diff --git a/flake.lock b/flake.lock index 47985915..09634000 100644 --- a/flake.lock +++ b/flake.lock @@ -1,25 +1,49 @@ { "nodes": { "agenix": { + "inputs": { + "agenix": "agenix_2", + "crane": "crane", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1682237245, + "narHash": "sha256-xbBR7LNK+d5Yi/D6FXQGc1R6u2VV2nwr/Df5iaEbOEQ=", + "owner": "ryan4yin", + "repo": "ragenix", + "rev": "281f68c3d477904f79ff1cd5807a8c226cd80a50", + "type": "github" + }, + "original": { + "owner": "ryan4yin", + "repo": "ragenix", + "type": "github" + } + }, + "agenix_2": { "inputs": { "darwin": "darwin", "home-manager": "home-manager", "nixpkgs": [ + "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1694733633, - "narHash": "sha256-/o/OubAsPMbxqru59tLlWzUI7LBNDaoW4rFwQ2Smxcg=", + "lastModified": 1701216516, + "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=", "owner": "ryantm", "repo": "agenix", - "rev": "54693c91d923fecb4cf04c4535e3d84f8dec7919", + "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247", "type": "github" }, "original": { "owner": "ryantm", "repo": "agenix", - "rev": "54693c91d923fecb4cf04c4535e3d84f8dec7919", "type": "github" } }, @@ -62,6 +86,27 @@ } }, "crane": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702956644, + "narHash": "sha256-6XxZSkhb/OkxIx705RHTTLYZ2qemmEC7tODD8f21gKw=", + "owner": "ipetkov", + "repo": "crane", + "rev": "537ebb11db883f9076e37d83e3c7ee69a4abb48c", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { "inputs": { "flake-compat": [ "lanzaboote", @@ -97,6 +142,7 @@ "darwin": { "inputs": { "nixpkgs": [ + "agenix", "agenix", "nixpkgs" ] @@ -192,25 +238,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_3" + "systems": "systems" }, "locked": { "lastModified": 1701680307, @@ -226,10 +254,46 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flake-utils_3": { "inputs": { "systems": "systems_4" }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_5" + }, "locked": { "lastModified": 1685518550, "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", @@ -312,6 +376,7 @@ "home-manager": { "inputs": { "nixpkgs": [ + "agenix", "agenix", "nixpkgs" ] @@ -357,7 +422,7 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems", + "systems": "systems_2", "wlroots": "wlroots", "xdph": "xdph" }, @@ -418,15 +483,15 @@ }, "lanzaboote": { "inputs": { - "crane": "crane", + "crane": "crane_2", "flake-compat": "flake-compat", "flake-parts": "flake-parts_2", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay" + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1682802423, @@ -554,7 +619,7 @@ }, "nixos-rk3588": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "mesa-panfork": "mesa-panfork", "nixpkgs": "nixpkgs_2", "pre-commit-hooks": "pre-commit-hooks" @@ -803,7 +868,7 @@ "pre-commit-hooks_2": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "gitignore": "gitignore_3", "nixpkgs": [ "nixpkgs" @@ -848,6 +913,31 @@ } }, "rust-overlay": { + "inputs": { + "flake-utils": [ + "agenix", + "flake-utils" + ], + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703037971, + "narHash": "sha256-HzfW5MLt+I0DlfPM9sL+Vd1XrywoWiW0LSAez3wp23E=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "16ab5af8f23b63f34dd7a48a68ab3b50dc3dd2b6", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { "inputs": { "flake-utils": [ "lanzaboote", @@ -873,21 +963,6 @@ } }, "systems": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_2": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -902,6 +977,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, "systems_3": { "locked": { "lastModified": 1681028828, @@ -932,6 +1022,21 @@ "type": "github" } }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "thead-kernel": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 12f82602..0948b144 100644 --- a/flake.nix +++ b/flake.nix @@ -140,10 +140,12 @@ url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; - - # secrets management, lock with git commit at 0.14.0 + # secrets management agenix = { - url = "github:ryantm/agenix/54693c91d923fecb4cf04c4535e3d84f8dec7919"; + # lock with git commit at 0.14.0 + # url = "github:ryantm/agenix/54693c91d923fecb4cf04c4535e3d84f8dec7919"; + # replaced with a type-safe reimplementation to get a better error message and less bugs. + url = "github:ryan4yin/ragenix"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/secrets/README.md b/secrets/README.md index 5933e58d..eb4035d1 100644 --- a/secrets/README.md +++ b/secrets/README.md @@ -144,5 +144,5 @@ If you're deploying to the same machine from which you encrypted the secrets, it - [ragenix](https://github.com/yaxitech/ragenix): A Rust reimplementation of agenix. - agenix is mainly written in bash, and it's error message is quite obscure, a little typo may cause some errors no one can understand. - - with a type-safe language like Rust, we can get a better error message and a better user experience, and less bugs. + - with a type-safe language like Rust, we can get a better error message and less bugs.