From 1cf93825b21580bd9ad7f7cf1884ca7539dcf146 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 24 Sep 2021 18:37:36 +0200
Subject: [PATCH] secrets: register agenix secrets automatically

---
 secrets/default.nix | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/secrets/default.nix b/secrets/default.nix
index 5baf964..ed7cae5 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -1,4 +1,4 @@
-{ inputs, lib, ... }:
+{ inputs, lib, options, ... }:
 
 with lib;
 let
@@ -30,6 +30,25 @@ throwOnCanary {
       valueType;
   };
 
+  config.age = {
+    secrets =
+      let
+        toName = removeSuffix ".age";
+        toSecret = name: _: {
+          file = ./. + "/${name}";
+          owner = mkDefault "root";
+        };
+        convertSecrets = n: v: nameValuePair (toName n) (toSecret n v);
+        secrets = import ./secrets.nix;
+      in
+      lib.mapAttrs' convertSecrets secrets;
+
+    sshKeyPaths = options.age.sshKeyPaths.default ++ [
+      # FIXME: hard-coded path, could be inexistent
+      "/home/ambroisie/.ssh/id_ed25519"
+    ];
+  };
+
   config.my.secrets = {
     acme.key = fileContents ./acme/key.env;