diff --git a/checks/darwin.nix b/checks/darwin.nix new file mode 100644 index 0000000..8b74e33 --- /dev/null +++ b/checks/darwin.nix @@ -0,0 +1,11 @@ + +{ + imports = [ + ../modules/nix-darwin/default.nix + ]; + documentation.enable = false; + sops.secrets.test_key = { }; + sops.defaultSopsFile = ../pkgs/sops-install-secrets/test-assets/secrets.yaml; + sops.age.generateKey = true; + system.stateVersion = 5; +} diff --git a/checks/home-manager.nix b/checks/home-manager.nix new file mode 100644 index 0000000..d1e6355 --- /dev/null +++ b/checks/home-manager.nix @@ -0,0 +1,15 @@ + +{ config, ... }: { + imports = [ + ../modules/home-manager/sops.nix + ]; + home.stateVersion = "25.05"; + home.username = "sops-user"; + home.homeDirectory = "/home/sops-user"; + home.enableNixpkgsReleaseCheck = false; + + sops.age.generateKey = true; + sops.age.keyFile = "${config.home.homeDirectory}/.age-key.txt"; + sops.secrets.test_key = { }; + sops.defaultSopsFile = ../pkgs/sops-install-secrets/test-assets/secrets.yaml; +} diff --git a/dev/private.narHash b/dev/private.narHash index b5ccbc3..0765e20 100644 --- a/dev/private.narHash +++ b/dev/private.narHash @@ -1 +1 @@ -sha256-qF9EiqHqJARLtA+ZABXa2mstgbza762DwoGEIGkyqVY= \ No newline at end of file +sha256-rXlTQPa9c8Ou52KO5S36sOyKUzurr5fuZcXnHr7g6YY= \ No newline at end of file diff --git a/dev/private/flake.lock b/dev/private/flake.lock index eb3008e..8e31b4f 100644 --- a/dev/private/flake.lock +++ b/dev/private/flake.lock @@ -1,5 +1,45 @@ { "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1731832479, + "narHash": "sha256-icDDuYwJ0avTMZTxe1qyU/Baht5JOqw4pb5mWpR+hT0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "5056a1cf0ce7c2a08ab50713b6c4af77975f6111", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1731809072, + "narHash": "sha256-pOsDJQR0imnFLfpvTmRpHcP0tflyxtP/QIzokrKSP8U=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "34588d57cfc41c6953c54c93b6b685cab3b548ee", + "type": "github" + }, + "original": { + "owner": "LnL7", + "repo": "nix-darwin", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1731842749, @@ -18,6 +58,8 @@ }, "root": { "inputs": { + "home-manager": "home-manager", + "nix-darwin": "nix-darwin", "nixpkgs-stable": "nixpkgs-stable", "treefmt-nix": "treefmt-nix" } diff --git a/dev/private/flake.nix b/dev/private/flake.nix index e3a4865..53b2439 100644 --- a/dev/private/flake.nix +++ b/dev/private/flake.nix @@ -5,5 +5,11 @@ inputs.treefmt-nix.url = "github:numtide/treefmt-nix"; inputs.treefmt-nix.inputs.nixpkgs.follows = "nixpkgs-stable"; + inputs.nix-darwin.url = "github:LnL7/nix-darwin"; + inputs.nix-darwin.inputs.nixpkgs.follows = "nixpkgs-stable"; + + inputs.home-manager.url = "github:nix-community/home-manager"; + inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs-stable"; + outputs = _: { }; } diff --git a/flake.nix b/flake.nix index 9e4da72..8fb6170 100644 --- a/flake.nix +++ b/flake.nix @@ -78,7 +78,7 @@ # dev outputs { checks = eachSystem ( - { system, ... }: + { pkgs, system, ... }: let tests = self.packages.${system}.sops-install-secrets.tests; packages-stable = import ./default.nix { @@ -90,7 +90,43 @@ nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs; suffix-stable = suffix-version "-24_05"; in - tests // (suffix-stable tests-stable) // (suffix-stable packages-stable) + tests + // (suffix-stable tests-stable) + // (suffix-stable packages-stable) + // { + home-manager = self.legacyPackages.${system}.homeConfigurations.sops.activation-script; + } + // nixpkgs.lib.optionalAttrs pkgs.stdenv.isDarwin { + darwin-sops = + self.darwinConfigurations."sops-${pkgs.hostPlatform.darwinArch}".config.system.build.toplevel; + } + ); + + darwinConfigurations.sops-arm64 = privateInputs.nix-darwin.lib.darwinSystem { + modules = [ + ./checks/darwin.nix + #{ nixpkgs.pkgs = nixpkgs.legacyPackages.aarch64-darwin; } + { nixpkgs.hostPlatform = "aarch64-darwin"; } + ]; + }; + + darwinConfigurations.sops-x86_64 = privateInputs.nix-darwin.lib.darwinSystem { + modules = [ + ./checks/darwin.nix + { nixpkgs.hostPlatform = "x86_64-darwin"; } + ]; + }; + + legacyPackages = eachSystem ( + { pkgs, ... }: + { + homeConfigurations.sops = privateInputs.home-manager.lib.homeManagerConfiguration { + modules = [ + ./checks/home-manager.nix + ]; + inherit pkgs; + }; + } ); apps = eachSystem ( @@ -110,7 +146,7 @@ { pkgs, ... }: { unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix { }; - default = pkgs.callPackage ./shell.nix {}; + default = pkgs.callPackage ./shell.nix { }; } ); };