786af32daf
This is the result of ~100 commits to my NixOS config. Since I haven't always used `agenix-rekey`, this is another initial commit so that none of the secrets in my git history are leaked
40 lines
830 B
Nix
40 lines
830 B
Nix
{
|
|
pkgs,
|
|
inputs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
with lib; let
|
|
cfg = config.elements.secrets;
|
|
in {
|
|
imports = [
|
|
inputs.agenix.homeManagerModules.default
|
|
inputs.agenix-rekey.homeManagerModules.default
|
|
];
|
|
|
|
options = {
|
|
elements.secrets = {
|
|
rekeyPath = mkOption {
|
|
type = types.str;
|
|
};
|
|
|
|
key = mkOption {
|
|
type = types.str;
|
|
};
|
|
|
|
needs = mkOption {
|
|
type = types.attrsOf (types.either types.str types.attrs);
|
|
default = {};
|
|
};
|
|
};
|
|
};
|
|
|
|
config.age =
|
|
(lib._elements.agenixRekeyConfig inputs.self cfg)
|
|
// {
|
|
identityPaths = ["${config.home.homeDirectory}/.ssh/key"];
|
|
secretsDir = "${config.home.homeDirectory}/.local/share/agenix/agenix";
|
|
secretsMountPoint = "${config.home.homeDirectory}/.local/share/agenix/agenix.d";
|
|
};
|
|
}
|