fix: attribute 'nix-access-tokens' missing for homelab

2026-03-20 00:24:28 +01:00 · 2025-02-27 22:46:37 +08:00
parent 417d7ad2d7
commit cfdf12b356
5 changed files with 25 additions and 13 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -814,10 +814,10 @@
    "mysecrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1737955933,
-        "narHash": "sha256-ZFEmdm1T2F7kc1hHHKcg/+iaYmNJ+b5jMbvQ6aUuTis=",
+        "lastModified": 1740667506,
+        "narHash": "sha256-0cfi0sHvU23SDZqykO0+PrSTnxz0Lslo4z52L/H2VUE=",
        "ref": "refs/heads/main",
-        "rev": "f6aeb3fa21216c63f33a637d3f874a4bbddd5989",
+        "rev": "2ed1bd37e3bbc553f5efe3b212333652fa5f3eab",
        "shallow": true,
        "type": "git",
        "url": "ssh://git@github.com/ryan4yin/nix-secrets.git"
--- a/outputs/x86_64-linux/src/kubevirt-shoryu.nix
+++ b/outputs/x86_64-linux/src/kubevirt-shoryu.nix
@@ -24,7 +24,10 @@
        "hosts/k8s/${name}"
      ])
      ++ [
-        # {modules.secrets.server.kubernetes.enable = true;}
+        {
+          modules.secrets.server.kubernetes.enable = true;
+          modules.secrets.impermanence.enable = true;
+        }
      ];
    # home-modules = map mylib.relativeToRoot [
    #   "home/linux/tui.nix"
--- a/outputs/x86_64-linux/src/kubevirt-shushou.nix
+++ b/outputs/x86_64-linux/src/kubevirt-shushou.nix
@@ -24,7 +24,10 @@
        "hosts/k8s/${name}"
      ])
      ++ [
-        # {modules.secrets.server.kubernetes.enable = true;}
+        {
+          modules.secrets.server.kubernetes.enable = true;
+          modules.secrets.impermanence.enable = true;
+        }
      ];
  };

--- a/outputs/x86_64-linux/src/kubevirt-youko.nix
+++ b/outputs/x86_64-linux/src/kubevirt-youko.nix
@@ -24,7 +24,10 @@
        "hosts/k8s/${name}"
      ])
      ++ [
-        # {modules.secrets.server.kubernetes.enable = true;}
+        {
+          modules.secrets.server.kubernetes.enable = true;
+          modules.secrets.impermanence.enable = true;
+        }
      ];
  };

--- a/secrets/nixos.nix
+++ b/secrets/nixos.nix
@@ -66,6 +66,16 @@ in {
          "/etc/ssh/ssh_host_ed25519_key"
        ];

+      # secrets that are used by all nixos hosts
+      age.secrets = {
+        "nix-access-tokens" =
+          {
+            file = "${mysecrets}/nix-access-tokens.age";
+          }
+          # access-token needs to be readable by the user running the `nix` command
+          // user_readable;
+      };
+
      assertions = [
        {
          # This expression should be true to pass the assertion
@@ -112,13 +122,6 @@ in {
          }
          // high_security;

-        "nix-access-tokens" =
-          {
-            file = "${mysecrets}/nix-access-tokens.age";
-          }
-          # access-token needs to be readable by the user running the `nix` command
-          // user_readable;
-
        # ---------------------------------------------
        # user can read this file.
        # ---------------------------------------------