diff options
Diffstat (limited to 'modules/common/secrets.nix')
| -rw-r--r-- | modules/common/secrets.nix | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/modules/common/secrets.nix b/modules/common/secrets.nix new file mode 100644 index 0000000..03a2eeb --- /dev/null +++ b/modules/common/secrets.nix @@ -0,0 +1,30 @@ +{ + config, + inputs, + lib, + pkgs, + this, + ... +}: +with lib; +{ + imports = [ + inputs.agenix.nixosModules.default + (mkAliasOptionModule [ "secrets" ] [ + "age" + "secrets" + ]) + ]; + + config = { + age.identityPaths = + if this.isHeadful then + [ "${config.my.home}/.ssh/id_${my.ssh.type}" ] + else + map (attr: attr.path) (filter (attr: attr.type == my.ssh.type) config.services.openssh.hostKeys); + + environment.systemPackages = with pkgs; [ agenix ]; + + nixpkgs.overlays = [ inputs.agenix.overlays.default ]; + }; +} |