix"); imports = (lib.recurseFilesInDirs [ ./os ./modules ] ".nix");
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

4
hosts/orion/modules/bluetooth.nix
View File

@ -3,9 +3,7 @@
{ {
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
services.blueman.enable = true; services.blueman.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ bluez ];
bluez
];
systemd.user.services.mpris-proxy = { systemd.user.services.mpris-proxy = {
description = "Mpris proxy"; description = "Mpris proxy";

3
hosts/orion/modules/hardware.nix
View File

@ -16,6 +16,7 @@
# Remove NVIDIA VGA/3D controller devices # Remove NVIDIA VGA/3D controller devices
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", ATTR{power/control}="auto", ATTR{remove}="1" ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", ATTR{power/control}="auto", ATTR{remove}="1"
''; '';
boot.blacklistedKernelModules = [ "nouveau" "nvidia" "nvidia_drm" "nvidia_modeset" ]; boot.blacklistedKernelModules =
[ "nouveau" "nvidia" "nvidia_drm" "nvidia_modeset" ];
} }

5
hosts/orion/modules/networking.nix
View File

@ -25,8 +25,7 @@ let
"2606:4700:4700::1111#cloudflare-dns.com" "2606:4700:4700::1111#cloudflare-dns.com"
"2606:4700:4700::1001#cloudflare-dns.com" "2606:4700:4700::1001#cloudflare-dns.com"
]; ];
in in {
{
systemd.network = { systemd.network = {
enable = true; enable = true;
networks = { networks = {
@ -89,4 +88,4 @@ in
useNetworkd = true; useNetworkd = true;
}; };
} }

2
hosts/orion/modules/nix.nix
View File

@ -5,7 +5,7 @@
settings = { settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true; auto-optimise-store = true;
trusted-users = ["@wheel"]; trusted-users = [ "@wheel" ];
}; };
gc = { gc = {
automatic = true; automatic = true;

25
hosts/orion/modules/services/openssh.nix
View File

@ -1,19 +1,14 @@
{ config, ... }: { config, ... }: {
{
services.openssh = { services.openssh = {
enable = true; enable = true;
startWhenNeeded = true; startWhenNeeded = true;
# We set the hostkeys manually so they persist through reboots # We set the hostkeys manually so they persist through reboots
hostKeys = [ hostKeys = [{
{ path = (config.environment.persistence.ephemeral.persistentStoragePath
path = (config.environment.persistence.ephemeral.persistentStoragePath + "/etc/ssh/ssh_host_ed25519_key"); + "/etc/ssh/ssh_host_ed25519_key");
type = "ed25519"; type = "ed25519";
} }];
]; sftpFlags = [ "-f AUTHPRIV" "-l INFO" ];
sftpFlags = [
"-f AUTHPRIV"
"-l INFO"
];
extraConfig = '' extraConfig = ''
AllowUsers price AllowUsers price
''; '';
@ -41,9 +36,7 @@
"umac-128-etm@openssh.com" "umac-128-etm@openssh.com"
]; ];
}; };
ports = [ ports = [ 2200 ];
2200
];
banner = '' banner = ''
Orion Technologies - Security Notice Orion Technologies - Security Notice
@ -59,4 +52,4 @@
''; '';
}; };
} }

7
hosts/orion/modules/users.nix
View File

@ -14,6 +14,9 @@
}; };
environment.persistence.ephemeral.users = { environment.persistence.ephemeral.users = {
price = { files = [ ".bash_history" ]; }; price = { files = [ ".bash_history" ]; };
root = { home = "/root"; files = [ ".bash_history" ]; }; root = {
home = "/root";
files = [ ".bash_history" ];
};
}; };
} }

9
hosts/orion/os/boot.nix
View File

@ -1,9 +1,7 @@
{ modulesPath, pkgs, ... }: { { modulesPath, pkgs, ... }: {
# imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; # imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports = imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot = { boot = {
loader = { loader = {
@ -14,7 +12,8 @@
kernelParams = [ "audit=1" ]; kernelParams = [ "audit=1" ];
extraModulePackages = [ ]; extraModulePackages = [ ];
initrd = { initrd = {
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; availableKernelModules =
[ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
# availableKernelModules = # availableKernelModules =
# [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usbhid" "rtsx_pci_sdmmc" ]; # [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usbhid" "rtsx_pci_sdmmc" ];
# kernelModules = [ ]; # kernelModules = [ ];
@ -70,4 +69,4 @@
}; };
}; };
} }

2
hosts/orion/os/fs.nix
View File

@ -72,4 +72,4 @@
}; };
}; };
}; };
} }

2
hosts/orion/pubkey.nix
View File

@ -1 +1 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKuypHJpFMaElzWO2QrPNF5o97LGJK/LckHuWvfwIFWI orion" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKuypHJpFMaElzWO2QrPNF5o97LGJK/LckHuWvfwIFWI orion"

58
lib/default.nix
View File

@ -1,31 +1,22 @@
# Some of these functions were taken from https://github.com/NixOS/nixpkgs/blob/master/lib/ # Some of these functions were taken from https://github.com/NixOS/nixpkgs/blob/master/lib/
{ lib ? (import <nixpkgs> { }).lib }: { lib ? (import <nixpkgs> { }).lib }: rec {
rec { hasSuffix = suffix: string:
hasSuffix =
suffix:
string:
let let
lenSuffix = builtins.stringLength suffix; lenSuffix = builtins.stringLength suffix;
lenString = builtins.stringLength string; lenString = builtins.stringLength string;
in in (lenString >= lenSuffix
( && (builtins.substring (lenString - lenSuffix) lenString string)
lenString >= lenSuffix && (builtins.substring (lenString - lenSuffix) lenString string) == suffix == suffix);
);
recurseDir = dir: recurseDir = dir:
let let dirContents = builtins.readDir dir;
dirContents = builtins.readDir dir; in (builtins.concatMap (dirItem:
in let
(builtins.concatMap itemType = builtins.getAttr dirItem dirContents;
(dirItem: itemPath = dir + "/${dirItem}";
let in if itemType == "directory" then
itemType = builtins.getAttr dirItem dirContents; (recurseDir itemPath)
itemPath = dir + "/${dirItem}"; else
in [ itemPath ]) (builtins.attrNames dirContents));
if itemType == "directory" then
(recurseDir itemPath)
else
[ itemPath ])
(builtins.attrNames dirContents));
recurseFilesInDir = dir: suffix: recurseFilesInDir = dir: suffix:
(builtins.filter (file: hasSuffix "${suffix}" file) (recurseDir dir)); (builtins.filter (file: hasSuffix "${suffix}" file) (recurseDir dir));
recurseFilesInDirs = dirs: suffix: recurseFilesInDirs = dirs: suffix:
@ -35,14 +26,13 @@ rec {
let let
f = attrPath: f = attrPath:
lib.zipAttrsWith (n: values: lib.zipAttrsWith (n: values:
if lib.tail values == [ ] if lib.tail values == [ ] then
then lib.head values lib.head values
else if lib.all builtins.isList values else if lib.all builtins.isList values then
then lib.unique (lib.concatLists values) lib.unique (lib.concatLists values)
else if lib.all builtins.isAttrs values else if lib.all builtins.isAttrs values then
then f (attrPath ++ [ n ]) values f (attrPath ++ [ n ]) values
else lib.last values else
); lib.last values);
in in f [ ] attrList;
f [ ] attrList; }
}

74
secrets/default.nix
View File

@ -5,52 +5,32 @@ let
"age1ur2lr3z6d2eftgxcalc6s5x9840ew9x43upl9k23wg0ugacrn5as4zl6sj" "age1ur2lr3z6d2eftgxcalc6s5x9840ew9x43upl9k23wg0ugacrn5as4zl6sj"
]; ];
hosts = { hosts = {
luna = luna = let secrets = "luna";
let in {
secrets = "luna"; users-root-pw = "${secrets}/users-root-pw.age";
in users-price-pw = "${secrets}/users-price-pw.age";
{ gitea-db-pass = "${secrets}/gitea-db-pass.age";
users-root-pw = "${secrets}/users-root-pw.age"; gitea-runner-token = "${secrets}/gitea-runner-token.age";
users-price-pw = "${secrets}/users-price-pw.age"; };
gitea-db-pass = "${secrets}/gitea-db-pass.age"; orion = let secrets = "orion";
gitea-runner-token = "${secrets}/gitea-runner-token.age"; in {
}; users-root-pw = "${secrets}/users-root-pw.age";
orion = users-price-pw = "${secrets}/users-price-pw.age";
let };
secrets = "orion";
in
{
users-root-pw = "${secrets}/users-root-pw.age";
users-price-pw = "${secrets}/users-price-pw.age";
};
}; };
in in if agenix then
if agenix then (builtins.listToAttrs (builtins.concatMap (host:
(builtins.listToAttrs let hostSecrets = (builtins.getAttr host hosts);
(builtins.concatMap in (builtins.map (hostSecretName:
(host: let secret = (builtins.getAttr hostSecretName hostSecrets);
let in {
hostSecrets = (builtins.getAttr host hosts); name = builtins.toString secret;
in value = {
(builtins.map publicKeys = [ (import ./../hosts/${host}/pubkey.nix) ] ++ masterKeys;
(hostSecretName: };
let }) (builtins.attrNames hostSecrets))) (builtins.attrNames hosts)))
secret = (builtins.getAttr hostSecretName hostSecrets);
in
{
name = builtins.toString secret;
value = {
publicKeys = [ (import ./../hosts/${host}/pubkey.nix) ] ++ masterKeys;
};
})
(builtins.attrNames hostSecrets)))
(builtins.attrNames hosts)))
else else
(builtins.mapAttrs (builtins.mapAttrs (host: secrets:
(host: secrets: (lib.recursiveMerge (builtins.map (secretName: {
(lib.recursiveMerge (builtins.map age.secrets.${secretName}.file = ./${secrets.${secretName}};
(secretName: { }) (builtins.attrNames hosts.${host})))) hosts)
age.secrets.${secretName}.file = ./${secrets.${secretName}};
})
(builtins.attrNames hosts.${host}))))
hosts)

2
secrets/secrets.nix
View File

@ -1 +1 @@
import ./default.nix { agenix = true; } import ./default.nix { agenix = true; }