nix-config/modules/secrets/default.nix

{ inputs, lib, options, ... }:

with lib;
{
  imports = [
    inputs.agenix.nixosModules.age
  ];

  config.age = {
    secrets =
      let
        toName = removeSuffix ".age";
        toSecret = name: _: {
          file = ./. + "/${name}";
          owner = mkDefault "root";
        };
        convertSecrets = n: v: nameValuePair (toName n) (toSecret n v);
        secrets = import ./secrets.nix;
      in
      lib.mapAttrs' convertSecrets secrets;

    sshKeyPaths = options.age.sshKeyPaths.default ++ [
      # FIXME: hard-coded path, could be inexistent
      "/home/ambroisie/.ssh/id_ed25519"
    ];
  };
}
secrets: register agenix secrets automatically 2021-09-24 18:37:36 +02:00			`{ inputs, lib, options, ... }:`
secrets: do not encrypt 'default.nix' 2021-02-14 14:13:31 +01:00
			`with lib;`
secrets: remove git-crypt secrets 2021-09-25 16:36:57 +02:00			`{`
secrets: import 'agenix' module 2021-09-25 13:31:43 +02:00			`imports = [`
			`inputs.agenix.nixosModules.age`
			`];`

secrets: register agenix secrets automatically 2021-09-24 18:37:36 +02:00			`config.age = {`
			`secrets =`
			`let`
			`toName = removeSuffix ".age";`
			`toSecret = name: _: {`
			`file = ./. + "/${name}";`
			`owner = mkDefault "root";`
			`};`
			`convertSecrets = n: v: nameValuePair (toName n) (toSecret n v);`
			`secrets = import ./secrets.nix;`
			`in`
			`lib.mapAttrs' convertSecrets secrets;`

			`sshKeyPaths = options.age.sshKeyPaths.default ++ [`
			`# FIXME: hard-coded path, could be inexistent`
			`"/home/ambroisie/.ssh/id_ed25519"`
			`];`
			`};`
secrets: do not encrypt 'default.nix' 2021-02-14 14:13:31 +01:00			`}`