24 lines
688 B
Nix
24 lines
688 B
Nix
# modules/agenix.nix -- encrypt secrets in nix store
|
|
|
|
{ options, config, inputs, lib, pkgs, ... }:
|
|
|
|
with builtins;
|
|
with lib;
|
|
# with lib.my;
|
|
let inherit (inputs) agenix;
|
|
secretsDir = "${toString ../hosts}/${config.networking.hostName}/secrets";
|
|
secretsFile = "${secretsDir}/secrets.nix";
|
|
in {
|
|
imports = [ agenix.nixosModules.age ];
|
|
environment.systemPackages = [ agenix.defaultPackage.x86_64-linux ];
|
|
|
|
age = {
|
|
secrets =
|
|
if pathExists secretsFile
|
|
then mapAttrs' (n: _: nameValuePair (removeSuffix ".age" n) {
|
|
file = "${secretsDir}/${dir}/${n}";
|
|
}) (import secretsFile)
|
|
else {};
|
|
identityPaths = options.age.identityPaths.default;
|
|
};
|
|
}
|