32 lines
756 B
Nix
32 lines
756 B
Nix
# modules/agenix.nix -- encrypt secrets in nix store
|
|
{
|
|
options,
|
|
config,
|
|
inputs,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
with builtins;
|
|
with lib;
|
|
# with lib.my;
|
|
let
|
|
inherit (inputs) agenix;
|
|
secretsDir = "${toString ../hosts}/${config.networking.hostName}/secrets";
|
|
secretsFile = "${secretsDir}/secrets.nix";
|
|
in {
|
|
imports = [agenix.nixosModules.age];
|
|
environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
|
|
|
|
age = {
|
|
secrets =
|
|
if pathExists secretsFile
|
|
then
|
|
mapAttrs' (n: _:
|
|
nameValuePair (removeSuffix ".age" n) {
|
|
file = "${secretsDir}/${dir}/${n}";
|
|
}) (import secretsFile)
|
|
else {};
|
|
identityPaths = options.age.identityPaths.default;
|
|
};
|
|
}
|