nix/modules/agenix.nix

# modules/agenix.nix -- encrypt secrets in nix store

{ options, config, inputs, lib, pkgs, ... }:

with builtins;
with lib;
# with lib.my;
let inherit (inputs) agenix;
    secretsDir = "${toString ../hosts}/${config.networking.hostName}/secrets";
    secretsFile = "${secretsDir}/secrets.nix";
in {
  imports = [ agenix.nixosModules.age ];
  environment.systemPackages = [ agenix.defaultPackage.x86_64-linux ];

  age = {
    secrets =
      if pathExists secretsFile
      then mapAttrs' (n: _: nameValuePair (removeSuffix ".age" n) {
        file = "${secretsDir}/${dir}/${n}";
      }) (import secretsFile)
      else {};
    identityPaths = options.age.identityPaths.default;
  };
}