7 changed files with 183 additions and 45 deletions
--- a/README.md
+++ b/README.md
@ -5,7 +5,7 @@
  Laureηt's Infrastructure <br>
  <img src="https://raw.githubusercontent.com/catppuccin/catppuccin/main/assets/palette/macchiato.png" width="600px">
-  <a href="https://github.com/ryantm/agenix">
+  <a href="https://github.com/yaxitech/ragenix/">
    <img src="https://img.shields.io/static/v1.svg?style=for-the-badge&label=Secrets&message=age&color=ea999c&labelColor=303446">
  </a>
  <a href="https://git.fainsin.bzh/Laurent/infrastructure/src/branch/master/LICENSE">
--- a/flake.lock
+++ b/flake.lock
@ -54,23 +54,42 @@
    },
    "agenix": {
      "inputs": {
-        "darwin": "darwin",
+        "agenix": "agenix_2",
-        "home-manager": [
+        "crane": "crane",
-          "home-manager"
+        "flake-utils": "flake-utils",
        ],
        "nixpkgs": [
          "nixpkgs"
        ],
-        "systems": [
+        "rust-overlay": "rust-overlay"
-          "systems"
+      },
      "locked": {
        "lastModified": 1682237245,
        "narHash": "sha256-xbBR7LNK+d5Yi/D6FXQGc1R6u2VV2nwr/Df5iaEbOEQ=",
        "owner": "yaxitech",
        "repo": "ragenix",
        "rev": "281f68c3d477904f79ff1cd5807a8c226cd80a50",
        "type": "github"
      },
      "original": {
        "owner": "yaxitech",
        "repo": "ragenix",
        "type": "github"
      }
    },
    "agenix_2": {
      "inputs": {
        "darwin": "darwin",
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1703433843,
+        "lastModified": 1682101079,
-        "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
+        "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "417caa847f9383e111d1397039c9d4337d024bf0",
+        "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
        "type": "github"
      },
      "original": {
@ -144,6 +163,36 @@
      }
    },
    "crane": {
      "inputs": {
        "flake-compat": "flake-compat",
        "flake-utils": [
          "agenix",
          "flake-utils"
        ],
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ],
        "rust-overlay": [
          "agenix",
          "rust-overlay"
        ]
      },
      "locked": {
        "lastModified": 1681680516,
        "narHash": "sha256-EB8Adaeg4zgcYDJn9sR6UMjN/OHdIiMMK19+3LmmXQY=",
        "owner": "ipetkov",
        "repo": "crane",
        "rev": "54b63c8eae4c50172cb50b612946ff1d2bc1c75c",
        "type": "github"
      },
      "original": {
        "owner": "ipetkov",
        "repo": "crane",
        "type": "github"
      }
    },
    "crane_2": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
@ -167,16 +216,17 @@
    "darwin": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1700795494,
+        "lastModified": 1673295039,
-        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
        "type": "github"
      },
      "original": {
@ -193,11 +243,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1705075138,
+        "lastModified": 1705017253,
-        "narHash": "sha256-0slYsXoR1Sd5FwTfFZLYxAsI015+J4lvgvo55u4Gw1A=",
+        "narHash": "sha256-/ysUOnF/dYJXDTxi/fi4MNN7uYKRji5CKp3EIamXB+0=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "f78b6498f69e04514cb84393e5daba669198c1c1",
+        "rev": "fa5db12d76f9e8ee11e572cdbe021230e48b6afa",
        "type": "github"
      },
      "original": {
@ -229,6 +279,22 @@
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1673956053,
        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-compat_2": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
@ -287,7 +353,25 @@
    },
    "flake-utils": {
      "inputs": {
-        "systems": "systems_2"
+        "systems": "systems"
      },
      "locked": {
        "lastModified": 1681202837,
        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1694529238,
@ -348,11 +432,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1705104164,
+        "lastModified": 1704980804,
-        "narHash": "sha256-pllCu3Hcm1wP/B0SUxgUXvHeEd4w8s2aVrEQRdIL1yo=",
+        "narHash": "sha256-lPNNKdPqIYcjhhYIVwlajNt/HqVWbMOoSdNnwCvOP04=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "0912d26b30332ae6a90e1b321ff88e80492127dd",
+        "rev": "93e804e7f8a1eb88bde6117cd5046501e66aa4bd",
        "type": "github"
      },
      "original": {
@ -365,7 +449,7 @@
      "inputs": {
        "hyprland-protocols": "hyprland-protocols",
        "nixpkgs": "nixpkgs",
-        "systems": "systems",
+        "systems": "systems_2",
        "wlroots": "wlroots",
        "xdph": "xdph"
      },
@ -443,13 +527,13 @@
    },
    "lanzaboote": {
      "inputs": {
-        "crane": "crane",
+        "crane": "crane_2",
-        "flake-compat": "flake-compat",
+        "flake-compat": "flake-compat_2",
        "flake-parts": "flake-parts_2",
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
        "nixpkgs": "nixpkgs_3",
        "pre-commit-hooks-nix": "pre-commit-hooks-nix",
-        "rust-overlay": "rust-overlay"
+        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
        "lastModified": 1704813398,
@ -867,12 +951,37 @@
        "projet-oral-japonais": "projet-oral-japonais",
        "projet-systemes-algorithmes-repartis": "projet-systemes-algorithmes-repartis",
        "resume": "resume",
-        "systems": "systems_3",
+        "systems": "systems_4",
        "treefmt-nix": "treefmt-nix_2",
        "wallpaper": "wallpaper"
      }
    },
    "rust-overlay": {
      "inputs": {
        "flake-utils": [
          "agenix",
          "flake-utils"
        ],
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1682129965,
        "narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "2c417c0460b788328220120c698630947547ee83",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "rust-overlay_2": {
      "inputs": {
        "flake-utils": [
          "lanzaboote",
@ -898,6 +1007,21 @@
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1689347949,
        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@ -912,7 +1036,7 @@
        "type": "github"
      }
    },
-    "systems_2": {
+    "systems_3": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -927,7 +1051,7 @@
        "type": "github"
      }
    },
-    "systems_3": {
+    "systems_4": {
      "locked": {
        "lastModified": 1689347949,
        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
--- a/flake.nix
+++ b/flake.nix
@ -1,6 +1,7 @@
 {
  description = "Laureηt's infrastructure";
  # TODO: rekey les secrets + changer la key de cesium
  # TODO: luks encrypt cesium (dropbear ?)
  # TODO: setup disko sur silicium
@ -24,10 +25,9 @@
      inputs.nixpkgs-lib.follows = "nixpkgs";
    };
    agenix = {
-      url = "github:ryantm/agenix";
+      # TODO: replace by classic agenix
      url = "github:yaxitech/ragenix";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.home-manager.follows = "home-manager";
      inputs.systems.follows = "systems";
    };
    disko = {
      url = "github:nix-community/disko";
@ -180,7 +180,7 @@
          packages = [
            formatter # defined above
            pkgs.git # version control
-            agenix.packages.${system}.agenix # secrets
+            agenix.packages.${system}.ragenix # secrets
            pkgs.sbctl # secure boot utils
          ];
        };
--- a/hosts/cesium/system/age/default.nix
+++ b/hosts/cesium/system/age/default.nix
@ -4,4 +4,5 @@
    owner = "gitea";
    group = "gitea";
  };
  age.identityPaths = ["/root/.ssh/id_ed25519"];
 }
--- a/secrets/borgbackup.age
+++ b/secrets/borgbackup.age
@ -1,5 +1,12 @@
-age-encryption.org/v1
+-----BEGIN AGE ENCRYPTED FILE-----
-> ssh-ed25519 kZEpWw GRcmqKupwo/EZ5c28pu4Te0ODGmWU0rL+3HIbg7qgFE
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtaRXBXdyBCSFps
-dfnJzw6kZGgZQFoXjCNAOTnoLf4TO7ZTNT0ob0Q0qO4
+YjhJT3l2NVMwUlc1L3laWmRoaHRjZUpzbFZyMXA2K3diZ1VuZWdzCktYa0V5Ujk5
--- G6vG/80pcxtFNhbMacVxv393O4U9cpQEA8t0b4KMUzk
+M2JndmxSMkZpZFZCN25uaVFDMk1aNDJhbmo4YlU1MVVMTkkKLT4gTGo+Ti1ncmVh
-bØeãÝ$Çc•`.k#Ç^ºýƒ:ª"Îšüh8]·÷î—d$j"òaŸM»Åu@iZ×§^e½Ïi	¶ÉÝ¢eìá‘ô&¶¥åÒe÷,åçú–-¶yäFŽm,„¤åÁ"‰ÊC¨ã[™Ï*\ÈôŒ7Õƒù•(jc‘ÇCVf‚Jñ
+c2UgWFVaL0cKTTJ6ZGpRNzVkQTdBL00rd1NIVFpwQkV5WmVPWWJLMWNlaE51cDVy
 ajVJd3VOL1pUSkxJVGJiejFQR3UwWFdQQwpqN2tTZzhWem85TGhEYmtRM3lKNHpz
 azlreEFvbFgwYWxJK0JxMGV1MUFlUHQ4dVppYUtScjZ5Vjl2N1VQa21hCgotLS0g
 bXA2YUxBNEc4NThjKzNKSXlNcEE5TE1DbWxoVUcxZTRLYXZrY1Rrb2cyTQqFtX6u
 I6xKT4GsVsZONMHURFyBrwC6f9nyDcZv7w7i+0WjpalP3k26D3pLbB4I3g5p3X8U
 A60vagUy20vBPYYh9P2dGsLDieGq6GRxQfwIXHkxZ+d7akAi3n+p5ltfJ2h9Zuti
 RRBKtnxVIaHp6TZjausCKVfvIXW540gQogiUjadPm7xt
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/gitea.age
+++ b/secrets/gitea.age
@ -1,7 +1,13 @@
-age-encryption.org/v1
+-----BEGIN AGE ENCRYPTED FILE-----
-> ssh-ed25519 kZEpWw wwRzGnuU1emv5/dIg1nmg6gsFIq+b/JBdML9nlZ54V8
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtaRXBXdyBaTENK
-uw2/wrycilU5m0QH/JHVADH41mAqcl7udmfpKAwMQAY
+NGt2K1pRRll2cStROFJDT0hMVzVSWEJQRmErUHpVVndyQzBDUmlvCnhlREd3YWc5
-> ssh-ed25519 mQMqbw OnupY43Uc/RGdHHUj9ItT5QBiASqwMpyih4Xnq1JSRU
+c09LdldNeXZwMmg2SlNLRXhrelVwNnRua3BHN2JLYWlyZE0KLT4gc3NoLWVkMjU1
-1PEkalnMjdgObz6euu0PbuutOyly/F5AGYEzYWcWpgg
+MTkgdjhFOVV3IE1acEhiTElpTzVQc3ExdkNVaG41SlQ2TXUrcTZJVE9Oc1hqRVNt
--- /KSY8DngUMetAF2hSb/scg2ZcV2I2bGu6B1JsdWHH+k
+clhMMGsKZ1Z1THRhZzZ3MkNHODV3RWllbzJUSk4xTk1DcGl2MzV3UFlGZXdZRldz
-§ƒEêŠvR1/$~XJÑ¹	 Ì#õ¶<tÙb–C¼ÎQ5(y¬¾BÁoüõ(ÁiÙÂg.ÉØ‘yt{tJW¡™A¸c7D\tž#Û¥\§îR×p¥±Ÿ({"’¼¨864Å<34>Ó|úm}S÷§°ÚXPÇöªJ£¨~{>ÑWÈÅ0c%
+VQotPiA8ODZhZjAtZ3JlYXNlCjJidUIrVmZ3MHdYVUlzdDl2VHIzK3BUWUQxOGVG
 OXFGMDNuY3VDTnNldEZjdlFQV2N2SUk1dkc2SnJ4b1ZXb3YKVzIrTVFxb1d0SE1X
 Z3hSK0x2MWMKLS0tIHFwemhyYmxDSEhCUk90TW1nSmMxYVE2ajJYOUpNVG54SHBS
 MWk2L01qMWcKhPYyts5zbaAtGuGVJpwReTxAj0iCR9Fqa3TwMzogeSEEZhyp3j3w
 Vc+RiCM/ykf4DqFg/Xiulb2H+3TN0lT40UF2VEHbSnZFvJDDR9ltVwubI7fq8C5r
 feA1+W0uQ7FDY4a+q1yjHcf47oirK6Q1+95hAn+Iq+koiEDP6TquTAWCaOIpMg==
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,6 +1,6 @@
 let
  silicium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@silicium";
-  cesium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVxpWbNJl+OXe6YImMpsJprfuTd+9UJVTiteiuyx6oP root@cesium";
+  cesium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxh42mMYqftTU7WtfktZbkdMI07VuH7mhUv3m2Ca3fV root@cesium";
 in {
  "borgbackup.age".publicKeys = [silicium];
  "gitea.age".publicKeys = [silicium cesium];